Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
VajVW1leCd.exe

Overview

General Information

Sample name:VajVW1leCd.exe
renamed because original name is a hash value
Original sample name:890d824cd79fe9a86ded6b64ed799ad7.exe
Analysis ID:1578920
MD5:890d824cd79fe9a86ded6b64ed799ad7
SHA1:ad60b467cee30245b352715f4694cabe41b83470
SHA256:c34746b5895ab129dc4875e1ecb872799ac76ecda670146ccee25ef7dbf5ca44
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Hides threads from debuggers
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Potentially malicious time measurement code found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Entry point lies outside standard sections
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • VajVW1leCd.exe (PID: 5248 cmdline: "C:\Users\user\Desktop\VajVW1leCd.exe" MD5: 890D824CD79FE9A86DED6B64ED799AD7)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: VajVW1leCd.exeReversingLabs: Detection: 65%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: VajVW1leCd.exeJoe Sandbox ML: detected
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: VajVW1leCd.exe, 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmp

System Summary

barindex
PE file contains section with special chars
Source: VajVW1leCd.exeStatic PE information: section name:
Source: VajVW1leCd.exeStatic PE information: section name: .idata
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008C681F1_2_008C681F
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_0098DAF81_2_0098DAF8
Source: VajVW1leCd.exe, 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs VajVW1leCd.exe
Source: VajVW1leCd.exe, 00000001.00000002.2383864650.00000000013DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs VajVW1leCd.exe
Source: VajVW1leCd.exeBinary or memory string: OriginalFilenamedefOff.exe. vs VajVW1leCd.exe
Source: classification engineClassification label: mal100.evad.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\VajVW1leCd.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\VajVW1leCd.exe.logJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeMutant created: NULL
Source: C:\Users\user\Desktop\VajVW1leCd.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: VajVW1leCd.exeReversingLabs: Detection: 65%
Source: VajVW1leCd.exeString found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: VajVW1leCd.exeString found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: VajVW1leCd.exeString found in binary or memory: 3The file %s is missing. Please, re-install this applicationFDS_WL_
Source: C:\Users\user\Desktop\VajVW1leCd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeSection loaded: sspicli.dllJump to behavior
Source: VajVW1leCd.exeStatic file information: File size 2807808 > 1048576
Source: VajVW1leCd.exeStatic PE information: Raw size of fmcmtssr is bigger than: 0x100000 < 0x2a4a00
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: VajVW1leCd.exe, 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmp

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\VajVW1leCd.exeUnpacked PE file: 1.2.VajVW1leCd.exe.730000.0.unpack :EW;.rsrc:W;.idata :W;fmcmtssr:EW;lelicmed:EW;.taggant:EW; vs :ER;.rsrc:W;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: VajVW1leCd.exeStatic PE information: real checksum: 0x2b252e should be: 0x2ba8e7
Source: VajVW1leCd.exeStatic PE information: section name:
Source: VajVW1leCd.exeStatic PE information: section name: .idata
Source: VajVW1leCd.exeStatic PE information: section name: fmcmtssr
Source: VajVW1leCd.exeStatic PE information: section name: lelicmed
Source: VajVW1leCd.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008BA3F0 push eax; mov dword ptr [esp], 7DABD900h1_2_008BA437
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008BA3F0 push ebp; mov dword ptr [esp], esi1_2_008BA465
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008C681F push edi; mov dword ptr [esp], ebp1_2_008C7C9C
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008C681F push esi; mov dword ptr [esp], 5E281B60h1_2_008C8D3F
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008BDAD8 push edi; ret 1_2_008BDEE7
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_0073EAAB push ebx; mov dword ptr [esp], 6E53E1A7h1_2_0073F0AA
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008BDD15 push edi; ret 1_2_008BDEE7
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_0073D078 push 5217779Ah; mov dword ptr [esp], ecx1_2_0073D088
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008C6087 push esi; mov dword ptr [esp], 00000004h1_2_008C608B
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_009CE0B0 push ebp; mov dword ptr [esp], ecx1_2_009CE0D6
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008C20B5 push 43828810h; mov dword ptr [esp], ebp1_2_008C20C1
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_0073D023 push ecx; mov dword ptr [esp], 29DF7BB4h1_2_0073D024
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_0073D023 push edi; mov dword ptr [esp], esi1_2_0073D049
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_009C70FA push ebp; mov dword ptr [esp], edi1_2_009C70FE
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_0073D014 push 30E201C4h; mov dword ptr [esp], ecx1_2_0073D22D
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008C60FD push 33A91558h; mov dword ptr [esp], esp1_2_008C7BED
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008C60FD push ebp; mov dword ptr [esp], eax1_2_008C9ACA
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008CB00D push edi; mov dword ptr [esp], ebx1_2_008CB015
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008CB00D push ebp; mov dword ptr [esp], ebx1_2_008CB0DC
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008B7001 push 45104631h; mov dword ptr [esp], esi1_2_008B738F
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_0073D0FF push edx; mov dword ptr [esp], 18A8981Dh1_2_0073D775
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008CB000 push edi; mov dword ptr [esp], esp1_2_008CB255
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008CB025 push edi; mov dword ptr [esp], esp1_2_008CB255
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_0073C0C7 push 59848C60h; mov dword ptr [esp], ecx1_2_0073C79C
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008BE05C push eax; ret 1_2_008BE06B
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008C907D push ebx; mov dword ptr [esp], esi1_2_008C90C9
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008C3072 push edi; mov dword ptr [esp], ebx1_2_008C32E9
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008C3072 push esi; mov dword ptr [esp], ebp1_2_008C3347
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008C3072 push eax; mov dword ptr [esp], ecx1_2_008C33AB
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008C7184 push 4F85EAB2h; mov dword ptr [esp], eax1_2_008C996F
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008CB183 push edi; mov dword ptr [esp], eax1_2_008CB184

