Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
4JpRlHS5uF.exe

Overview

General Information

Sample name:4JpRlHS5uF.exe
renamed because original name is a hash value
Original sample name:5a59142c418a1913fb65a008b64b0d87.exe
Analysis ID:1579740
MD5:5a59142c418a1913fb65a008b64b0d87
SHA1:cc5eab334e3bcf7a24f1a245ac813765c821d3de
SHA256:08f893c18fb3d1d85e9ab5b5a8ff2843c4b7d20561287a70de23cb776c99d6a9
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Potentially malicious time measurement code found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Detected potential crypto function
Entry point lies outside standard sections
Found large amount of non-executed APIs
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files

Classification

  • System is w10x64
  • 4JpRlHS5uF.exe (PID: 7532 cmdline: "C:\Users\user\Desktop\4JpRlHS5uF.exe" MD5: 5A59142C418A1913FB65A008B64B0D87)
    • WerFault.exe (PID: 7804 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 1156 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: 4JpRlHS5uF.exeAvira: detected
Source: 4JpRlHS5uF.exeReversingLabs: Detection: 68%
Source: 4JpRlHS5uF.exeVirustotal: Detection: 51%Perma Link
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Source: 4JpRlHS5uF.exeJoe Sandbox ML: detected
Source: 4JpRlHS5uF.exe, 00000000.00000002.2138827102.0000000000AED000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_8b7b7ef1-d
Source: 4JpRlHS5uF.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: Joe Sandbox ViewIP Address: 34.226.108.155 34.226.108.155
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficDNS traffic detected: DNS query: httpbin.org
Source: global trafficDNS traffic detected: DNS query: home.fivetk5ht.top
Source: 4JpRlHS5uF.exe, 00000000.00000002.2138827102.0000000000AED000.00000040.00000001.01000000.00000003.sdmp, 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.css
Source: 4JpRlHS5uF.exe, 00000000.00000002.2138827102.0000000000AED000.00000040.00000001.01000000.00000003.sdmp, 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.jpg
Source: 4JpRlHS5uF.exe, 00000000.00000002.2140530927.00000000018E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPR
Source: 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv17
Source: 4JpRlHS5uF.exe, 00000000.00000002.2140530927.000000000185E000.00000004.00000020.00020000.00000000.sdmp, 4JpRlHS5uF.exe, 00000000.00000002.2138827102.0000000000AED000.00000040.00000001.01000000.00000003.sdmp, 4JpRlHS5uF.exe, 00000000.00000002.2140530927.00000000018E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
Source: 4JpRlHS5uF.exe, 00000000.00000002.2138827102.0000000000AED000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851http://home.fivetk5ht.top/zldPRFrmVFHTtKntGp
Source: 4JpRlHS5uF.exe, 00000000.00000002.2140530927.000000000185E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851lse
Source: 4JpRlHS5uF.exe, 00000000.00000002.2138827102.0000000000AED000.00000040.00000001.01000000.00000003.sdmp, 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
Source: Amcache.hve.3.drString found in binary or memory: http://upx.sf.net
Source: 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: 4JpRlHS5uF.exe, 00000000.00000002.2138827102.0000000000AED000.00000040.00000001.01000000.00000003.sdmp, 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: 4JpRlHS5uF.exe, 00000000.00000002.2138827102.0000000000AED000.00000040.00000001.01000000.00000003.sdmp, 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ip
Source: 4JpRlHS5uF.exe, 00000000.00000002.2138827102.0000000000AED000.00000040.00000001.01000000.00000003.sdmp, 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ipbefore
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443

System Summary

barindex
Source: 4JpRlHS5uF.exeStatic PE information: section name:
Source: 4JpRlHS5uF.exeStatic PE information: section name: .idata
Source: 4JpRlHS5uF.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeCode function: 0_2_071401F10_2_071401F1
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 1156
Source: 4JpRlHS5uF.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: 4JpRlHS5uF.exeStatic PE information: Section: yefovael ZLIB complexity 0.9944293525542873
Source: classification engineClassification label: mal100.evad.winEXE@2/5@14/1
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7532
Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\e0fbacd1-f1a6-41f9-8e4c-4f7cd22f20cdJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: 4JpRlHS5uF.exeReversingLabs: Detection: 68%
Source: 4JpRlHS5uF.exeVirustotal: Detection: 51%
Source: 4JpRlHS5uF.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: unknownProcess created: C:\Users\user\Desktop\4JpRlHS5uF.exe "C:\Users\user\Desktop\4JpRlHS5uF.exe"
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 1156
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSection loaded: winrnr.dllJump to behavior
Source: 4JpRlHS5uF.exeStatic file information: File size 4495360 > 1048576
Source: 4JpRlHS5uF.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x284c00
Source: 4JpRlHS5uF.exeStatic PE information: Raw size of yefovael is bigger than: 0x100000 < 0x1c1000

Data Obfuscation

barindex
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeUnpacked PE file: 0.2.4JpRlHS5uF.exe.510000.0.unpack :EW;.rsrc:W;.idata :W; :EW;yefovael:EW;eavrkykj:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;yefovael:EW;eavrkykj:EW;.taggant:EW;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: 4JpRlHS5uF.exeStatic PE information: real checksum: 0x44a521 should be: 0x44e990
Source: 4JpRlHS5uF.exeStatic PE information: section name:
Source: 4JpRlHS5uF.exeStatic PE information: section name: .idata
Source: 4JpRlHS5uF.exeStatic PE information: section name:
Source: 4JpRlHS5uF.exeStatic PE information: section name: yefovael
Source: 4JpRlHS5uF.exeStatic PE information: section name: eavrkykj
Source: 4JpRlHS5uF.exeStatic PE information: section name: .taggant
Source: 4JpRlHS5uF.exeStatic PE information: section name: yefovael entropy: 7.955475326711672

Boot Survival

barindex
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Source: 4JpRlHS5uF.exe, 00000000.00000002.2138827102.0000000000AED000.00000040.00000001.01000000.00000003.sdmp, 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: PROCMON.EXE
Source: 4JpRlHS5uF.exe, 00000000.00000002.2138827102.0000000000AED000.00000040.00000001.01000000.00000003.sdmp, 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: X64DBG.EXE
Source: 4JpRlHS5uF.exe, 00000000.00000002.2138827102.0000000000AED000.00000040.00000001.01000000.00000003.sdmp, 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: WINDBG.EXE
Source: 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: 4JpRlHS5uF.exe, 00000000.00000002.2138827102.0000000000AED000.00000040.00000001.01000000.00000003.sdmp, 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: WIRESHARK.EXE
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DCE1A6 second address: DCE1AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DCE1AC second address: DCE1B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DCE1B4 second address: DCE1CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007FC1D4CF3C2Ah 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f jng 00007FC1D4CF3C2Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DDE4AE second address: DDE4BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 je 00007FC1D4F13866h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DDE723 second address: DDE729 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DDE729 second address: DDE72E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DDE72E second address: DDE742 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC1D4CF3C2Ah 0x00000009 jns 00007FC1D4CF3C26h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DDEB26 second address: DDEB31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FC1D4F13866h 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DDEB31 second address: DDEB38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DDECBB second address: DDECDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC1D4F1386Dh 0x00000009 jmp 00007FC1D4F13871h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DDECDE second address: DDECE3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DE1527 second address: DE1559 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 jnp 00007FC1D4F13870h 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC1D4F13873h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DE169B second address: DE169F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DE169F second address: DE16A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DE175B second address: DE1761 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DE1761 second address: DE1771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007FC1D4F13866h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DE1771 second address: DE17D4 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC1D4CF3C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FC1D4CF3C2Bh 0x0000000f popad 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 jmp 00007FC1D4CF3C2Dh 0x00000019 mov eax, dword ptr [eax] 0x0000001b jmp 00007FC1D4CF3C2Fh 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 jnc 00007FC1D4CF3C32h 0x0000002a pop eax 0x0000002b movzx ecx, cx 0x0000002e lea ebx, dword ptr [ebp+12BA9264h] 0x00000034 add dword ptr [ebp+12A23580h], eax 0x0000003a push eax 0x0000003b push eax 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E02BB1 second address: E02BB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E00AEF second address: E00B12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FC1D4CF3C38h 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E010E2 second address: E010E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E010E6 second address: E01112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jp 00007FC1D4CF3C26h 0x0000000d pop ebx 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC1D4CF3C37h 0x00000016 push edi 0x00000017 push edx 0x00000018 pop edx 0x00000019 pop edi 0x0000001a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E01239 second address: E0123D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E0123D second address: E01253 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC1D4CF3C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jl 00007FC1D4CF3C2Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E01A3B second address: E01A41 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E01A41 second address: E01A4C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007FC1D4CF3C26h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E025BF second address: E025DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F13879h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E02739 second address: E02772 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C33h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c push edx 0x0000000d pop edx 0x0000000e jl 00007FC1D4CF3C26h 0x00000014 pop edi 0x00000015 jmp 00007FC1D4CF3C36h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E02772 second address: E02789 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FC1D4F1386Eh 0x0000000a pop edi 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E029EE second address: E029F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E029F2 second address: E02A02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jng 00007FC1D4F13866h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E02A02 second address: E02A1E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC1D4CF3C34h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E02A1E second address: E02A33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F13871h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E02A33 second address: E02A51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC1D4CF3C36h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E06F1B second address: E06F1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E06F1F second address: E06F23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E06F23 second address: E06F3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 pushad 0x00000009 ja 00007FC1D4F13868h 0x0000000f push eax 0x00000010 push edx 0x00000011 je 00007FC1D4F13866h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E07078 second address: E0707C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E0707C second address: E07082 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E07082 second address: E070D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C2Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007FC1D4CF3C37h 0x00000012 mov eax, dword ptr [eax] 0x00000014 jp 00007FC1D4CF3C32h 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e push eax 0x0000001f push edx 0x00000020 push edx 0x00000021 js 00007FC1D4CF3C26h 0x00000027 pop edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E07324 second address: E07328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E092E8 second address: E092ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DCAB8B second address: DCAB8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DCAB8F second address: DCAB93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E0DCB2 second address: E0DCB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E11067 second address: E1106D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E1106D second address: E110AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007FC1D4F1386Ch 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007FC1D4F13876h 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FC1D4F13872h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E110AF second address: E110B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E116C6 second address: E116CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E11C14 second address: E11C1D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E11CD6 second address: E11D31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 xchg eax, ebx 0x00000006 push 00000000h 0x00000008 push eax 0x00000009 call 00007FC1D4F13868h 0x0000000e pop eax 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 add dword ptr [esp+04h], 00000015h 0x0000001b inc eax 0x0000001c push eax 0x0000001d ret 0x0000001e pop eax 0x0000001f ret 0x00000020 jmp 00007FC1D4F13874h 0x00000025 nop 0x00000026 pushad 0x00000027 push edi 0x00000028 pushad 0x00000029 popad 0x0000002a pop edi 0x0000002b jmp 00007FC1D4F13873h 0x00000030 popad 0x00000031 push eax 0x00000032 push edi 0x00000033 push eax 0x00000034 push edx 0x00000035 jc 00007FC1D4F13866h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E11E85 second address: E11E8A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E11F58 second address: E11F6D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F1386Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E12062 second address: E12066 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E12066 second address: E1206A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E1206A second address: E12070 