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\VajVW1leCd.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\VajVW1leCd.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BA109 second address: 8BA10F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BA10F second address: 8BA120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F4ED15EA5D6h 0x0000000a jbe 00007F4ED15EA5D6h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BA120 second address: 8BA126 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BA126 second address: 8BA12C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BA28B second address: 8BA28F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BA28F second address: 8BA2AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007F4ED15EA5D6h 0x00000010 jmp 00007F4ED15EA5DFh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BA2AE second address: 8BA2C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED160361Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BA2C0 second address: 8BA2C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BA417 second address: 8BA428 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4ED160361Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BA428 second address: 8BA42C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BA8DB second address: 8BA8E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BA8E6 second address: 8BA8F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F4ED15EA5D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BA8F0 second address: 8BA905 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED160361Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BA905 second address: 8BA918 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4ED15EA5DEh 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BA918 second address: 8BA91D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BDA84 second address: 8BDA9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4ED15EA5E2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BDA9A second address: 8BDAE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 21CF0C06h 0x0000000f sub edi, dword ptr [ebp+122D2C90h] 0x00000015 lea ebx, dword ptr [ebp+124538EBh] 0x0000001b push edx 0x0000001c jmp 00007F4ED1603627h 0x00000021 pop esi 0x00000022 call 00007F4ED160361Ah 0x00000027 jnc 00007F4ED1603617h 0x0000002d pop edi 0x0000002e xchg eax, ebx 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BDAE6 second address: 8BDAED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BDAED second address: 8BDAF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BDBA6 second address: 8BDBBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jc 00007F4ED15EA5EAh 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BDBBE second address: 8BDBF1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED160361Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d ja 00007F4ED160362Fh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BDBF1 second address: 8BDC80 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4ED15EA5E8h 0x00000008 jmp 00007F4ED15EA5E2h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 jmp 00007F4ED15EA5DDh 0x00000018 pop eax 0x00000019 push 00000000h 0x0000001b push edx 0x0000001c call 00007F4ED15EA5D8h 0x00000021 pop edx 0x00000022 mov dword ptr [esp+04h], edx 0x00000026 add dword ptr [esp+04h], 0000001Dh 0x0000002e inc edx 0x0000002f push edx 0x00000030 ret 0x00000031 pop edx 0x00000032 ret 0x00000033 mov dword ptr [ebp+122D31C9h], ebx 0x00000039 push 00000003h 0x0000003b mov edi, dword ptr [ebp+122D1EBFh] 0x00000041 js 00007F4ED15EA5D9h 0x00000047 mov si, bx 0x0000004a push 00000000h 0x0000004c xor ecx, dword ptr [ebp+122D1E8Ah] 0x00000052 push 00000003h 0x00000054 jmp 00007F4ED15EA5E1h 0x00000059 push 45E14442h 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BDC80 second address: 8BDC87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BDC87 second address: 8BDCBB instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4ED15EA5D8h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c add dword ptr [esp], 7A1EBBBEh 0x00000013 mov dword ptr [ebp+122D22F8h], edi 0x00000019 lea ebx, dword ptr [ebp+124538F4h] 0x0000001f sub ecx, 15DE6BDDh 0x00000025 xchg eax, ebx 0x00000026 push eax 0x00000027 push edx 0x00000028 jno 00007F4ED15EA5DCh 0x0000002e rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BDCBB second address: 8BDCC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BDCC1 second address: 8BDCE4 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4ED15EA5D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F4ED15EA5E2h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BDCE4 second address: 8BDCEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8BDCEA second address: 8BDCEF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8DE032 second address: 8DE037 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8DE037 second address: 8DE03F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8AC957 second address: 8AC95B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8DC095 second address: 8DC099 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8DC1FD second address: 8DC221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F4ED1603616h 0x0000000a jmp 00007F4ED1603628h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8DC221 second address: 8DC22A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8DC22A second address: 8DC22E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8DC22E second address: 8DC234 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8DC234 second address: 8DC272 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED1603627h 0x00000007 pushad 0x00000008 jl 00007F4ED1603616h 0x0000000e jmp 00007F4ED1603620h 0x00000013 jc 00007F4ED1603616h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8DC272 second address: 8DC28C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4ED15EA5E6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8DCA7D second address: 8DCA82 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8DD836 second address: 8DD84E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F4ED15EA5DCh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8DDAE8 second address: 8DDAF8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007F4ED1603616h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8DDAF8 second address: 8DDB1A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED15EA5E3h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c ja 00007F4ED15EA5D6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8DDE69 second address: 8DDE6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8DDE6D second address: 8DDE7C instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4ED15EA5D6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8DDE7C second address: 8DDE8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F4ED1603616h 0x0000000a jl 00007F4ED1603616h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8DDE8D second address: 8DDEEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED15EA5E9h 0x00000007 jmp 00007F4ED15EA5DEh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jng 00007F4ED15EA5F1h 0x00000016 pushad 0x00000017 jmp 00007F4ED15EA5DDh 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8E26EA second address: 8E26EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8E1CD8 second address: 8E1CDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8E2DD4 second address: 8E2DEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4ED1603622h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8E2F32 second address: 8E2F38 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8E2F38 second address: 8E2F42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F4ED1603616h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8E407B second address: 8E408F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e jno 00007F4ED15EA5D6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8E408F second address: 8E4093 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8E4093 second address: 8E4099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8E7926 second address: 8E792A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8E792A second address: 8E7930 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8E7930 second address: 8E7936 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8E7936 second address: 8E793B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8E7BF2 second address: 8E7BF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8E7BF8 second address: 8E7BFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8E7FF3 second address: 8E8028 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F4ED160361Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnl 00007F4ED1603631h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8E8028 second address: 8E8032 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F4ED15EA5D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8E8032 second address: 8E803C instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4ED1603616h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8E8193 second address: 8E819F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8E819F second address: 8E81A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EB6B3 second address: 8EB6B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EBC1D second address: 8EBC21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EC623 second address: 8EC62A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EC62A second address: 8EC630 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EC6E4 second address: 8EC6F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F4ED15EA5D6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F4ED15EA5D6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EC6F7 second address: 8EC71D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED1603624h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4ED160361Ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EC7B6 second address: 8EC7D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4ED15EA5E8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EC84F second address: 8EC874 instructions: 0x00000000 rdtsc 0x00000002 je 00007F4ED1603616h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c pushad 0x0000000d stc 0x0000000e push ebx 0x0000000f mov edi, 634C4DE0h 0x00000014 pop ecx 0x00000015 popad 0x00000016 xchg eax, ebx 0x00000017 jo 00007F4ED1603624h 0x0000001d push eax 0x0000001e push edx 0x0000001f jbe 00007F4ED1603616h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EC874 second address: 8EC890 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F4ED15EA5E3h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EC890 second address: 8EC89A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F4ED1603616h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8ED6C6 second address: 8ED6CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EF5CF second address: 8EF5D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F4ED1603616h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EF5D9 second address: 8EF5DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EF5DD second address: 8EF61A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007F4ED160361Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F4ED1603623h 0x00000016 jmp 00007F4ED1603623h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EFCE9 second address: 8EFCF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jl 00007F4ED15EA5D6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8F1ED2 second address: 8F1ED6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8F1ED6 second address: 8F1EEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007F4ED15EA5D8h 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8F1EEC second address: 8F1EF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8F1EF0 second address: 8F1EF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8F1EF4 second address: 8F1EFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8F1EFA second address: 8F1F04 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4ED15EA5DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8F31BA second address: 8F31C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8F31C3 second address: 8F31C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8F31C7 second address: 8F31DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED160361Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8F3BAF second address: 8F3BC2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jnp 00007F4ED15EA5D6h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8F509A second address: 8F50A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F4ED1603616h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8F3BC2 second address: 8F3BC9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8F50A5 second address: 8F50BB instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4ED1603618h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007F4ED1603616h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8F7004 second address: 8F7021 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4ED15EA5E9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8F6130 second address: 8F6134 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8F50BB second address: 8F50BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8F7021 second address: 8F7038 instructions: 0x00000000 rdtsc 0x00000002 je 00007F4ED1603616h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jl 00007F4ED1603618h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8F8093 second address: 8F809C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8F7224 second address: 8F722A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8F722A second address: 8F72A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED15EA5E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e or ebx, dword ptr [ebp+12457C0Ah] 0x00000014 mov ebx, dword ptr [ebp+1245D9BEh] 0x0000001a push dword ptr fs:[00000000h] 0x00000021 sub bh, 00000011h 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b push 00000000h 0x0000002d push edx 0x0000002e call 00007F4ED15EA5D8h 0x00000033 pop edx 0x00000034 mov dword ptr [esp+04h], edx 0x00000038 add dword ptr [esp+04h], 00000016h 0x00000040 inc edx 0x00000041 push edx 0x00000042 ret 0x00000043 pop edx 0x00000044 ret 0x00000045 mov eax, dword ptr [ebp+122D006Dh] 0x0000004b movzx edi, bx 0x0000004e push FFFFFFFFh 0x00000050 mov edi, dword ptr [ebp+122D20DEh] 0x00000056 movzx edi, dx 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c push ecx 0x0000005d pushad 0x0000005e popad 0x0000005f pop ecx 0x00000060 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8F826B second address: 8F826F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8F8376 second address: 8F837C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8FA17F second address: 8FA20D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED160361Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F4ED160361Ch 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push edi 0x00000017 call 00007F4ED1603618h 0x0000001c pop edi 0x0000001d mov dword ptr [esp+04h], edi 0x00000021 add dword ptr [esp+04h], 0000001Ah 0x00000029 inc edi 0x0000002a push edi 0x0000002b ret 0x0000002c pop edi 0x0000002d ret 0x0000002e jmp 00007F4ED160361Ah 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push edx 0x00000038 call 00007F4ED1603618h 0x0000003d pop edx 0x0000003e mov dword ptr [esp+04h], edx 0x00000042 add dword ptr [esp+04h], 00000014h 0x0000004a inc edx 0x0000004b push edx 0x0000004c ret 0x0000004d pop edx 0x0000004e ret 0x0000004f sub bh, 00000054h 0x00000052 sub di, 4C5Bh 0x00000057 push eax 0x00000058 jng 00007F4ED1603635h 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007F4ED160361Fh 0x00000065 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8FC427 second address: 8FC431 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4ED15EA5DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 90213D second address: 902142 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 902142 second address: 902148 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 902148 second address: 902155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007F4ED1603616h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9026B7 second address: 9026EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 jmp 00007F4ED15EA5E8h 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 pushad 0x00000011 jo 00007F4ED15EA5DCh 0x00000017 jl 00007F4ED15EA5D6h 0x0000001d jc 00007F4ED15EA5DCh 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9026EF second address: 902735 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 call 00007F4ED1603622h 0x0000000b clc 0x0000000c pop edi 0x0000000d push 00000000h 0x0000000f mov edi, dword ptr [ebp+122D1FD8h] 0x00000015 mov dword ptr [ebp+12457C21h], esi 0x0000001b push 00000000h 0x0000001d jmp 00007F4ED1603626h 0x00000022 xchg eax, esi 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 902735 second address: 902739 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 903800 second address: 903812 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b jl 00007F4ED1603616h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 902975 second address: 90297B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 90297B second address: 902980 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 902980 second address: 902995 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4ED15EA5E1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 902995 second address: 902999 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 90ECFD second address: 90ED03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 90ED03 second address: 90ED07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 90E4CA second address: 90E4D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 91FD01 second address: 91FD3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4ED1603628h 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F4ED1603624h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 921486 second address: 92148A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8AE433 second address: 8AE437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9254A0 second address: 9254AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F4ED15EA5D6h 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92576A second address: 925770 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 925FF3 second address: 925FF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92E8A1 second address: 92E8C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED1603623h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007F4ED160361Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92E8C2 second address: 92E8FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F4ED15EA5E9h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4ED15EA5E3h 0x00000013 jg 00007F4ED15EA5D6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92E8FD second address: 92E919 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F4ED1603626h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92E919 second address: 92E91F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92EA7C second address: 92EA82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92EE45 second address: 92EE49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92EE49 second address: 92EEBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4ED1603625h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e js 00007F4ED1603616h 0x00000014 jmp 00007F4ED1603627h 0x00000019 popad 0x0000001a push ecx 0x0000001b jmp 00007F4ED1603624h 0x00000020 pop ecx 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 jc 00007F4ED1603616h 0x0000002c jmp 00007F4ED1603628h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92EEBE second address: 92EEC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92EEC2 second address: 92EED6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4ED160361Eh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92EED6 second address: 92EEED instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F4ED15EA5E2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92F347 second address: 92F365 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007F4ED1603624h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92F365 second address: 92F38C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4ED15EA5D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jmp 00007F4ED15EA5E9h 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92F916 second address: 92F91C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92F91C second address: 92F921 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92F921 second address: 92F92C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edi 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92F92C second address: 92F935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8D33F5 second address: 8D3417 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4ED1603616h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jo 00007F4ED1603616h 0x00000013 jmp 00007F4ED160361Eh 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8B1C02 second address: 8B1C0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92E5AD second address: 92E5BD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 je 00007F4ED1603616h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92E5BD second address: 92E5C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92E5C3 second address: 92E5C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92E5C7 second address: 92E5CD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92E5CD second address: 92E5E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4ED1603622h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92E5E5 second address: 92E5F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 92E5F1 second address: 92E5F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9344A9 second address: 9344D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F4ED15EA5E5h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4ED15EA5E1h 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9344D8 second address: 934519 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F4ED1603622h 0x00000013 pop edi 0x00000014 jne 00007F4ED1603630h 0x0000001a jmp 00007F4ED1603628h 0x0000001f push edi 0x00000020 pop edi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 934519 second address: 93452D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F4ED15EA5DFh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 93452D second address: 93453A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jc 00007F4ED160361Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 934673 second address: 934693 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 ja 00007F4ED15EA5D6h 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop esi 0x0000000c jmp 00007F4ED15EA5DEh 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push ecx 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 934693 second address: 934699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 934699 second address: 93469F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9349DF second address: 9349E5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 934B7E second address: 934B86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 934B86 second address: 934B8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 934B8B second address: 934B96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F4ED15EA5D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 935413 second address: 935435 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4ED1603616h 0x00000008 js 00007F4ED1603616h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jnc 00007F4ED1603622h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8E9F88 second address: 8D28EF instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4ED15EA5DCh 0x00000008 jnl 00007F4ED15EA5D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jmp 00007F4ED15EA5DDh 0x00000016 nop 0x00000017 jmp 00007F4ED15EA5DDh 0x0000001c call dword ptr [ebp+12465091h] 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EA40F second address: 8EA41C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EA41C second address: 8EA42A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jng 00007F4ED15EA5D6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EA4C5 second address: 8EA4CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F4ED1603616h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EA4CF second address: 8EA4D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EA696 second address: 8EA6A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F4ED1603616h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EA6A1 second address: 8EA6AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EA6AE second address: 8EA6B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EA6B2 second address: 8EA6E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED15EA5DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a xchg eax, esi 0x0000000b mov edx, dword ptr [ebp+122D1D32h] 0x00000011 nop 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F4ED15EA5E7h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EA6E7 second address: 8EA6ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EA815 second address: 8EA81A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EA9E5 second address: 8EAA47 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED1603621h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c sub dword ptr [ebp+122D1E8Ah], esi 0x00000012 push 00000004h 0x00000014 push 00000000h 0x00000016 push ecx 0x00000017 call 00007F4ED1603618h 0x0000001c pop ecx 0x0000001d mov dword ptr [esp+04h], ecx 0x00000021 add dword ptr [esp+04h], 0000001Bh 0x00000029 inc ecx 0x0000002a push ecx 0x0000002b ret 0x0000002c pop ecx 0x0000002d ret 0x0000002e jmp 00007F4ED1603629h 0x00000033 push eax 0x00000034 push ebx 0x00000035 push eax 0x00000036 push edx 0x00000037 push ebx 0x00000038 pop ebx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EB139 second address: 8EB147 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F4ED15EA5D6h 0x0000000a popad 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EB147 second address: 8EB18C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 