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E12070 second address: E12075 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E12184 second address: E12188 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E12188 second address: E1218E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E1223E second address: E12242 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E1228D second address: E122F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F13879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007FC1D4F13868h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 0000001Bh 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 mov edi, 28F05F9Eh 0x0000002b mov edi, edx 0x0000002d xchg eax, ebx 0x0000002e jmp 00007FC1D4F13873h 0x00000033 push eax 0x00000034 pushad 0x00000035 push eax 0x00000036 push edx 0x00000037 push edi 0x00000038 pop edi 0x00000039 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DC25BC second address: DC25C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FC1D4CF3C26h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DC25C8 second address: DC25D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DC25D2 second address: DC25D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DC25D8 second address: DC2602 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FC1D4F13876h 0x0000000b popad 0x0000000c jmp 00007FC1D4F1386Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E15787 second address: E15791 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC1D4CF3C2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E15E99 second address: E15E9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E1BFEE second address: E1BFF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E1BFF2 second address: E1BFF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E1BFF6 second address: E1BFFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E1BFFC second address: E1C001 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E1C001 second address: E1C072 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jg 00007FC1D4CF3C26h 0x00000014 mov dx, AB5Fh 0x00000018 popad 0x00000019 sub dword ptr [ebp+12A21A82h], ecx 0x0000001f popad 0x00000020 jc 00007FC1D4CF3C32h 0x00000026 jnc 00007FC1D4CF3C2Ch 0x0000002c push 00000000h 0x0000002e mov dword ptr [ebp+12A234E6h], ebx 0x00000034 push 00000000h 0x00000036 sbb si, C84Bh 0x0000003b xchg eax, ebx 0x0000003c jmp 00007FC1D4CF3C2Eh 0x00000041 push eax 0x00000042 pushad 0x00000043 jmp 00007FC1D4CF3C37h 0x00000048 push eax 0x00000049 push edx 0x0000004a jne 00007FC1D4CF3C26h 0x00000050 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E1CB0A second address: E1CB1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 jg 00007FC1D4F13866h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E1CB1B second address: E1CB24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E1C8E1 second address: E1C8EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E1CB24 second address: E1CB28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E1C8EC second address: E1C8F5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E1E5D3 second address: E1E5D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E1D411 second address: E1D417 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E1D417 second address: E1D41C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E1EDBF second address: E1EDED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F13879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC1D4F1386Fh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E20E7C second address: E20E80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E1EDED second address: E1EDF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E20E80 second address: E20E96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FC1D4CF3C2Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E233B3 second address: E233C0 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC1D4F13866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E233C0 second address: E233FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC1D4CF3C35h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007FC1D4CF3C3Fh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E24509 second address: E2452A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jmp 00007FC1D4F13879h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E23607 second address: E23618 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007FC1D4CF3C26h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E2452A second address: E245C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ebp 0x0000000a call 00007FC1D4F13868h 0x0000000f pop ebp 0x00000010 mov dword ptr [esp+04h], ebp 0x00000014 add dword ptr [esp+04h], 0000001Ch 0x0000001c inc ebp 0x0000001d push ebp 0x0000001e ret 0x0000001f pop ebp 0x00000020 ret 0x00000021 mov bh, ah 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push esi 0x00000028 call 00007FC1D4F13868h 0x0000002d pop esi 0x0000002e mov dword ptr [esp+04h], esi 0x00000032 add dword ptr [esp+04h], 00000018h 0x0000003a inc esi 0x0000003b push esi 0x0000003c ret 0x0000003d pop esi 0x0000003e ret 0x0000003f push 00000000h 0x00000041 pushad 0x00000042 mov dword ptr [ebp+12BD00ABh], edx 0x00000048 mov edx, dword ptr [ebp+12A22A3Bh] 0x0000004e popad 0x0000004f jmp 00007FC1D4F13879h 0x00000054 push eax 0x00000055 pushad 0x00000056 jnl 00007FC1D4F1387Dh 0x0000005c pushad 0x0000005d pushad 0x0000005e popad 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E23618 second address: E2361C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E246DB second address: E246DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E2361C second address: E23622 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E256E0 second address: E256E9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E256E9 second address: E25732 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b mov bx, 4400h 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ebp 0x00000014 call 00007FC1D4CF3C28h 0x00000019 pop ebp 0x0000001a mov dword ptr [esp+04h], ebp 0x0000001e add dword ptr [esp+04h], 00000016h 0x00000026 inc ebp 0x00000027 push ebp 0x00000028 ret 0x00000029 pop ebp 0x0000002a ret 0x0000002b push 00000000h 0x0000002d jnp 00007FC1D4CF3C29h 0x00000033 mov bx, di 0x00000036 jmp 00007FC1D4CF3C2Ah 0x0000003b push eax 0x0000003c push esi 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E26654 second address: E2665A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E2665A second address: E26666 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E26666 second address: E2666A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E2666A second address: E2668D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC1D4CF3C2Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E275ED second address: E275F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E275F2 second address: E275F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E28606 second address: E2860A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E2860A second address: E28639 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C30h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FC1D4CF3C34h 0x0000000e popad 0x0000000f push eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E29699 second address: E296A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop esi 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E296A6 second address: E29754 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jnl 00007FC1D4CF3C2Ch 0x0000000b popad 0x0000000c nop 0x0000000d mov edi, ebx 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007FC1D4CF3C28h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 0000001Dh 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b push ebx 0x0000002c jng 00007FC1D4CF3C2Ch 0x00000032 sub dword ptr [ebp+12BCBF86h], eax 0x00000038 pop edi 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push edx 0x0000003e call 00007FC1D4CF3C28h 0x00000043 pop edx 0x00000044 mov dword ptr [esp+04h], edx 0x00000048 add dword ptr [esp+04h], 0000001Bh 0x00000050 inc edx 0x00000051 push edx 0x00000052 ret 0x00000053 pop edx 0x00000054 ret 0x00000055 jmp 00007FC1D4CF3C30h 0x0000005a xor ebx, dword ptr [ebp+12A22A27h] 0x00000060 xchg eax, esi 0x00000061 jmp 00007FC1D4CF3C2Fh 0x00000066 push eax 0x00000067 jns 00007FC1D4CF3C4Bh 0x0000006d push eax 0x0000006e push edx 0x0000006f jmp 00007FC1D4CF3C30h 0x00000074 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E2B804 second address: E2B823 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC1D4F13876h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E298E6 second address: E298EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E299A0 second address: E299AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E299AC second address: E299B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E299B0 second address: E299B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E299B4 second address: E299BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E299BA second address: E299C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E299C0 second address: E299C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E2F966 second address: E2F972 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E2FB25 second address: E2FB33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E341A1 second address: E341C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F1386Fh 0x00000007 je 00007FC1D4F13872h 0x0000000d jnc 00007FC1D4F13866h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E3B5F8 second address: E3B604 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FC1D4CF3C26h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E3B604 second address: E3B609 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E3B609 second address: E3B60F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E3B60F second address: E3B615 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E3B615 second address: E3B619 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E3AF49 second address: E3AF50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E3AF50 second address: E3AF60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC1D4CF3C2Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E3B0F6 second address: E3B102 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC1D4F13866h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E3B23D second address: E3B24E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jbe 00007FC1D4CF3C26h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E40AD8 second address: E40AEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC1D4F1386Ah 0x0000000d rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E40C93 second address: E40C99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E40C99 second address: E40CAE instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC1D4F13868h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E40CAE second address: E40CB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E4598E second address: E45993 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E44690 second address: E44695 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E44695 second address: E4469B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E44E17 second address: E44E1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E45227 second address: E4522D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E4539D second address: E453B5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FC1D4CF3C2Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E453B5 second address: E453D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FC1D4F13866h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC1D4F13873h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E453D5 second address: E4540F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C34h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b jbe 00007FC1D4CF3C2Ch 0x00000011 jmp 00007FC1D4CF3C2Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 jl 00007FC1D4CF3C26h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E45586 second address: E4558A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E4558A second address: E4558E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E4558E second address: E4559A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E4B1E7 second address: E4B1FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC1D4CF3C30h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E4B1FB second address: E4B1FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E4B1FF second address: E4B21E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC1D4CF3C39h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DD33C4 second address: DD33D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F1386Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E49E45 second address: E49E52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 pop edi 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E49E52 second address: E49E58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E49E58 second address: E49E5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E4A540 second address: E4A544 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E4A544 second address: E4A55B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007FC1D4CF3C2Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E4A55B second address: E4A563 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E4A975 second address: E4A979 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E4A979 second address: E4A98F instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC1D4F13866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FC1D4F1386Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E4AB51 second address: E4AB57 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E51B68 second address: E51B87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 jmp 00007FC1D4F13878h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DD6B6C second address: DD6B70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DD6B70 second address: DD6B88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC1D4F1386Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DD6B88 second address: DD6B8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E50F63 second address: E50F8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F1386Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jmp 00007FC1D4F13874h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E50F8C second address: E50F90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E50F90 second address: E50F96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E50F96 second address: E50FA8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jng 00007FC1D4CF3C26h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007FC1D4CF3C26h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E50FA8 second address: E50FCA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F13870h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jc 00007FC1D4F13866h 0x00000014 push eax 0x00000015 