pushad 0x00000009 jmp 00007F4ED1603623h 0x0000000e jmp 00007F4ED160361Dh 0x00000013 popad 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 pushad 0x00000019 pushad 0x0000001a push eax 0x0000001b pop eax 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f pushad 0x00000020 jmp 00007F4ED160361Dh 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EB237 second address: 8EB28A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4ED15EA5DCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F4ED15EA5D8h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 lea eax, dword ptr [ebp+1247FD3Bh] 0x0000002d mov cx, DD00h 0x00000031 push eax 0x00000032 push eax 0x00000033 push edx 0x00000034 je 00007F4ED15EA5E1h 0x0000003a jmp 00007F4ED15EA5DBh 0x0000003f rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EB28A second address: 8EB28F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EB28F second address: 8EB295 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EB295 second address: 8EB2EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007F4ED1603618h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 lea eax, dword ptr [ebp+1247FCF7h] 0x0000002a push 00000000h 0x0000002c push ebx 0x0000002d call 00007F4ED1603618h 0x00000032 pop ebx 0x00000033 mov dword ptr [esp+04h], ebx 0x00000037 add dword ptr [esp+04h], 00000015h 0x0000003f inc ebx 0x00000040 push ebx 0x00000041 ret 0x00000042 pop ebx 0x00000043 ret 0x00000044 nop 0x00000045 push eax 0x00000046 push edx 0x00000047 jo 00007F4ED1603618h 0x0000004d push esi 0x0000004e pop esi 0x0000004f rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EB2EC second address: 8EB30C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED15EA5E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007F4ED15EA5D8h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EB30C second address: 8EB311 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EB311 second address: 8EB317 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EB317 second address: 8D33F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 mov edi, 733F8454h 0x0000000d call dword ptr [ebp+1244D4B3h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 ja 00007F4ED1603616h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 938E1D second address: 938E27 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4ED15EA5D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 938F9F second address: 938FBD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED160361Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F4ED160361Ch 0x0000000e rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 939123 second address: 939129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 939129 second address: 93914D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4ED1603622h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4ED160361Bh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 93914D second address: 93915D instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4ED15EA5D6h 0x00000008 jnp 00007F4ED15EA5D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 93915D second address: 939162 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 939162 second address: 93916A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9393FF second address: 939406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 939406 second address: 939417 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4ED15EA5DCh 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 939417 second address: 939464 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED1603629h 0x00000007 jnp 00007F4ED1603627h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edi 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push esi 0x00000014 pop esi 0x00000015 jmp 00007F4ED1603621h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 939587 second address: 93958C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 93958C second address: 939598 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F4ED1603616h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 93CFDD second address: 93CFEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4ED15EA5DDh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 93CFEF second address: 93CFFE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F4ED160361Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 93CFFE second address: 93D010 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esi 0x00000008 jc 00007F4ED15EA5DEh 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 940E7F second address: 940E86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 940E86 second address: 940EAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4ED15EA5E7h 0x00000009 popad 0x0000000a ja 00007F4ED15EA5E2h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 948F5A second address: 948F5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 948305 second address: 948309 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 948309 second address: 94833D instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4ED1603616h 0x00000008 jmp 00007F4ED1603620h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jp 00007F4ED1603618h 0x00000015 pushad 0x00000016 popad 0x00000017 jng 00007F4ED160361Ch 0x0000001d popad 0x0000001e push edi 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 94833D second address: 948341 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 948341 second address: 948345 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 94860F second address: 948615 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 948615 second address: 94861F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4ED1603616h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9487CF second address: 948804 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED15EA5E4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4ED15EA5E7h 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 948804 second address: 948813 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED160361Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 948ABC second address: 948AC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 948AC0 second address: 948AC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 948AC4 second address: 948ACA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 948ACA second address: 948AD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 948AD0 second address: 948ADA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4ED15EA5E2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 948ADA second address: 948AE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 94B6EF second address: 94B724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4ED15EA5DFh 0x00000009 popad 0x0000000a jmp 00007F4ED15EA5DEh 0x0000000f push ebx 0x00000010 jnp 00007F4ED15EA5D6h 0x00000016 pop ebx 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a je 00007F4ED15EA5D8h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 94B724 second address: 94B73C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F4ED1603616h 0x00000009 jl 00007F4ED1603616h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push esi 0x00000015 pop esi 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 94B877 second address: 94B881 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 94BCB6 second address: 94BCF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED160361Fh 0x00000007 jmp 00007F4ED1603624h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007F4ED160361Eh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 94BCF0 second address: 94BCF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 94BCF6 second address: 94BD05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007F4ED1603616h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 94BD05 second address: 94BD19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED15EA5E0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 94BD19 second address: 94BD21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9519EB second address: 9519FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jnp 00007F4ED15EA5D6h 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9519FA second address: 951A04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 951A04 second address: 951A0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 95035F second address: 950363 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 950363 second address: 950369 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 950938 second address: 95093C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EABE8 second address: 8EAC9A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED15EA5E6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c pushad 0x0000000d mov cl, 93h 0x0000000f mov bx, di 0x00000012 popad 0x00000013 xor dword ptr [ebp+122D22F8h], ecx 0x00000019 mov ebx, dword ptr [ebp+1247FD36h] 0x0000001f push 00000000h 0x00000021 push eax 0x00000022 call 00007F4ED15EA5D8h 0x00000027 pop eax 0x00000028 mov dword ptr [esp+04h], eax 0x0000002c add dword ptr [esp+04h], 0000001Bh 0x00000034 inc eax 0x00000035 push eax 0x00000036 ret 0x00000037 pop eax 0x00000038 ret 0x00000039 push ecx 0x0000003a mov ecx, edx 0x0000003c pop ecx 0x0000003d sbb dh, FFFFFF93h 0x00000040 add eax, ebx 0x00000042 mov ecx, dword ptr [ebp+122D2A78h] 0x00000048 push eax 0x00000049 jmp 00007F4ED15EA5E8h 0x0000004e mov dword ptr [esp], eax 0x00000051 jmp 00007F4ED15EA5E3h 0x00000056 push 00000004h 0x00000058 jmp 00007F4ED15EA5E5h 0x0000005d nop 0x0000005e push eax 0x0000005f jnp 00007F4ED15EA5DCh 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EAC9A second address: 8EACAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F4ED160361Ch 0x0000000e js 00007F4ED1603616h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 950A6E second address: 950A72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 950A72 second address: 950AC2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 js 00007F4ED1603616h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F4ED1603629h 0x00000011 jo 00007F4ED160362Ah 0x00000017 jmp 00007F4ED1603622h 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f push ecx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F4ED160361Bh 0x00000027 push esi 0x00000028 pop esi 0x00000029 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 950AC2 second address: 950ACC instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4ED15EA5D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 950C45 second address: 950C4F instructions: 0x00000000 rdtsc 0x00000002 js 00007F4ED1603616h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 950C4F second address: 950CB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F4ED15EA5E3h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f push ecx 0x00000010 jmp 00007F4ED15EA5E8h 0x00000015 jbe 00007F4ED15EA5D6h 0x0000001b pop ecx 0x0000001c pop edx 0x0000001d pop eax 0x0000001e pushad 0x0000001f jmp 00007F4ED15EA5DBh 0x00000024 js 00007F4ED15EA5E4h 0x0000002a jmp 00007F4ED15EA5DEh 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 pop eax 0x00000033 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 95170B second address: 951715 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 951715 second address: 951728 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F4ED15EA5DCh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 951728 second address: 951734 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4ED160361Eh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 951734 second address: 951742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 jng 00007F4ED15EA5D6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9597D8 second address: 9597DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9597DE second address: 9597E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9597E3 second address: 9597E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9597E9 second address: 9597ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 958169 second address: 958171 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 958171 second address: 958177 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 958F4D second address: 958F5D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jng 00007F4ED1603618h 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 958F5D second address: 958F69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jns 00007F4ED15EA5D6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 959532 second address: 95953F instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4ED1603618h 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 95DE99 second address: 95DEA9 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4ED15EA5D6h 0x00000008 jnc 00007F4ED15EA5D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 95DEA9 second address: 95DEB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 95DEB1 second address: 95DEB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8A9306 second address: 8A9316 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4ED160361Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8A9316 second address: 8A931A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 960D99 second address: 960DA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F4ED1603616h 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 961305 second address: 96130D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 96130D second address: 961320 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push ebx 0x00000008 pushad 0x00000009 popad 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007F4ED1603616h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 961479 second address: 96148B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED15EA5DEh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 96148B second address: 961496 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 961496 second address: 9614A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F4ED15EA5D6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9614A1 second address: 9614B8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F4ED160361Bh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9614B8 second address: 9614BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9614BC second address: 9614C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 961602 second address: 96163E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4ED15EA5E9h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4ED15EA5E6h 0x00000011 jbe 00007F4ED15EA5D6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 96163E second address: 961642 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 969F7C second address: 969FA7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F4ED15EA5E1h 0x00000008 jmp 00007F4ED15EA5E2h 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 969FA7 second address: 969FAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9681B9 second address: 9681BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9681BE second address: 9681C3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9681C3 second address: 9681F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4ED15EA5DFh 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4ED15EA5E4h 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9681F2 second address: 9681F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9681F8 second address: 9681FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9681FF second address: 968204 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 968204 second address: 968217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F4ED15EA5D6h 0x0000000a pop ebx 0x0000000b jbe 00007F4ED15EA5E2h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 96860E second address: 968613 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 968613 second address: 968619 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 968619 second address: 96861D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 968949 second address: 968964 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F4ED15EA5D6h 0x0000000a jmp 00007F4ED15EA5E1h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 968964 second address: 968972 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4ED1603616h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 968972 second address: 96897C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F4ED15EA5D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 968D42 second address: 968D58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F4ED160361Fh 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9695DE second address: 96960E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4ED15EA5E8h 0x00000008 pushad 0x00000009 popad 0x0000000a jl 00007F4ED15EA5D6h 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 jnc 00007F4ED15EA5D6h 0x0000001c pop eax 0x0000001d rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 96960E second address: 969618 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4ED1603622h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 969618 second address: 96961E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 969E6C second address: 969E87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b jmp 00007F4ED160361Dh 0x00000010 pushad 0x00000011 popad 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 96D1E6 second address: 96D212 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4ED15EA5D6h 0x00000008 jl 00007F4ED15EA5D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jnp 00007F4ED15EA5DAh 0x00000016 popad 0x00000017 pushad 0x00000018 jmp 00007F4ED15EA5DDh 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 96D212 second address: 96D21A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 96F600 second address: 96F605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 96F605 second address: 96F60A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 96F60A second address: 96F617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 970C88 second address: 970C8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 974D03 second address: 974D14 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED15EA5DDh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 981CCB second address: 981CD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 981CD1 second address: 981CD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9818AF second address: 9818B5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 981A15 second address: 981A19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 984705 second address: 984714 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4ED1603618h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 98414A second address: 98414E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 986B0E second address: 986B1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F4ED160361Ah 0x0000000b rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 986B1E second address: 986B36 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jo 00007F4ED15EA5D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 pop esi 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 push ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9956D0 second address: 995705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4ED1603627h 0x00000009 popad 0x0000000a jmp 00007F4ED1603625h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 995566 second address: 99556C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 99556C second address: 995572 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 99A993 second address: 99A9B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED15EA5E2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jp 00007F4ED15EA5D6h 0x00000011 jp 00007F4ED15EA5D6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 99A9B7 second address: 99A9C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED160361Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9A0522 second address: 9A0528 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9A0528 second address: 9A052F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 99F6BE second address: 99F6C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F4ED15EA5D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9A0246 second address: 9A0261 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4ED1603620h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9A0261 second address: 9A0275 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4ED15EA5D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d jng 00007F4ED15EA5D6h 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9A0275 second address: 9A027B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9A027B second address: 9A027F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9A027F second address: 9A028B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9A3CFC second address: 9A3D04 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9A3D04 second address: 9A3D16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4ED160361Ch 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9A3D16 second address: 9A3D1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9A3D1A second address: 9A3D25 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9AD2C2 second address: 9AD2CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F4ED15EA5D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9AD2CC second address: 9AD2D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9AD2D0 second address: 9AD2DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9B14F6 second address: 9B14FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9B14FC second address: 9B1506 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4ED15EA5D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9B1506 second address: 9B150C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9B137F second address: 9B1383 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9B38D7 second address: 9B38E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jng 00007F4ED1603616h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9B3735 second address: 9B3759 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F4ED15EA5D6h 0x0000000a popad 0x0000000b jmp 00007F4ED15EA5DFh 0x00000010 popad 0x00000011 pushad 0x00000012 push esi 0x00000013 pushad 0x00000014 popad 0x00000015 pop esi 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9B3759 second address: 9B375D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9C6D29 second address: 9C6D2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9C6EA9 second address: 9C6EAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9C88B6 second address: 9C88C0 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4ED15EA5DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9CB69E second address: 9CB6A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9CB9D2 second address: 9CB9D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9CB9D6 second address: 9CB9E0 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4ED1603616h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9CBB21 second address: 9CBB25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9CBB25 second address: 9CBB2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9CCBB7 second address: 9CCC07 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4ED15EA5E2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jmp 00007F4ED15EA5DCh 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 jmp 00007F4ED15EA5DCh 0x00000017 jmp 00007F4ED15EA5E7h 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 9CCC07 second address: 9CCC0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EE099 second address: 8EE0BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4ED15EA5E6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\VajVW1leCd.exeRDTSC instruction interceptor: First address: 8EE488 second address: 8EE4A7 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4ED160361Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b je 00007F4ED1603624h 0x00000011 push eax 0x00000012 push edx 0x00000013 jno 00007F4ED1603616h 0x00000019 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\VajVW1leCd.exeSpecial instruction interceptor: First address: 743A80 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\VajVW1leCd.exeMemory allocated: 54D0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeMemory allocated: 5570000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeMemory allocated: 7570000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008BA3F0 rdtsc 1_2_008BA3F0
Source: C:\Users\user\Desktop\VajVW1leCd.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exe TID: 2876Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_00917A08 GetSystemInfo,VirtualAlloc,1_2_00917A08
Source: C:\Users\user\Desktop\VajVW1leCd.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: VajVW1leCd.exe, VajVW1leCd.exe, 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: VajVW1leCd.exe, 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\VajVW1leCd.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\VajVW1leCd.exeThread information set: HideFromDebuggerJump to behavior
Potentially malicious time measurement code found
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008BDCD8 Start: 008BDCEF End: 008BDCEA1_2_008BDCD8
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\VajVW1leCd.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\VajVW1leCd.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\VajVW1leCd.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\VajVW1leCd.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\VajVW1leCd.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\VajVW1leCd.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\VajVW1leCd.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\VajVW1leCd.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\VajVW1leCd.exeFile opened: NTICE
Source: C:\Users\user\Desktop\VajVW1leCd.exeFile opened: SICE
Source: C:\Users\user\Desktop\VajVW1leCd.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\VajVW1leCd.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeCode function: 1_2_008BA3F0 rdtsc 1_2_008BA3F0
Source: C:\Users\user\Desktop\VajVW1leCd.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeMemory allocated: page read and write | page guardJump to behavior
Source: VajVW1leCd.exe, VajVW1leCd.exe, 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HOProgram Manager

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Disable Windows Defender notifications (registry)
Source: C:\Users\user\Desktop\VajVW1leCd.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1Jump to behavior
Disable Windows Defender real time protection (registry)
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableIOAVProtection 1Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableRealtimeMonitoring 1Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\NotificationsRegistry value created: DisableNotifications 1Jump to behavior
Disables Windows Defender Tamper protection
Source: C:\Users\user\Desktop\VajVW1leCd.exeRegistry value created: TamperProtection 0Jump to behavior
Modifies windows update settings
Source: C:\Users\user\Desktop\VajVW1leCd.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptionsJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdatesJump to behavior
Source: C:\Users\user\Desktop\VajVW1leCd.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocationsJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping641
Security Software Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		41
Disable or Modify Tools		LSASS Memory2
Process Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
Bypass User Account Control		261
Virtualization/Sandbox Evasion		Security Account Manager261
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Process Injection		NTDS23
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Software Packing		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
Bypass User Account Control		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
VajVW1leCd.exe66%ReversingLabsWin32.Spyware.Lummastealer
VajVW1leCd.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0035.t-0009.t-msedge.net
13.107.246.63
truefalse
    		high

    World Map of Contacted IPs

    No contacted IP infos

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1578920
    Start date and time:2024-12-20 16:39:43 +01:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 2m 38s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:3
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:VajVW1leCd.exe
    renamed because original name is a hash value
    Original Sample Name:890d824cd79fe9a86ded6b64ed799ad7.exe
    Detection:MAL
    Classification:mal100.evad.winEXE@1/1@0/0
    EGA Information:
    • Successful, ratio: 100%
    HCA Information:Failed
    Cookbook Comments:
    • Found application associated with file extension: .exe
    • Stop behavior analysis, all processes terminated

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
    • Excluded IPs from analysis (whitelisted): 13.107.246.63
    • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net
    • Report size getting too big, too many NtProtectVirtualMemory calls found.
    • VT rate limit hit for: VajVW1leCd.exe

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    s-part-0035.t-0009.t-msedge.net7JKssbjRDa.exeGet hashmaliciousUnknownBrowse
    • 13.107.246.63
    m21jm5y5Z5.exeGet hashmaliciousLummaCBrowse
    • 13.107.246.63
    16ebsersuX.exeGet hashmaliciousCryptbotBrowse
    • 13.107.246.63
    Qmg24kMXxU.exeGet hashmaliciousLummaC, StealcBrowse
    • 13.107.246.63
    f48jWpQ2F8.exeGet hashmaliciousLummaCBrowse
    • 13.107.246.63
    MS100384UTC.xlsGet hashmaliciousUnknownBrowse
    • 13.107.246.63
    RZnZbS97dD.exeGet hashmaliciousLummaCBrowse
    • 13.107.246.63
    Invoice Shipment.bat.exeGet hashmaliciousDarkCloudBrowse
    • 13.107.246.63
    MS100384UTC.xlsGet hashmaliciousUnknownBrowse
    • 13.107.246.63
    SWIFT.xlsGet hashmaliciousUnknownBrowse
    • 13.107.246.63

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\VajVW1leCd.exe.log

    Download File
    Process:C:\Users\user\Desktop\VajVW1leCd.exe
    File Type:CSV text
    Category:dropped
    Size (bytes):226
    Entropy (8bit):5.360398796477698
    Encrypted:false
    SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
    MD5:3A8957C6382192B71471BD14359D0B12
    SHA1:71B96C965B65A051E7E7D10F61BEBD8CCBB88587
    SHA-256:282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
    SHA-512:76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
    Malicious:true
    Reputation:high, very likely benign file
    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

    Static File Info

    General

    File type:PE32 executable (GUI) Intel 80386, for MS Windows
    Entropy (8bit):6.482429772481482
    TrID:
    • Win32 Executable (generic) a (10002005/4) 99.96%
    • Generic Win/DOS Executable (2004/3) 0.02%
    • DOS Executable Generic (2002/1) 0.02%
    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
    File name:VajVW1leCd.exe
    File size:2'807'808 bytes
    MD5:890d824cd79fe9a86ded6b64ed799ad7
    SHA1:ad60b467cee30245b352715f4694cabe41b83470
    SHA256:c34746b5895ab129dc4875e1ecb872799ac76ecda670146ccee25ef7dbf5ca44
    SHA512:2dc81a856d3b0846c4b778d6c05cc183a029a88219ff42973ef1b5b3afacb629149c80abef88b9e5dc7ab5adaaf580b73e5d2eb67687bd8563587055e6e4f15b
    SSDEEP:24576:XhhltDWpBx4hj6HJzL+uSJYCkpKtf1sOWKTLvQilJEBX15o8iQHwnj4CPWQyIpAN:SBx4hjqLdb8s8TsGGn7CPWOIxl
    TLSH:F0D54A52B50671CFD48E17799527CE826D1E03B94B2105CBAC6C74BEBDBBDC112BAC28
    File Content Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$........... +.. ...`....@.. .......................`+......%+...`................................

    File Icon

    Icon Hash:00928e8e8686b000

    Static PE Info

    General

    Entrypoint:0x6b2000
    Entrypoint Section:.taggant
    Digitally signed:false
    Imagebase:0x400000
    Subsystem:windows gui
    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE
    Time Stamp:0x652C2850 [Sun Oct 15 17:58:40 2023 UTC]
    TLS Callbacks:
    CLR (.Net) Version:
    OS Version Major:4
    OS Version Minor:0
    File Version Major:4
    File Version Minor:0
    Subsystem Version Major:4
    Subsystem Version Minor:0
    Import Hash:2eabe9054cad5152567f0699947a2c5b

    Entrypoint Preview

    Instruction
    jmp 00007F4ED05EE5FAh
    movzx ebp, byte ptr [edx]
    add byte ptr [eax], al
    add byte ptr [eax], al
    add cl, ch
    add byte ptr [eax], ah
    add byte ptr [eax], al
    add byte ptr [0000000Ah], al
    add byte ptr [eax], al
    add byte ptr [eax], dh
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], cl
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [edx], ah
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [ecx], al
    add byte ptr [eax], 00000000h
    add byte ptr [eax], al
    add byte ptr [eax], al
    adc byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    push es
    or al, byte ptr [eax]
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax+0Ah], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    push es
    add byte ptr [eax], 00000000h
    add byte ptr [eax], al
    add byte ptr [eax], al
    adc byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    push es
    or al, byte ptr [eax]
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [edi], cl
    or al, byte ptr [eax]
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [ecx], al
    add byte ptr [eax], 00000000h
    add byte ptr [eax], al
    add byte ptr [eax], al
    adc byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add eax, 0000000Ah
    add byte ptr [eax], al
    add byte ptr [eax], dh
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [edi], bl
    add byte ptr [eax+000000FEh], ah
    add byte ptr [edx], ah
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [ecx], cl
    add byte ptr [eax], 00000000h
    add byte ptr [eax], al
    add byte ptr [eax], al

    Data Directories

    NameVirtual AddressVirtual Size Is in Section
    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IMPORT0x80550x69.idata
    IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000x544.rsrc
    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
    IMAGE_DIRECTORY_ENTRY_BASERELOC0x81f80x8.idata
    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

    Sections

    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
    0x20000x40000x40000fa61d85048353a2576c0ad483d538ebFalse0.33660888671875data5.129578589029952IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .rsrc0x60000x5440x60066f1faa8706f0a4070d24696bcded2f0False0.408203125data4.460395930973943IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .idata 0x80000x20000x200ec9cb51e8cb4ea49a56ee3cf434fb69eFalse0.1484375data0.9342685949460681IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    fmcmtssr0xa0000x2a60000x2a4a00d7b8ff98150c51a66794f6299394cc7dunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    lelicmed0x2b00000x20000x4005624cc6284efc18a1508feb5e8c208e2False0.7802734375data6.128494691044446IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .taggant0x2b20000x40000x2200ddaa4e843a32f03202ecbc5ecbd92cb4False0.056410845588235295DOS executable (COM)0.682455507222843IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

    Resources

    NameRVASizeTypeLanguageCountryZLIB Complexity
    RT_VERSION0x60a00x30cdata0.42948717948717946
    RT_MANIFEST0x63ac0x198ASCII text, with CRLF line terminators0.5833333333333334

    Imports

    DLLImport
    kernel32.dlllstrcpy

    Network Behavior

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Dec 20, 2024 16:40:43.096771002 CET1.1.1.1192.168.2.60xa1d7No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
    Dec 20, 2024 16:40:43.096771002 CET1.1.1.1192.168.2.60xa1d7No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false

    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    High Level Behavior Distribution

    Click to dive into process behavior distribution

    System Behavior

    General

    Target ID:1
    Start time:10:40:44
    Start date:20/12/2024
    Path:C:\Users\user\Desktop\VajVW1leCd.exe
    Wow64 process (32bit):true
    Commandline:"C:\Users\user\Desktop\VajVW1leCd.exe"
    Imagebase:0x730000
    File size:2'807'808 bytes
    MD5 hash:890D824CD79FE9A86DED6B64ED799AD7
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:true