pop eax 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E512F8 second address: E512FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E51448 second address: E5144C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E5144C second address: E5146B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC1D4CF3C39h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E5146B second address: E5148B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 jmp 00007FC1D4F13870h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E5148B second address: E5148F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E5148F second address: E51493 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E51493 second address: E5149B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E51608 second address: E5160E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DC8F54 second address: DC8F5F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007FC1D4CF3C26h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DC8F5F second address: DC8F6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC1D4F13866h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DC8F6E second address: DC8F72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DC8F72 second address: DC8F8E instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC1D4F13866h 0x00000008 js 00007FC1D4F13866h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jc 00007FC1D4F1386Eh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DC8F8E second address: DC8F94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E57BA1 second address: E57BA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E57BA7 second address: E57BB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E0F85E second address: E0F87E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F13878h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E0F990 second address: E0FA4C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C35h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebx 0x0000000c mov dh, 0Eh 0x0000000e push dword ptr fs:[00000000h] 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007FC1D4CF3C28h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 00000018h 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f mov di, 660Ah 0x00000033 mov dword ptr fs:[00000000h], esp 0x0000003a push 00000000h 0x0000003c push edx 0x0000003d call 00007FC1D4CF3C28h 0x00000042 pop edx 0x00000043 mov dword ptr [esp+04h], edx 0x00000047 add dword ptr [esp+04h], 00000015h 0x0000004f inc edx 0x00000050 push edx 0x00000051 ret 0x00000052 pop edx 0x00000053 ret 0x00000054 mov dword ptr [ebp+12A235FEh], eax 0x0000005a mov dword ptr [ebp+12BD7664h], esp 0x00000060 mov ecx, dword ptr [ebp+12A22AB7h] 0x00000066 cmp dword ptr [ebp+12A22B5Bh], 00000000h 0x0000006d jne 00007FC1D4CF3D08h 0x00000073 or dword ptr [ebp+12A2357Ah], eax 0x00000079 mov dword ptr [ebp+12A239EFh], esi 0x0000007f mov byte ptr [ebp+12A21A91h], 00000047h 0x00000086 mov edx, edi 0x00000088 mov eax, D49AA7D2h 0x0000008d sbb dx, 7510h 0x00000092 nop 0x00000093 push eax 0x00000094 push edx 0x00000095 push edi 0x00000096 jmp 00007FC1D4CF3C2Ch 0x0000009b pop edi 0x0000009c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E0FA4C second address: E0FA52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E0FE9C second address: E0FEA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E0FEA1 second address: E0FEA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E0FEA7 second address: E0FED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push ecx 0x00000009 jmp 00007FC1D4CF3C37h 0x0000000e pop ecx 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push edx 0x00000018 pop edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E0FED2 second address: E0FEDC instructions: 0x00000000 rdtsc 0x00000002 je 00007FC1D4F13866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E0FEDC second address: E0FEE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E10381 second address: E10385 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E10385 second address: E10392 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E10392 second address: E10412 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F13878h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a nop 0x0000000b and ecx, 3FBB1695h 0x00000011 push 00000004h 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007FC1D4F13868h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 00000014h 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d movsx edx, si 0x00000030 push eax 0x00000031 pushad 0x00000032 jo 00007FC1D4F1387Dh 0x00000038 jmp 00007FC1D4F13877h 0x0000003d pushad 0x0000003e jmp 00007FC1D4F13879h 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E10ACA second address: E10AD8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E10C3D second address: E10C41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E10C41 second address: E10C94 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC1D4CF3C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b call 00007FC1D4CF3C32h 0x00000010 jmp 00007FC1D4CF3C35h 0x00000015 pop edi 0x00000016 lea eax, dword ptr [ebp+12BD760Ch] 0x0000001c mov dword ptr [ebp+12A235FEh], edx 0x00000022 nop 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FC1D4CF3C2Fh 0x0000002c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E10C94 second address: E10C98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E10C98 second address: E10C9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E10C9E second address: E10CD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FC1D4F13866h 0x00000009 jmp 00007FC1D4F13872h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC1D4F13876h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E10CD6 second address: E10CDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E10CDA second address: E10CE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E5C657 second address: E5C65D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E5C65D second address: E5C663 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E5C925 second address: E5C92B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E5C92B second address: E5C930 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E5CAE3 second address: E5CAE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E5CC23 second address: E5CC27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E5CC27 second address: E5CC2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E5CC2B second address: E5CC4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC1D4F13874h 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E5CDCD second address: E5CDEC instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC1D4CF3C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FC1D4CF3C30h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E5CDEC second address: E5CE0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ebx 0x00000008 pushad 0x00000009 jno 00007FC1D4F1386Ch 0x0000000f push edi 0x00000010 ja 00007FC1D4F13866h 0x00000016 pop edi 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E5FC1C second address: E5FC20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E5FD83 second address: E5FD87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E5FD87 second address: E5FD8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E5FEC2 second address: E5FECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FC1D4F13866h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E62827 second address: E6282D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6282D