    Disassembly

    Reset < >

      Execution Graph

      Execution Coverage:5.1%
      Dynamic/Decrypted Code Coverage:4.9%
      Signature Coverage:6.5%
      Total number of Nodes:247
      Total number of Limit Nodes:15
      execution_graph 7167 55210f0 7168 5521131 7167->7168 7171 912e52 7168->7171 7169 5521151 7179 9100fe GetCurrentThreadId 7171->7179 7173 912e5e 7174 912e87 7173->7174 7175 912e77 7173->7175 7177 912e8c CloseHandle 7174->7177 7183 911f3e 7175->7183 7178 912e7d 7177->7178 7178->7169 7180 910116 7179->7180 7181 91015d 7180->7181 7182 91014c Sleep 7180->7182 7181->7173 7182->7180 7186 90ffa9 7183->7186 7187 90ffbf 7186->7187 7188 90ffd9 7187->7188 7190 90ff8d 7187->7190 7188->7178 7193 911f17 CloseHandle 7190->7193 7192 90ff9d 7192->7188 7194 911f2b 7193->7194 7194->7192 7195 5521510 7196 5521558 ControlService 7195->7196 7197 552158f 7196->7197 7198 911bd2 7200 911bde 7198->7200 7201 911bf7 7200->7201 7206 911c4a 7201->7206 7207 911a95 7201->7207 7209 911aa4 7207->7209 7210 9100fe 2 API calls 7209->7210 7211 911ab0 7210->7211 7212 911ac0 7211->7212 7213 911b9f 7211->7213 7214 911b22 GetFullPathNameA 7212->7214 7215 911ad4 GetModuleFileNameA 7212->7215 7216 911ba4 GetModuleFileNameA 7213->7216 7218 911b43 7214->7218 7217 911af3 7215->7217 7216->7218 7217->7218 7219 911915 7222 91175d 7219->7222 7225 9117c4 7222->7225 7227 9117d1 7225->7227 7228 9117e7 7227->7228 7229 9100fe 2 API calls 7228->7229 7237 9117ef 7228->7237 7234 911811 7229->7234 7230 9118bc 7262 9115fc 7230->7262 7231 9118cf 7232 9118d9 LoadLibraryExW 7231->7232 7233 9118ed LoadLibraryExA 7231->7233 7241 911893 7232->7241 7233->7241 7242 910810 7234->7242 7237->7230 7237->7231 7239 911850 7246 91113c 7239->7246 7243 910821 7242->7243 7244 91085e 7242->7244 7243->7244 7266 9106b1 7243->7266 7244->7237 7244->7239 7247 911162 7246->7247 7248 911158 7246->7248 7286 91098f 7247->7286 7248->7241 7255 9111b2 7256 9111df 7255->7256 7261 911217 7255->7261 7296 910b6d 7255->7296 7300 910e08 7256->7300 7259 9111ea 7259->7261 7305 910d7f 7259->7305 7261->7248 7309 91194e 7261->7309 7263 911607 7262->7263 7264 911617 7263->7264 7265 911628 LoadLibraryExA 7263->7265 7264->7241 7265->7264 7267 9106de 7266->7267 7268 91070c PathAddExtensionA 7267->7268 7269 910727 7267->7269 7276 9107e4 7267->7276 7268->7269 7272 910749 7269->7272 7278 910352 7269->7278 7271 910792 7273 9107bb 7271->7273 7275 910352 lstrcmpiA 7271->7275 7271->7276 7272->7271 7274 910352 lstrcmpiA 7272->7274 7272->7276 7273->7276 7277 910352 lstrcmpiA 7273->7277 7274->7271 7275->7273 7276->7243 7277->7276 7279 910370 7278->7279 7280 910387 7279->7280 7282 9102cf 7279->7282 7280->7272 7283 9102fa 7282->7283 7284 91032c lstrcmpiA 7283->7284 7285 910342 7283->7285 7284->7285 7285->7280 7287 9109ab 7286->7287 7288 910a04 7286->7288 7287->7288 7289 9109db VirtualAlloc 7287->7289 7288->7248 7290 910a35 VirtualAlloc 7288->7290 7289->7288 7291 910a7a 7290->7291 7291->7261 7292 910ab2 7291->7292 7293 910ada 7292->7293 7294 910b51 7293->7294 7295 910af3 VirtualAlloc 7293->7295 7294->7255 7295->7293 7295->7294 7298 910b8d 7296->7298 7299 910b88 7296->7299 7297 910bc0 lstrcmpiA 7297->7298 7297->7299 7298->7297 7298->7299 7299->7256 7302 910f14 7300->7302 7304 910e35 7300->7304 7302->7259 7304->7302 7311 91091a 7304->7311 7319 911a2b 7304->7319 7306 910da8 7305->7306 7307 910de9 7306->7307 7308 910dc0 VirtualProtect 7306->7308 7307->7261 7308->7306 7308->7307 7345 91195a 7309->7345 7312 91175d 16 API calls 7311->7312 7314 91092d 7312->7314 7313 910973 7313->7304 7314->7313 7315 91097f 7314->7315 7317 910956 7314->7317 7316 91194e 3 API calls 7315->7316 7316->7313 7317->7313 7318 91194e 3 API calls 7317->7318 7318->7313 7321 911a34 7319->7321 7322 911a43 7321->7322 7323 911a4b 7322->7323 7325 9100fe 2 API calls 7322->7325 7324 911a78 GetProcAddress 7323->7324 7330 911a6e 7324->7330 7326 911a55 7325->7326 7327 911a73 7326->7327 7328 911a65 7326->7328 7327->7324 7331 91148c 7328->7331 7332 911578 7331->7332 7333 9114ab 7331->7333 7332->7330 7333->7332 7334 9114e8 lstrcmpiA 7333->7334 7335 911512 7333->7335 7334->7333 7334->7335 7335->7332 7337 9113d5 7335->7337 7338 9113e6 7337->7338 7339 911416 lstrcpyn 7338->7339 7344 911471 7338->7344 7341 911432 7339->7341 7339->7344 7340 91091a 15 API calls 7342 911460 7340->7342 7341->7340 7341->7344 7343 911a2b 15 API calls 7342->7343 7342->7344 7343->7344 7344->7332 7346 911969 7345->7346 7347 911971 7346->7347 7348 9100fe 2 API calls 7346->7348 7349 9119bf FreeLibrary 7347->7349 7350 91197b 7348->7350 7351 9119a6 7349->7351 7350->7347 7352 91198b 7350->7352 7354 91133c 7352->7354 7355 91139f 7354->7355 7356 91135f 7354->7356 7355->7351 7356->7355 7358 90fef8 7356->7358 7360 90ff01 7358->7360 7359 90ff19 7359->7355 7360->7359 7362 90fedf 7360->7362 7363 91194e 3 API calls 7362->7363 7364 90feec 7363->7364 7364->7360 7365 8bdeae 7366 8bde3e 7365->7366 7367 8bde77 CreateFileA 7366->7367 7368 8bdeb5 7366->7368 7369 911936 7372 911776 7369->7372 7374 911782 7372->7374 7375 911797 7374->7375 7376 9117c4 16 API calls 7375->7376 7377 9117b5 7375->7377 7376->7377 7378 8bdb6c 7381 8bdb1a 7378->7381 7379 8bdb1f CreateFileA 7380 8bdec1 7379->7380 7379->7381 7381->7379 7382 8bdb7f 7381->7382 7383 912838 7384 91284f 7383->7384 7385 9128b8 CreateFileA 7384->7385 7386 91294c 7384->7386 7387 9128fd 7385->7387 7387->7386 7388 911f17 CloseHandle 7387->7388 7388->7386 7389 911dc0 7390 9100fe 2 API calls 7389->7390 7391 911dcc 7390->7391 7392 911dea 7391->7392 7393 910810 2 API calls 7391->7393 7394 911e1b GetModuleHandleExA 7392->7394 7395 911df2 7392->7395 7393->7392 7394->7395 7396 8c681f 7397 8c7c91 LoadLibraryA 7396->7397 7399 73eaab 7400 73f096 VirtualAlloc 7399->7400 7401 73f159 7400->7401 7402 917a08 GetSystemInfo 7403 917a66 VirtualAlloc 7402->7403 7404 917a28 7402->7404 7415 917d54 7403->7415 7404->7403 7406 917aad 7407 917d54 VirtualAlloc 7406->7407 7414 917b46 7406->7414 7408 917ad7 7407->7408 7409 917d54 VirtualAlloc 7408->7409 7408->7414 7410 917b01 7409->7410 7411 917d54 VirtualAlloc 7410->7411 7410->7414 7412 917b2b 7411->7412 7413 917d54 VirtualAlloc 7412->7413 7412->7414 7413->7414 7417 917d5c 7415->7417 7418 917d70 7417->7418 7421 917dab 7418->7421 7422 917da7 7421->7422 7423 917dbc VirtualAlloc 7421->7423 7423->7422 7424 5520d48 7425 5520d93 OpenSCManagerW 7424->7425 7427 5520ddc 7425->7427 7428 911a2b 7429 911a34 16 API calls 7428->7429 7430 5521308 7431 5521349 ImpersonateLoggedOnUser 7430->7431 7432 5521376 7431->7432 7433 8ba3f0 LoadLibraryA 7434 8ba40a 7433->7434 7434->7434 7435 91268d 7436 9126ab 7435->7436 7437 912815 7436->7437 7443 912054 7436->7443 7439 91280a 7440 912e49 4 API calls 7439->7440 7440->7437 7442 9126e8 7442->7439 7449 912e49 7442->7449 7444 912061 7443->7444 7445 91209a CreateFileA 7444->7445 7448 91215c 7444->7448 7446 9120e6 7445->7446 7447 911f17 CloseHandle 7446->7447 7446->7448 7447->7448 7448->7442 7450 912e52 4 API calls 7449->7450 7451 911c6d 7453 911c79 7451->7453 7454 911c8d 7453->7454 7456 911cb5 7454->7456 7457 911cce 7454->7457 7459 911cd7 7457->7459 7460 911ce6 7459->7460 7461 911cee 7460->7461 7462 9100fe 2 API calls 7460->7462 7463 911d91 GetModuleHandleW 7461->7463 7464 911d9f GetModuleHandleA 7461->7464 7465 911cf8 7462->7465 7466 911d26 7463->7466 7464->7466 7467 911d13 7465->7467 7468 910810 2 API calls 7465->7468 7467->7461 7467->7466 7468->7467 7469 8bdd15 CreateFileA 7470 8bdd35 7469->7470

      Executed Functions

      Function 00917A08 Relevance: 3.1, APIs: 2, Instructions: 107memoryCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 321 917a08-917a22 GetSystemInfo 322 917a66-917aaf VirtualAlloc call 917d54 321->322 323 917a28-917a60 321->323 327 917b95-917b9a call 917b9e 322->327 328 917ab5-917ad9 call 917d54 322->328 323->322 335 917b9c-917b9d 327->335 328->327 334 917adf-917b03 call 917d54 328->334 334->327 338 917b09-917b2d call 917d54 334->338 338->327 341 917b33-917b40 338->341 342 917b66-917b7d call 917d54 341->342 343 917b46-917b61 341->343 345 917b82-917b84 342->345 348 917b90 343->348 345->327 347 917b8a 345->347 347->348 348->335
      APIs
      • GetSystemInfo.KERNELBASE(?,-11B95FEC), ref: 00917A14
      • VirtualAlloc.KERNELBASE(00000000,00004000,00001000,00000004), ref: 00917A75
      Memory Dump Source
      • Source File: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: AllocInfoSystemVirtual
      • String ID:
      • API String ID: 3440192736-0
      • Opcode ID: 34336031b47ddab5526d2a04b59de389e47e71e6b04d19d4847bdea7c58b7904
      • Instruction ID: 0f1fa8920a1c9a886f5db07a761972a6ff5cc6939d9a2bfd2450ad4417786532
      • Opcode Fuzzy Hash: 34336031b47ddab5526d2a04b59de389e47e71e6b04d19d4847bdea7c58b7904
      • Instruction Fuzzy Hash: 2E41EFB2E4420AEFD729DEA08845FE6B7BCBF48741F1005A2A243DE492D7B495D487A0
      Function 008BA3F0 Relevance: 1.6, APIs: 1, Instructions: 124libraryCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 369 8ba3f0-8ba3f4 LoadLibraryA 370 8ba40a-8ba590 369->370 373 8ba596 370->373 373->373
      APIs
      Memory Dump Source
      • Source File: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: LibraryLoad
      • String ID:
      • API String ID: 1029625771-0
      • Opcode ID: b9d394af270e058b6eabd46a9915f2bb929a7ade3d034f504e0d40cf47e23d82
      • Instruction ID: a37560c7fec1e7115e008adb606cd1abed94beea21d7db3d27029ca3fa859e27
      • Opcode Fuzzy Hash: b9d394af270e058b6eabd46a9915f2bb929a7ade3d034f504e0d40cf47e23d82
      • Instruction Fuzzy Hash: F24158B290C210AFE311AF09D8856BEFBF8FF98720F16482DE6C582210D3754955CBA7
      Function 008C681F Relevance: 1.6, APIs: 1, Instructions: 69libraryCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: LibraryLoad
      • String ID:
      • API String ID: 1029625771-0
      • Opcode ID: 91babb3b5ae70906b5ed26fc5448d8143ff5697e99ca628972a266f1d6e35a64
      • Instruction ID: 9dd4069c9c4ff67ea16d8466597f8727f9c087734daca6c349de2d38c8a09d0a
      • Opcode Fuzzy Hash: 91babb3b5ae70906b5ed26fc5448d8143ff5697e99ca628972a266f1d6e35a64
      • Instruction Fuzzy Hash: C72107B240C615DFD749EE25C88196EFBE9FF98710F52882DE5C6D6210CA304881CF82
      Function 009117D1 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83libraryCOMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • LoadLibraryExW.KERNEL32(?,?,?), ref: 009118E2
      • LoadLibraryExA.KERNELBASE(00000000,?,?), ref: 009118F6
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: LibraryLoad
      • String ID: .dll$.exe$1002
      • API String ID: 1029625771-847511843
      • Opcode ID: 1524e3dc7e7f348477177a505667f63af86c3ce7074c928e9edae6a59e7f3d2a
      • Instruction ID: 2b7af8399be8ddb661cca44d57a9007749354fab63c0101c0fb1cf2a1df79008
      • Opcode Fuzzy Hash: 1524e3dc7e7f348477177a505667f63af86c3ce7074c928e9edae6a59e7f3d2a
      • Instruction Fuzzy Hash: A9317635A0420EFFDB25AF50E904BED7B79BF84310F1085A9FA0296161C77699E0EB91
      Function 00911CD7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 39 911cd7-911ce8 call 91163b 42 911cf3-911cfc call 9100fe 39->42 43 911cee 39->43 50 911d30-911d37 42->50 51 911d02-911d0e call 910810 42->51 44 911d87-911d8b 43->44 46 911d91-911d9a GetModuleHandleW 44->46 47 911d9f-911da2 GetModuleHandleA 44->47 49 911da8 46->49 47->49 53 911db2-911db4 49->53 54 911d82 call 9101a9 50->54 55 911d3d-911d44 50->55 57 911d13-911d15 51->57 54->44 55->54 58 911d4a-911d51 55->58 57->54 60 911d1b-911d20 57->60 58->54 59 911d57-911d5e 58->59 59->54 61 911d64-911d78 59->61 60->54 62 911d26-911dad call 9101a9 60->62 61->54 62->53
      APIs
      • GetModuleHandleW.KERNEL32(?,?,?,?,00911C69,?,00000000,00000000), ref: 00911D94
      • GetModuleHandleA.KERNEL32(00000000,?,?,?,00911C69,?,00000000,00000000), ref: 00911DA2
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: HandleModule
      • String ID: .dll
      • API String ID: 4139908857-2738580789
      • Opcode ID: 639abe783a516ef35028065ff6eb6f28ee8512f9fadedd4995bbf0c2df094885
      • Instruction ID: aac4f71ef80b98b76e61b927cb2752bb2ad652072d4345d70de5895991c297d2
      • Opcode Fuzzy Hash: 639abe783a516ef35028065ff6eb6f28ee8512f9fadedd4995bbf0c2df094885
      • Instruction Fuzzy Hash: 81117C3870460EFFEB349F50E9097E97AB8BF40345F044216E606484E0C7B99AE0CA81
      Function 00911AA4 Relevance: 4.6, APIs: 3, Instructions: 87COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
        • Part of subcall function 009100FE: GetCurrentThreadId.KERNEL32 ref: 0091010D
        • Part of subcall function 009100FE: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 00910150
      • GetModuleFileNameA.KERNEL32(00000000,?,0000028B,-11B95FEC,00000000,?), ref: 00911AE4
      • GetFullPathNameA.KERNEL32(?,0000028B,?,00000000,-11B95FEC,?), ref: 00911B34
      • GetModuleFileNameA.KERNELBASE(?,?,?,?), ref: 00911BAD
      Memory Dump Source
      • Source File: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: Name$FileModule$CurrentFullPathSleepThread
      • String ID:
      • API String ID: 90702387-0
      • Opcode ID: 60bdadc89884800d094f75440265e96fe2744aec1fac257f1059fbcf91aa68cb
      • Instruction ID: 7d6b99901f61ecf8ecb87b1a234928a3ec407c663162fb7e80f0f30c29cd1c3e
      • Opcode Fuzzy Hash: 60bdadc89884800d094f75440265e96fe2744aec1fac257f1059fbcf91aa68cb
      • Instruction Fuzzy Hash: 5F317831A4824EFFEB219F54DC88FD9BBB9FF85340F000694E20696064D7B05AD1CB61
      Function 008BDA62 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 155fileCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 92 8bda62-8bda63 93 8bda48-8bda4f 92->93 94 8bda65-8bda66 92->94 93->92 95 8bda68-8bda77 94->95 96 8bdab5-8bdab6 94->96 97 8bda79-8bda7b 95->97 98 8bdacd-8bdad3 call 8bdad8 96->98 97->98 100 8bda7c-8bdaaf 97->100 98->97 103 8bdad5-8bdb00 98->103 100->96 107 8bdb12-8bdb13 103->107 108 8bdb06 103->108 110 8bdb19 107->110 111 8bdb1f-8bdb25 CreateFileA 107->111 108->107 109 8bdb0c 108->109 109->107 110->111 112 8bdb2b-8bdb33 111->112 113 8bdec1-8bdee7 111->113 115 8bdb46-8bdb4d 112->115 116 8bdb63-8bdb7d 115->116 117 8bdb53-8bdb62 115->117 120 8bdb1a-8bdb1b 116->120 121 8bdb7f-8bdbb4 116->121 117->116 122 8bdb39-8bdb41 120->122 123 8bdb1d 120->123 124 8bdbba-8bdbcd 121->124 125 8bdbce-8bdbd2 121->125 122->115 123->111 124->125 127 8bdbd8 125->127 128 8bdbf1-8bdbf3 125->128 127->128 129 8bdc0b-8bdc27 call 8bdc2a 128->129 130 8bdbf9 128->130 130->129
      APIs
      • CreateFileA.KERNELBASE(00000000), ref: 008BDB1F
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: CreateFile
      • String ID: OBaP
      • API String ID: 823142352-2258683339
      • Opcode ID: e815cf8f0d3c11420eddd2e192aa4b44ea7f17a5ff3983620c6bd9fc0a011796
      • Instruction ID: baccf441f67d35fe6041ee625d67910d1179676335f9658375f60d965a2de8a3
      • Opcode Fuzzy Hash: e815cf8f0d3c11420eddd2e192aa4b44ea7f17a5ff3983620c6bd9fc0a011796
      • Instruction Fuzzy Hash: 763118E754C3197EE302CA585A25AFABF6DF6C3730735546AF402CA603F2D40E49A235
      Function 008BDAD8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 136fileCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 134 8bdad8 135 8bdadf-8bdb00 134->135 136 8bdade 134->136 139 8bdb12-8bdb13 135->139 140 8bdb06 135->140 136->135 142 8bdb19 139->142 143 8bdb1f-8bdb25 CreateFileA 139->143 140->139 141 8bdb0c 140->141 141->139 142->143 144 8bdb2b-8bdb33 143->144 145 8bdec1-8bdee7 143->145 147 8bdb46-8bdb4d 144->147 148 8bdb63-8bdb7d 147->148 149 8bdb53-8bdb62 147->149 152 8bdb1a-8bdb1b 148->152 153 8bdb7f-8bdbb4 148->153 149->148 154 8bdb39-8bdb41 152->154 155 8bdb1d 152->155 156 8bdbba-8bdbcd 153->156 157 8bdbce-8bdbd2 153->157 154->147 155->143 156->157 159 8bdbd8 157->159 160 8bdbf1-8bdbf3 157->160 159->160 161 8bdc0b-8bdc27 call 8bdc2a 160->161 162 8bdbf9 160->162 162->161
      APIs
      • CreateFileA.KERNELBASE(00000000), ref: 008BDB1F
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: CreateFile
      • String ID: OBaP
      • API String ID: 823142352-2258683339
      • Opcode ID: 3020d95359e560d7aa86f4a8de1132b1c7b607aa86e3077ab4ef9bfcf2e7a638
      • Instruction ID: 0737cf43e462686b644f4ed9867f22e62d8d7f6649d541b749a85fa9bf1896cc
      • Opcode Fuzzy Hash: 3020d95359e560d7aa86f4a8de1132b1c7b607aa86e3077ab4ef9bfcf2e7a638
      • Instruction Fuzzy Hash: 6231C7AB14C3557FE3028A185E216F6BF6DFBD3734735846AF485C7243F294490AA231
      Function 008BDA8D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 166 8bda8d-8bdaaf 168 8bdab5-8bdab6 166->168 169 8bdacd-8bdad3 call 8bdad8 168->169 172 8bda79-8bda7b 169->172 173 8bdad5-8bdb00 169->173 172->169 175 8bda7c-8bdaaf 172->175 179 8bdb12-8bdb13 173->179 180 8bdb06 173->180 175->168 182 8bdb19 179->182 183 8bdb1f-8bdb25 CreateFileA 179->183 180->179 181 8bdb0c 180->181 181->179 182->183 184 8bdb2b-8bdb33 183->184 185 8bdec1-8bdee7 183->185 187 8bdb46-8bdb4d 184->187 188 8bdb63-8bdb7d 187->188 189 8bdb53-8bdb62 187->189 192 8bdb1a-8bdb1b 188->192 193 8bdb7f-8bdbb4 188->193 189->188 194 8bdb39-8bdb41 192->194 195 8bdb1d 192->195 196 8bdbba-8bdbcd 193->196 197 8bdbce-8bdbd2 193->197 194->187 195->183 196->197 199 8bdbd8 197->199 200 8bdbf1-8bdbf3 197->200 199->200 201 8bdc0b-8bdc27 call 8bdc2a 200->201 202 8bdbf9 200->202 202->201
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: CreateFile
      • String ID: OBaP
      • API String ID: 823142352-2258683339
      • Opcode ID: 579a881e34435a2e9c8868df38efb3603af7ac5e8e8843a85ac1e5939afa7d6f
      • Instruction ID: e28f97b760965d53d92f60bbc84c33058d9257dcb213d09c6a74a3b9d7e54760
      • Opcode Fuzzy Hash: 579a881e34435a2e9c8868df38efb3603af7ac5e8e8843a85ac1e5939afa7d6f
      • Instruction Fuzzy Hash: 2B3149EB54C3087EF301DA145A61AF67B6DF7C3734735886AF402CA203F2940E4AA231
      Function 008BDABB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 116COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 206 8bdabb-8bdac8 207 8bdad3 206->207 208 8bdace call 8bdad8 206->208 209 8bda79-8bda7b 207->209 210 8bdad5-8bdb00 207->210 208->207 212 8bdacd-8bdace call 8bdad8 209->212 213 8bda7c-8bdab6 209->213 219 8bdb12-8bdb13 210->219 220 8bdb06 210->220 212->207 213->212 222 8bdb19 219->222 223 8bdb1f-8bdb25 CreateFileA 219->223 220->219 221 8bdb0c 220->221 221->219 222->223 224 8bdb2b-8bdb33 223->224 225 8bdec1-8bdee7 223->225 227 8bdb46-8bdb4d 224->227 228 8bdb63-8bdb7d 227->228 229 8bdb53-8bdb62 227->229 232 8bdb1a-8bdb1b 228->232 233 8bdb7f-8bdbb4 228->233 229->228 234 8bdb39-8bdb41 232->234 235 8bdb1d 232->235 236 8bdbba-8bdbcd 233->236 237 8bdbce-8bdbd2 233->237 234->227 235->223 236->237 239 8bdbd8 237->239 240 8bdbf1-8bdbf3 237->240 239->240 241 8bdc0b-8bdc27 call 8bdc2a 240->241 242 8bdbf9 240->242 242->241
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: CreateFile
      • String ID: OBaP
      • API String ID: 823142352-2258683339
      • Opcode ID: af90e159018cc42f170bdd83652e4a9fbaa47c0c02db34bb6fa92ae10d3961ba
      • Instruction ID: b1df02e38962157e43d68de24ae7adf201d1c62a250ed9d953227ec2a41f61e7
      • Opcode Fuzzy Hash: af90e159018cc42f170bdd83652e4a9fbaa47c0c02db34bb6fa92ae10d3961ba
      • Instruction Fuzzy Hash: CE2127EB54C3443EE3028A585A65AF67B6DF7D3734735886AF402CA343F1944E0AA231
      Function 009106B1 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 90COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 246 9106b1-9106e1 248 9106e7-9106fc 246->248 249 91080c-91080d 246->249 248->249 251 910702-910706 248->251 252 910728-91072f 251->252 253 91070c-91071e PathAddExtensionA 251->253 254 910751-910758 252->254 255 910735-910744 call 910352 252->255 256 910727 253->256 258 91079a-9107a1 254->258 259 91075e-910765 254->259 262 910749-91074b 255->262 256->252 260 9107c3-9107ca 258->260 261 9107a7-9107bd call 910352 258->261 263 91076b-910774 259->263 264 91077e-91078d call 910352 259->264 268 9107d0-9107e6 call 910352 260->268 269 9107ec-9107f3 260->269 261->249 261->260 262->249 262->254 263->264 265 91077a 263->265 270 910792-910794 264->270 265->264 268->249 268->269 269->249 273 9107f9-910806 call 91038b 269->273 270->249 270->258 273->249
      APIs
      • PathAddExtensionA.KERNELBASE(?,00000000), ref: 00910713
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: ExtensionPath
      • String ID: \\?\
      • API String ID: 158807944-4282027825
      • Opcode ID: bfcf98339ca539d7ca69ffb7502784809c250951ff07b93f8759e56bd95a10ad
      • Instruction ID: ed65db884003c69c23933139faa89a011015cddbabf2580430173b59841d8cb3
      • Opcode Fuzzy Hash: bfcf98339ca539d7ca69ffb7502784809c250951ff07b93f8759e56bd95a10ad
      • Instruction Fuzzy Hash: EF31C535A0060DBEDF219F94DD09BDE7B7ABF84345F0001A5B901A50A5D7B39AE1DF90
      Function 008BDB5B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 87fileCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 277 8bdb5b-8bdb60 278 8bdafd-8bdb00 277->278 279 8bdb62 277->279 281 8bdb12-8bdb13 278->281 282 8bdb06 278->282 280 8bdb63-8bdb7d 279->280 287 8bdb1a-8bdb1b 280->287 288 8bdb7f-8bdbb4 280->288 285 8bdb19 281->285 286 8bdb1f-8bdb25 CreateFileA 281->286 282->281 284 8bdb0c 282->284 284->281 285->286 289 8bdb2b-8bdb33 286->289 290 8bdec1-8bdee7 286->290 291 8bdb39-8bdb41 287->291 292 8bdb1d 287->292 293 8bdbba-8bdbcd 288->293 294 8bdbce-8bdbd2 288->294 297 8bdb46-8bdb4d 289->297 291->297 292->286 293->294 298 8bdbd8 294->298 299 8bdbf1-8bdbf3 294->299 297->280 302 8bdb53-8bdb56 297->302 298->299 300 8bdc0b-8bdc27 call 8bdc2a 299->300 301 8bdbf9 299->301 301->300 302->279
      APIs
      • CreateFileA.KERNELBASE(00000000), ref: 008BDB1F
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: CreateFile
      • String ID: OBaP
      • API String ID: 823142352-2258683339
      • Opcode ID: 98b70d7d7f01df0b7b0278ee0ddc019ba46fbb08f67dec9fce26a8fc4ff230a3
      • Instruction ID: 48fa343b5f92ab85cdf985ad1f9686172c4fd4403af56af58f05f065328425e9
      • Opcode Fuzzy Hash: 98b70d7d7f01df0b7b0278ee0ddc019ba46fbb08f67dec9fce26a8fc4ff230a3
      • Instruction Fuzzy Hash: B711E9DB54C3497FE3028A145A61AF67F6DF7D3374B36486AF446CA302F1944906A235
      Function 00911DC0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 306 911dc0-911dd3 call 9100fe 309 911e16-911e2a call 9101a9 GetModuleHandleExA 306->309 310 911dd9-911de5 call 910810 306->310 316 911e34-911e36 309->316 313 911dea-911dec 310->313 313->309 315 911df2-911df9 313->315 317 911e02-911e2f call 9101a9 315->317 318 911dff 315->318 317->316 318->317
      APIs
        • Part of subcall function 009100FE: GetCurrentThreadId.KERNEL32 ref: 0091010D
        • Part of subcall function 009100FE: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 00910150
      • GetModuleHandleExA.KERNELBASE(?,?,?), ref: 00911E24
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: CurrentHandleModuleSleepThread
      • String ID: .dll
      • API String ID: 683542999-2738580789
      • Opcode ID: bd53fc47e3eba39c561febd55d25367e0bd68a28b272fd96aa3e270aecc2a636
      • Instruction ID: 206612a2eac7a7922f1aa5628a1d93628aa7b2631cec1b2624fc2c4119e1ccf9
      • Opcode Fuzzy Hash: bd53fc47e3eba39c561febd55d25367e0bd68a28b272fd96aa3e270aecc2a636
      • Instruction Fuzzy Hash: 5AF09A7630420DFFEB109F94D84ABE93BA5BF98300F108010FE068A052C3B6C8E1EA61
      Function 00911BDE Relevance: 3.0, APIs: 2, Instructions: 39COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 349 911bde-911bfc call 9101dc 352 911c52-911c57 349->352 353 911c02-911c09 call 911a95 349->353 355 911c0e-911c14 353->355 356 911c33-911c49 MultiByteToWideChar 355->356 357 911c1a-911c2e GetModuleFileNameW 355->357 358 911c4a-911c4d call 910201 356->358 357->358 358->352
      APIs
      • GetModuleFileNameW.KERNEL32(?,?,?,-11B95FEC,?,00000000,?,?), ref: 00911C24
      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,-11B95FEC,?,00000000,?,?), ref: 00911C43
      Memory Dump Source
      • Source File: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: ByteCharFileModuleMultiNameWide
      • String ID:
      • API String ID: 1532159127-0
      • Opcode ID: b248c02d7809d556f24fe310cce5d88c2b240b734ea612691750eeeeb06086c5
      • Instruction ID: 92683e9fb014f7e10b68dabd63a01268d57fe81126e283a2c2bf92f07c3b3ed4
      • Opcode Fuzzy Hash: b248c02d7809d556f24fe310cce5d88c2b240b734ea612691750eeeeb06086c5
      • Instruction Fuzzy Hash: E701C83260424EFBCF119F94CD09B9E7F71FF84310F208565F611651A0C77186A1AB40
      Function 009100FE Relevance: 3.0, APIs: 2, Instructions: 33sleepthreadCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 360 9100fe-910114 GetCurrentThreadId 361 910116-910122 360->361 362 910128-91012a 361->362 363 91015d-91016a 361->363 362->363 364 910130-910137 362->364 365 91013d-910144 364->365 366 91014c-910158 Sleep 364->366 365->366 368 91014a 365->368 366->361 368->366
      APIs
      • GetCurrentThreadId.KERNEL32 ref: 0091010D
      • Sleep.KERNELBASE(00000005,00050000,00000000), ref: 00910150