second address: E62874 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC1D4F13866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnl 00007FC1D4F13882h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC1D4F13873h 0x00000017 jnp 00007FC1D4F13866h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6254A second address: E62550 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E62550 second address: E62559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E62559 second address: E6255F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6255F second address: E62563 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E62563 second address: E62591 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FC1D4CF3C2Ah 0x0000000c js 00007FC1D4CF3C28h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FC1D4CF3C33h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E662A7 second address: E662D4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jno 00007FC1D4F13866h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop esi 0x0000000d pushad 0x0000000e push esi 0x0000000f jmp 00007FC1D4F13875h 0x00000014 push eax 0x00000015 pop eax 0x00000016 pop esi 0x00000017 push eax 0x00000018 push edx 0x00000019 push edi 0x0000001a pop edi 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6AA24 second address: E6AA4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC1D4CF3C37h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007FC1D4CF3C26h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6AB67 second address: E6AB6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6AD1D second address: E6AD4B instructions: 0x00000000 rdtsc 0x00000002 js 00007FC1D4CF3C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FC1D4CF3C33h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC1D4CF3C2Fh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6AD4B second address: E6AD56 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push esi 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6AECA second address: E6AECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6B136 second address: E6B151 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC1D4F13872h 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6B151 second address: E6B16B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC1D4CF3C2Dh 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007FC1D4CF3C26h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E10680 second address: E1068A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FC1D4F13866h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E1068A second address: E106B2 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC1D4CF3C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov dword ptr [ebp+12A234CEh], ecx 0x00000015 push 00000004h 0x00000017 adc edi, 7A7A5EA4h 0x0000001d add edx, 77A26738h 0x00000023 nop 0x00000024 push ebx 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6B32F second address: E6B337 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6BDEB second address: E6BDF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6BDF3 second address: E6BE0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FC1D4F13873h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E700DB second address: E700DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E700DF second address: E700FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F13879h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6F6BF second address: E6F6E5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jne 00007FC1D4CF3C26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FC1D4CF3C37h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6F6E5 second address: E6F6EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6F6EA second address: E6F6FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FC1D4CF3C2Bh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6F869 second address: E6F86D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6F86D second address: E6F87A instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC1D4CF3C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6F87A second address: E6F88D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC1D4F1386Eh 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6F88D second address: E6F897 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FC1D4CF3C26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6F9F0 second address: E6F9F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6F9F6 second address: E6F9FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6F9FC second address: E6FA06 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC1D4F1386Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6FA06 second address: E6FA1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC1D4CF3C2Fh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6FB6E second address: E6FB74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E6FD06 second address: E6FD19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 popad 0x0000000a pushad 0x0000000b jo 00007FC1D4CF3C26h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E726B7 second address: E726BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E726BB second address: E726CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pushad 0x0000000d popad 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E79D28 second address: E79D44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC1D4F13878h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E79D44 second address: E79D4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E79D4A second address: E79D72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC1D4F1386Eh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC1D4F1386Dh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E79D72 second address: E79D76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E77FF3 second address: E77FFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E77FFC second address: E78025 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007FC1D4CF3C33h 0x0000000b popad 0x0000000c push edx 0x0000000d jmp 00007FC1D4CF3C2Ah 0x00000012 pop edx 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E782BE second address: E782C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E782C4 second address: E782C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E782C9 second address: E7831E instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC1D4F13891h 0x00000008 jmp 00007FC1D4F13876h 0x0000000d jmp 00007FC1D4F13875h 0x00000012 push ecx 0x00000013 jmp 00007FC1D4F13870h 0x00000018 pop ecx 0x00000019 pop edx 0x0000001a pop eax 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FC1D4F1386Bh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E7831E second address: E78358 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c push edx 0x0000000d pop edx 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007FC1D4CF3C33h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E788D0 second address: E788D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E7912F second address: E79139 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FC1D4CF3C26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E79139 second address: E7913D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E830D5 second address: E830EA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC1D4CF3C2Bh 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E830EA second address: E830EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E82441 second