      Memory Dump Source
      • Source File: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: CurrentSleepThread
      • String ID:
      • API String ID: 1164918020-0
      • Opcode ID: d5db0c771cfd70a7dfc92d7469306e77fdadeb4c296388e486b89a9b06bf6394
      • Instruction ID: 236f7e34972de5a1be36ce876edda21d02afa0b9da5293e7b10f5f341cbf5587
      • Opcode Fuzzy Hash: d5db0c771cfd70a7dfc92d7469306e77fdadeb4c296388e486b89a9b06bf6394
      • Instruction Fuzzy Hash: D9F0B47270460DFBDB229F54D9447AE72B8FFC2309F600079D10289550D7FA29C6DAC1
      Function 00912838 Relevance: 1.6, APIs: 1, Instructions: 103fileCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 374 912838-912849 375 912878-912881 call 9101dc 374->375 376 91284f-912863 call 9101dc 374->376 380 912887-912898 call 91201a 375->380 381 91295e-912961 call 910201 375->381 387 912966 376->387 388 912869-912877 376->388 389 9128b8-9128f7 CreateFileA 380->389 390 91289e-9128a2 380->390 381->387 391 91296d-912971 387->391 388->375 394 91291b-91291e 389->394 395 9128fd-91291a 389->395 392 9128b5 390->392 393 9128a8-9128b4 call 9170a2 390->393 392->389 393->392 398 912951-912959 call 911ea9 394->398 399 912924-91293b call 90ff1e 394->399 395->394 398->387 399->391 406 912941-91294c call 911f17 399->406 406->387
      APIs
      • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000,00000010), ref: 009128ED
      Memory Dump Source
      • Source File: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: CreateFile
      • String ID:
      • API String ID: 823142352-0
      • Opcode ID: ef69f9492db5910f7bb0ec4927b829503f9ef8cb574309222de65f5f57bc497d
      • Instruction ID: 2dbf96bc4b008cebe01be12a08aaeb41f47185640fc2ad455fc6afe4cd6b22f7
      • Opcode Fuzzy Hash: ef69f9492db5910f7bb0ec4927b829503f9ef8cb574309222de65f5f57bc497d
      • Instruction Fuzzy Hash: 0F31C271A00209FFEB20AF64DD45FDDBBB8FF84314F208269F915AA191D3B59A91CB50
      Function 00912054 Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
      Download Yara Rule
      APIs
      • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000), ref: 009120D6
      Memory Dump Source
      • Source File: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: CreateFile
      • String ID:
      • API String ID: 823142352-0
      • Opcode ID: 3f3e5eb1cc287a7afdcc1c483342b1822a2a5bef2fe6faf88e10fcd9ef98a936
      • Instruction ID: 34536aa0d6b3dd1e3bf722207a1462e76dc81d382e6cc954e416f68ca9e5049a
      • Opcode Fuzzy Hash: 3f3e5eb1cc287a7afdcc1c483342b1822a2a5bef2fe6faf88e10fcd9ef98a936
      • Instruction Fuzzy Hash: A931DF71B00208BAEB20AF64EC46FD9BBBCEB84724F204265F715AA1D1D3F1A591CB50
      Function 008BDEAE Relevance: 1.6, APIs: 1, Instructions: 64COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: caddaeeffb05387177a2c9d0ddb40c8218a930eacb2cd241ea93cb00d2f706ae
      • Instruction ID: f3e0e785b0a3b2c1cc0e6c97d3b818aefcf786488d955e91f2f1ea3062216154
      • Opcode Fuzzy Hash: caddaeeffb05387177a2c9d0ddb40c8218a930eacb2cd241ea93cb00d2f706ae
      • Instruction Fuzzy Hash: C911747250974EAFCB00EF7484543DE3BA0FF8A310F200869E881CB781E2B19C10DB51
      Function 05520D42 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
      Download Yara Rule
      APIs
      • OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 05520DCD
      Memory Dump Source
      • Source File: 00000001.00000002.2385167902.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_5520000_VajVW1leCd.jbxd
      Similarity
      • API ID: ManagerOpen
      • String ID:
      • API String ID: 1889721586-0
      • Opcode ID: a655b9595786675a2f32b824b25fafe5b6462d3a9ffbeca8232f6e65932bfab4
      • Instruction ID: 9f53a1aaa9b4238219040a24e0cdec199ac0204ee5c85b01ccb02c309072e3b3
      • Opcode Fuzzy Hash: a655b9595786675a2f32b824b25fafe5b6462d3a9ffbeca8232f6e65932bfab4
      • Instruction Fuzzy Hash: EE2135B6C022199FDB10CF99D984BDEFBF4FF89720F14811AE809AB254C734A540CBA4
      Function 008BDE1B Relevance: 1.6, APIs: 1, Instructions: 61fileCOMMON
      Download Yara Rule
      APIs
      • CreateFileA.KERNELBASE(?,?,?,008BDDD5,00000003,00000000), ref: 008BDE7F
      Memory Dump Source
      • Source File: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: CreateFile
      • String ID:
      • API String ID: 823142352-0
      • Opcode ID: 5f111f31e2345c18de42f7173e8ef2b599c75e996afbf5fb77ce163814b903a0
      • Instruction ID: 317642d5ae6b4af21fdbc7fd8c2ebb12051e62e4cd65f885cf27a9f58253408a
      • Opcode Fuzzy Hash: 5f111f31e2345c18de42f7173e8ef2b599c75e996afbf5fb77ce163814b903a0
      • Instruction Fuzzy Hash: DE1102F6808749BEDB01CF619451AEA7760FBA5B64F20045EE482CF341F67288408761
      Function 05520D48 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
      Download Yara Rule
      APIs
      • OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 05520DCD
      Memory Dump Source
      • Source File: 00000001.00000002.2385167902.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_5520000_VajVW1leCd.jbxd
      Similarity
      • API ID: ManagerOpen
      • String ID:
      • API String ID: 1889721586-0
      • Opcode ID: 9e5a9a04a0be4a3c2d8417526e744edecf2e856857cd6be90d0cbdffd6813a21
      • Instruction ID: 1746c3ec38b1e114402849bd2df1cd2a263887e666167d72e7f53ac5c745f88f
      • Opcode Fuzzy Hash: 9e5a9a04a0be4a3c2d8417526e744edecf2e856857cd6be90d0cbdffd6813a21
      • Instruction Fuzzy Hash: 642144B6C022199FDB10CF99D884BDEFBF4FF89720F14811AD809AB294C734A540CBA4
      Function 05521510 Relevance: 1.6, APIs: 1, Instructions: 54serviceCOMMON
      Download Yara Rule
      APIs
      • ControlService.ADVAPI32(?,?,?), ref: 05521580
      Memory Dump Source
      • Source File: 00000001.00000002.2385167902.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_5520000_VajVW1leCd.jbxd
      Similarity
      • API ID: ControlService
      • String ID:
      • API String ID: 253159669-0
      • Opcode ID: 98a2732a5beb85c5ab0a576a68b83a7aca2e0f686aebc97e6768e39ec2646f21
      • Instruction ID: 80350a724bc07d8547910ed4f295b31191eefd05085d026ede56d74292d88686
      • Opcode Fuzzy Hash: 98a2732a5beb85c5ab0a576a68b83a7aca2e0f686aebc97e6768e39ec2646f21
      • Instruction Fuzzy Hash: BE11E4B1D006499FDB10CF9AC584BDEFBF4FB88320F148069E559A7250D778AA44CFA5
      Function 05521509 Relevance: 1.6, APIs: 1, Instructions: 54serviceCOMMON
      Download Yara Rule
      APIs
      • ControlService.ADVAPI32(?,?,?), ref: 05521580
      Memory Dump Source
      • Source File: 00000001.00000002.2385167902.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_5520000_VajVW1leCd.jbxd
      Similarity
      • API ID: ControlService
      • String ID:
      • API String ID: 253159669-0
      • Opcode ID: f20409af752fae8cc29f9e04823ae37bef6f81e335c54a9fdfb8e4c2978020bf
      • Instruction ID: 10765fb7ce883c366cfa34715af734518da15786452931e269f661d831ee4949
      • Opcode Fuzzy Hash: f20409af752fae8cc29f9e04823ae37bef6f81e335c54a9fdfb8e4c2978020bf
      • Instruction Fuzzy Hash: 072103B5D006498FDB10CF9AC584BDEFBF4BB48320F14842AE559A7250D778A644CFA5
      Function 008BDDD9 Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
      Download Yara Rule
      APIs
      • CreateFileA.KERNELBASE(?,?,?,008BDDD5,00000003,00000000), ref: 008BDE7F
      Memory Dump Source
      • Source File: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: CreateFile
      • String ID:
      • API String ID: 823142352-0
      • Opcode ID: dd7fd4fc4e6c0404fb956d221357ea7ed0fcab1bead14046eaf9ca6b0459c22f
      • Instruction ID: 3d45f455522f747b3d5360b1f45ef8fca9bd4cec68fa981adac8d33bb89243bb
      • Opcode Fuzzy Hash: dd7fd4fc4e6c0404fb956d221357ea7ed0fcab1bead14046eaf9ca6b0459c22f
      • Instruction Fuzzy Hash: 520121F6409709BEA700CF5199109FB7BA8FAAA720B30086AE882DF300F5609D04A671
      Function 05521301 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
      Download Yara Rule
      APIs
      • ImpersonateLoggedOnUser.KERNELBASE ref: 05521367
      Memory Dump Source
      • Source File: 00000001.00000002.2385167902.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_5520000_VajVW1leCd.jbxd
      Similarity
      • API ID: ImpersonateLoggedUser
      • String ID:
      • API String ID: 2216092060-0
      • Opcode ID: a91af94305c3ea3b1d41c957d05149cf17c4a828f14e6d7f31fc6ceb78757c49
      • Instruction ID: 13380c86b618efbfe3727a71a7f6d41188f1fc21cb83ff9830700fb01ddd80b7
      • Opcode Fuzzy Hash: a91af94305c3ea3b1d41c957d05149cf17c4a828f14e6d7f31fc6ceb78757c49
      • Instruction Fuzzy Hash: 231113B1800649CFDB10CF9AC585BDEFBF4EF48724F24846AD558A3250D778A544CFA5
      Function 05521308 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
      Download Yara Rule
      APIs
      • ImpersonateLoggedOnUser.KERNELBASE ref: 05521367
      Memory Dump Source
      • Source File: 00000001.00000002.2385167902.0000000005520000.00000040.00000800.00020000.00000000.sdmp, Offset: 05520000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_5520000_VajVW1leCd.jbxd
      Similarity
      • API ID: ImpersonateLoggedUser
      • String ID:
      • API String ID: 2216092060-0
      • Opcode ID: 23b905cad5e6f8d2f1ded2c006701b267e47565518ebda54c119fe5dc888c818
      • Instruction ID: 5e6012727a4ea86df3349a27af47f234edfb035eff61515d3fbd812e9e6f7a7c
      • Opcode Fuzzy Hash: 23b905cad5e6f8d2f1ded2c006701b267e47565518ebda54c119fe5dc888c818
      • Instruction Fuzzy Hash: FC1122B1800649CFEB10CF9AC544BDEFBF8EB88720F24846AD558A3250C778A944CBA5
      Function 008BDDED Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
      Download Yara Rule
      APIs
      • CreateFileA.KERNELBASE(?,?,?,008BDDD5,00000003,00000000), ref: 008BDE7F
      Memory Dump Source
      • Source File: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: CreateFile
      • String ID:
      • API String ID: 823142352-0
      • Opcode ID: f9575ba5a71b1b429e3b8342502e1894b1880170b757b459038a6910c7730d2f
      • Instruction ID: d2bf5a6acdef9d695eed02c87aeeab69a2707a4917593f543d734bb080c61b4a
      • Opcode Fuzzy Hash: f9575ba5a71b1b429e3b8342502e1894b1880170b757b459038a6910c7730d2f
      • Instruction Fuzzy Hash: 98F028F640D709BED700CF6194514FE77A8FAA9720B30085AE886DF300F53098449671
      Function 008BDD15 Relevance: 1.5, APIs: 1, Instructions: 45fileCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: CreateFile
      • String ID:
      • API String ID: 823142352-0
      • Opcode ID: 377ed6d00080346d4edce9939604f92342e07a6b46cf201de9302133178f9ab4
      • Instruction ID: b702fd3d590ba201238e4f7fd02bfa3db472ba1f92128e0c236ab01c3675b556
      • Opcode Fuzzy Hash: 377ed6d00080346d4edce9939604f92342e07a6b46cf201de9302133178f9ab4
      • Instruction Fuzzy Hash: 47017DB108D306BFE3518E348C117DAB798FF52338F29455EE0C4C7592D2294C06C725
      Function 008BDDF9 Relevance: 1.5, APIs: 1, Instructions: 43fileCOMMON
      Download Yara Rule
      APIs
      • CreateFileA.KERNELBASE(?,?,?,008BDDD5,00000003,00000000), ref: 008BDE7F
      Memory Dump Source
      • Source File: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: CreateFile
      • String ID:
      • API String ID: 823142352-0
      • Opcode ID: f71d88fb2a1f7e4aaec9c8aea095a3e86208377ede533982d4052db139b35316
      • Instruction ID: 2101ed15f23b7c1a4e352620217ac7dcb01d32ee4245f1771d5532df2099cd02
      • Opcode Fuzzy Hash: f71d88fb2a1f7e4aaec9c8aea095a3e86208377ede533982d4052db139b35316
      • Instruction Fuzzy Hash: A3F028F6409705BFD744CFA294509FA77E4FBAD710B200459E886DF300E630DC409AA1
      Function 008BDE37 Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
      Download Yara Rule
      APIs
      • CreateFileA.KERNELBASE(?,?,?,008BDDD5,00000003,00000000), ref: 008BDE7F
      Memory Dump Source
      • Source File: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: CreateFile
      • String ID:
      • API String ID: 823142352-0
      • Opcode ID: 14065be73d92b679430ff93bd02f77bacf7d70c41c717294ddbd3cc13accd1eb
      • Instruction ID: 82ab298464bdf152bd7145221600e3b7a6af4a3c87742feabb472b90abf1f549
      • Opcode Fuzzy Hash: 14065be73d92b679430ff93bd02f77bacf7d70c41c717294ddbd3cc13accd1eb
      • Instruction Fuzzy Hash: 3EF022F640AB447EEB44CF6189900EE77E0FBA9730F20455EE8968B2C1E6718C04A621
      Function 008BDE2C Relevance: 1.5, APIs: 1, Instructions: 35fileCOMMON
      Download Yara Rule
      APIs
      • CreateFileA.KERNELBASE(?,?,?,008BDDD5,00000003,00000000), ref: 008BDE7F
      Memory Dump Source
      • Source File: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: CreateFile
      • String ID:
      • API String ID: 823142352-0
      • Opcode ID: 2bad72578ec08e724283175b5e989c422b75d2d922963dc52f225eef245454f0
      • Instruction ID: 91cd6e127ecac2a3133cd4c5c1afc0243a826f0cac28971d95d0d07bb9f96688
      • Opcode Fuzzy Hash: 2bad72578ec08e724283175b5e989c422b75d2d922963dc52f225eef245454f0
      • Instruction Fuzzy Hash: 7EF0E2B6408B09BEDB40CFA195504BA77A8FBDE720B20485EE886CF340E6305D409B61
      Function 00911A34 Relevance: 1.5, APIs: 1, Instructions: 27libraryloaderCOMMON
      Download Yara Rule
      APIs
      • GetProcAddress.KERNEL32(009111EA,009111EA), ref: 00911A7F
      Memory Dump Source
      • Source File: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: AddressProc
      • String ID:
      • API String ID: 190572456-0
      • Opcode ID: b5bc8cf5e2a2c7595b12b2eea830aef87747a5dd105f14d17f5489f457fa2756
      • Instruction ID: 87a29beb2ed3828f80e9e619cdcfb04c72b739998d585a9d6a582c8d18e66fe5
      • Opcode Fuzzy Hash: b5bc8cf5e2a2c7595b12b2eea830aef87747a5dd105f14d17f5489f457fa2756
      • Instruction Fuzzy Hash: EBE0123534504DBADF117F74DD05ADD2E26AED43D07008422FA0754061DB76C6D1E761
      Function 009102CF Relevance: 1.3, APIs: 1, Instructions: 39stringCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: lstrcmpi
      • String ID:
      • API String ID: 1586166983-0
      • Opcode ID: aeec99fdcfb7c4d4a86d5cac5aa993203b5724745a49b3350a92f82ca2ba92ce
      • Instruction ID: 017b3631893a7e9c7689dab49af715c9c26b586fdc4a01bae911da6c66a6dca4
      • Opcode Fuzzy Hash: aeec99fdcfb7c4d4a86d5cac5aa993203b5724745a49b3350a92f82ca2ba92ce
      • Instruction Fuzzy Hash: 2301D631A0010DBFCF129FA5DC05EDEBB7AEF84341F0041A1A415A8060D77286A2DB61
      Function 00917DAB Relevance: 1.3, APIs: 1, Instructions: 37memoryCOMMON
      Download Yara Rule
      APIs
      • VirtualAlloc.KERNELBASE(00000000,00001000,00001000,00000004,?,?,00917DA7,?,?,00917AAD,?,?,00917AAD,?,?,00917AAD), ref: 00917DCB
      Memory Dump Source
      • Source File: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: AllocVirtual
      • String ID:
      • API String ID: 4275171209-0
      • Opcode ID: 31d71c9003db696e594a33224acb9b5d67faf0f2cbff7f588855a8a4e73a6f9c
      • Instruction ID: 0bd5c4344b293950a853a819f6cff843da810ecc7df436f1f066bf3da650263d
      • Opcode Fuzzy Hash: 31d71c9003db696e594a33224acb9b5d67faf0f2cbff7f588855a8a4e73a6f9c
      • Instruction Fuzzy Hash: 2AF086B1A0420ADFD7258F54CD05B99FBF4FF49762F208055F4469B591E3B198C18B90
      Function 0073EAAB Relevance: 1.3, APIs: 1, Instructions: 30memoryCOMMON
      Download Yara Rule
      APIs
      • VirtualAlloc.KERNELBASE(00000000), ref: 0073F09B
      Memory Dump Source
      • Source File: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: AllocVirtual
      • String ID:
      • API String ID: 4275171209-0
      • Opcode ID: b2b3116bb858aa0331e8bc3ada80679fa380fb061f3b561528575a055d6ac39e
      • Instruction ID: 5fe1dd9d28225dc5843ad33d383aa9b780d2fb3960274e045053bc1cc39af9ea
      • Opcode Fuzzy Hash: b2b3116bb858aa0331e8bc3ada80679fa380fb061f3b561528575a055d6ac39e
      • Instruction Fuzzy Hash: 6FF0DAF040C604DFE344AF28C8896BEBBF9EF84741F51892DD5C68A655DA780840CA13
      Function 00912E52 Relevance: 1.3, APIs: 1, Instructions: 25COMMON
      Download Yara Rule
      APIs
        • Part of subcall function 009100FE: GetCurrentThreadId.KERNEL32 ref: 0091010D
        • Part of subcall function 009100FE: Sleep.KERNELBASE(00000005,00050000,00000000), ref: 00910150
      • CloseHandle.KERNELBASE(00912815,-11B95FEC,?,?,00912815,?), ref: 00912E90
      Memory Dump Source
      • Source File: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: CloseCurrentHandleSleepThread
      • String ID:
      • API String ID: 4003616898-0
      • Opcode ID: fe0784c4dceaff5615333f0fb6757fc8dda69e6a3a38082a42b1c98372be8b5d
      • Instruction ID: 33fcf20f8eaf5dee96ed22ae7e856d3a987ba00741b853b1780e53761468cf28
      • Opcode Fuzzy Hash: fe0784c4dceaff5615333f0fb6757fc8dda69e6a3a38082a42b1c98372be8b5d
      • Instruction Fuzzy Hash: BEE04F6634408EBAEE207B78E809EDE2A29AFD47807000522B54685441DBA9C4E2D2A0
      Function 00911F17 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
      Download Yara Rule
      APIs
      • CloseHandle.KERNELBASE(?,?,0090FF9D,?,?), ref: 00911F1D
      Memory Dump Source
      • Source File: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID: CloseHandle
      • String ID:
      • API String ID: 2962429428-0
      • Opcode ID: 2550dcfd3ceb9737519cfa1498502e2456488131446cb5edde433cdb1caf9ecc
      • Instruction ID: 64398b2a9df24000992450e1e67fe4baa834fbe3d9979edd56919af8a2478cf7
      • Opcode Fuzzy Hash: 2550dcfd3ceb9737519cfa1498502e2456488131446cb5edde433cdb1caf9ecc
      • Instruction Fuzzy Hash: 47B0923150010CBBCB01BF91EC0688EBF69BF91398B108120BA1648421ABB2E9A59BD0

      Non-executed Functions

      Function 0098DAF8 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID:
      • String ID: =q
      • API String ID: 0-545116781
      • Opcode ID: 78c4b9ab2e81868a9bcd80cc921efba0bd445a8aaae60ff02eb7e5e2febdf6ce
      • Instruction ID: 1f2d7c1f5113d49133c53159e25968f33706636a67fa5c403a11200036421510
      • Opcode Fuzzy Hash: 78c4b9ab2e81868a9bcd80cc921efba0bd445a8aaae60ff02eb7e5e2febdf6ce
      • Instruction Fuzzy Hash: C55173B380E228CBC3007A699D04A36F7E9ABD4310F27893AD9C687B84E5795D00D3C2
      Function 008BDCD8 Relevance: .0, Instructions: 27COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000001.00000002.2382952110.00000000008B7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
      • Associated: 00000001.00000002.2382705706.0000000000730000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382720516.0000000000732000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382738860.0000000000736000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382765783.000000000073A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382789729.0000000000744000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382802003.0000000000745000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382816910.0000000000746000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382919799.00000000008A4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382935851.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382952110.00000000008C1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382977520.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2382988639.00000000008CB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383016498.00000000008DE000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383031283.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383052801.00000000008F4000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383070105.0000000000907000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383086486.0000000000913000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383103336.0000000000917000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383116930.0000000000918000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383132636.000000000091A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383154492.000000000092E000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383168795.0000000000930000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383185038.0000000000931000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383202071.0000000000936000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383216248.0000000000937000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383229823.000000000093F000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383243133.0000000000940000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383258978.0000000000944000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383273311.000000000094D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383289615.0000000000952000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383338350.000000000095A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383356045.000000000095E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383372159.000000000095F000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383437661.0000000000962000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383456053.000000000096A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383479426.000000000096C000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383504468.00000000009A0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383517802.00000000009A1000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383625996.00000000009C8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383640783.00000000009C9000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009CA000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383655887.00000000009D0000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383687136.00000000009E0000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000001.00000002.2383701727.00000000009E2000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_1_2_730000_VajVW1leCd.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 102db138ada3ac9da69c5dcd25208163fa04891466b5c92af9a86b193db25903
      • Instruction ID: eeba9c61afdc9cec75b8b8045058ab8a13299172621b37f88fd93e0a4e24fcf5
      • Opcode Fuzzy Hash: 102db138ada3ac9da69c5dcd25208163fa04891466b5c92af9a86b193db25903
      • Instruction Fuzzy Hash: 6BD0ECAA2882A13EE212C2156B25AE9BB2DF782730B314427F156D6542E2C45A0E9172