address: E82449 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E82719 second address: E8271F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E8271F second address: E82741 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007FC1D4CF3C38h 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E847B4 second address: E847B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E847B8 second address: E847CA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FC1D4CF3C2Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E847CA second address: E847D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E847D0 second address: E847E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC1D4CF3C2Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E847E1 second address: E847FD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edx 0x0000000a jmp 00007FC1D4F13870h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E8C43F second address: E8C443 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E8C443 second address: E8C447 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E8C447 second address: E8C459 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC1D4CF3C2Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E8C459 second address: E8C48F instructions: 0x00000000 rdtsc 0x00000002 js 00007FC1D4F13872h 0x00000008 jne 00007FC1D4F13866h 0x0000000e jc 00007FC1D4F13866h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 jmp 00007FC1D4F13870h 0x0000001c jp 00007FC1D4F1386Ch 0x00000022 jne 00007FC1D4F13866h 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E8A769 second address: E8A789 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FC1D4CF3C26h 0x0000000a popad 0x0000000b jmp 00007FC1D4CF3C32h 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E8AD14 second address: E8AD1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FC1D4F13866h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E8AD1F second address: E8AD25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E8AD25 second address: E8AD29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E8AD29 second address: E8AD35 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E8AEB1 second address: E8AEBB instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC1D4F13872h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E8AEBB second address: E8AEC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E8AFFC second address: E8B006 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E8B1AE second address: E8B1BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 ja 00007FC1D4CF3C26h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E8BB85 second address: E8BBA2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FC1D4F13866h 0x00000009 jmp 00007FC1D4F13870h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E8BBA2 second address: E8BBAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E8A1FA second address: E8A215 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FC1D4F13874h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E8A215 second address: E8A229 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FC1D4CF3C2Dh 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E937CC second address: E937D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FC1D4F13866h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E937D6 second address: E937DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E93925 second address: E93929 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E93929 second address: E9392F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E9392F second address: E93946 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FC1D4F1386Eh 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E95488 second address: E954A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C36h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E954A2 second address: E954AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E954AE second address: E954B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E954B2 second address: E954B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E954B6 second address: E954C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FC1D4CF3C26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E954C2 second address: E954C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E954C7 second address: E954CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E954CF second address: E954DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 js 00007FC1D4F1386Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: E954DF second address: E954F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FC1D4CF3C28h 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: EA59F5 second address: EA5A3E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F13874h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007FC1D4F1386Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC1D4F1386Eh 0x00000017 jmp 00007FC1D4F13873h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: EA55CD second address: EA5603 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FC1D4CF3C26h 0x0000000a jmp 00007FC1D4CF3C34h 0x0000000f popad 0x00000010 jmp 00007FC1D4CF3C37h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: EAE844 second address: EAE84E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC1D4F13866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: EB4D98 second address: EB4D9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: EB4D9E second address: EB4DA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: EB8B4E second address: EB8B52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DDA182 second address: DDA196 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC1D4F13868h 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: DDA196 second address: DDA19C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: EC2982 second address: EC2992 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007FC1D4F1386Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: EC118B second address: EC1190 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: EC1190 second address: EC1196 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: EC1196 second address: EC123E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC1D4CF3C32h 0x00000009 popad 0x0000000a jmp 00007FC1D4CF3C2Fh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 jbe 00007FC1D4CF3C32h 0x00000018 jmp 00007FC1D4CF3C2Ch 0x0000001d pushad 0x0000001e jmp 00007FC1D4CF3C36h 0x00000023 jmp 00007FC1D4CF3C39h 0x00000028 push ecx 0x00000029 pop ecx 0x0000002a popad 0x0000002b pushad 0x0000002c jmp 00007FC1D4CF3C38h 0x00000031 pushad 0x00000032 popad 0x00000033 push esi 0x00000034 pop esi 0x00000035 popad 0x00000036 push eax 0x00000037 push edx 0x00000038 jo 00007FC1D4CF3C26h 0x0000003e jmp 00007FC1D4CF3C34h 0x00000043 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: EC14F4 second address: EC14FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: EC1AA0 second address: EC1ABE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FC1D4CF3C26h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 jmp 00007FC1D4CF3C2Ch 0x00000017 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: EC1ABE second address: EC1AC4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: EC1AC4 second address: EC1ACA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: EC1C3F second address: EC1C51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC1D4F1386Ch 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: EFDAAA second address: EFDAB0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: F124ED second address: F124F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: F124F1 second address: F1254D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C2Ch 0x00000007 jmp 00007FC1D4CF3C2Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esi 0x0000000f jmp 00007FC1D4CF3C2Fh 0x00000014 ja 00007FC1D4CF3C26h 0x0000001a pop esi 0x0000001b push eax 0x0000001c push edx 0x0000001d jnc 00007FC1D4CF3C2Ch 0x00000023 jno 00007FC1D4CF3C3Dh 0x00000029 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: F1234F second address: F12366 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC1D4F13873h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: F12366 second address: F1236A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: F14082 second address: F140A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC1D4F13879h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e push edi 0x0000000f pop edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: F140A7 second address: F140AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: F140AC second address: F140C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jp 00007FC1D4F13866h 0x0000000c jns 00007FC1D4F13866h 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: F167ED second address: F167F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: F167F4 second address: F167FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FD86F9 second address: FD8728 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C38h 0x00000007 jmp 00007FC1D4CF3C2Fh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FD8728 second address: FD872C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FDC000 second address: FDC00A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC1D4CF3C26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FDC00A second address: FDC00E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FDC2FD second address: FDC324 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C2Dh 0x00000007 jng 00007FC1D4CF3C2Ch 0x0000000d jg 00007FC1D4CF3C26h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push esi 0x00000016 pushad 0x00000017 jp 00007FC1D4CF3C26h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FDC8A2 second address: FDC8A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FDC8A7 second address: FDC8B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push esi 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FDCCBF second address: FDCCCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007FC1D4F13866h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FDCE54 second address: FDCE60 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jng 00007FC1D4CF3C26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FDCE60 second address: FDCEAE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FC1D4F13874h 0x00000008 pop esi 0x00000009 js 00007FC1D4F13877h 0x0000000f jmp 00007FC1D4F13871h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 pushad 0x00000018 jmp 00007FC1D4F1386Bh 0x0000001d push eax 0x0000001e pop eax 0x0000001f pushad 0x00000020 popad 0x00000021 popad 0x00000022 pushad 0x00000023 push ebx 0x00000024 pop ebx 0x00000025 jne 00007FC1D4F13866h 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FE1105 second address: FE1109 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FE1109 second address: FE110F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FE118D second address: FE1193 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FE1193 second address: FE1199 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FE1199 second address: FE119D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FE1344 second address: FE134B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FE134B second address: FE1351 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FE1351 second address: FE13A4 instructions: 0x00000000 rdtsc 0x00000002 js 00007FC1D4F13866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d pushad 0x0000000e call 00007FC1D4F1386Ch 0x00000013 mov dword ptr [ebp+12A21BC1h], ecx 0x00000019 pop eax 0x0000001a call 00007FC1D4F13877h 0x0000001f mov esi, eax 0x00000021 pop eax 0x00000022 popad 0x00000023 push 00000004h 0x00000025 mov dword ptr [ebp+12A238F0h], edi 0x0000002b push 52876480h 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 js 00007FC1D4F13866h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FE13A4 second address: FE13B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FE13B2 second address: FE13B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FE15E1 second address: FE1601 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C2Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC1D4CF3C2Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FE1601 second address: FE1646 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F1386Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov dx, C493h 0x0000000e push dword ptr [ebp+12BB9EB8h] 0x00000014 pushad 0x00000015 mov ecx, dword ptr [ebp+12A233C8h] 0x0000001b mov dword ptr [ebp+12BA7768h], ebx 0x00000021 popad 0x00000022 call 00007FC1D4F13869h 0x00000027 jne 00007FC1D4F1386Ch 0x0000002d pushad 0x0000002e pushad 0x0000002f popad 0x00000030 push esi 0x00000031 pop esi 0x00000032 popad 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 push ecx 0x00000037 pushad 0x00000038 popad 0x00000039 pop ecx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FE1646 second address: FE1664 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC1D4CF3C2Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e pushad 0x0000000f pushad 0x00000010 jl 00007FC1D4CF3C26h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: FE4A6B second address: FE4A6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170039 second address: 71700B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c jmp 00007FC1D4CF3C2Eh 0x00000011 mov ebp, esp 0x00000013 jmp 00007FC1D4CF3C30h 0x00000018 mov eax, dword ptr fs:[00000030h] 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 pushad 0x00000022 popad 0x00000023 pushfd 0x00000024 jmp 00007FC1D4CF3C33h 0x00000029 or esi, 1C285D5Eh 0x0000002f jmp 00007FC1D4CF3C39h 0x00000034 popfd 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71700B9 second address: 71700BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71700BF second address: 71700C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71700C3 second address: 7170159 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F13873h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub esp, 18h 0x0000000e jmp 00007FC1D4F13876h 0x00000013 xchg eax, ebx 0x00000014 pushad 0x00000015 mov ebx, esi 0x00000017 popad 0x00000018 push eax 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007FC1D4F13874h 0x00000020 jmp 00007FC1D4F13875h 0x00000025 popfd 0x00000026 movzx ecx, bx 0x00000029 popad 0x0000002a xchg eax, ebx 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e pushfd 0x0000002f jmp 00007FC1D4F13874h 0x00000034 sbb eax, 0EA4DFA8h 0x0000003a jmp 00007FC1D4F1386Bh 0x0000003f popfd 0x00000040 push ecx 0x00000041 pop edx 0x00000042 popad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170159 second address: 717015F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717015F second address: 7170163 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170163 second address: 7170167 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170167 second address: 71701C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, dword ptr [eax+10h] 0x0000000b jmp 00007FC1D4F13873h 0x00000010 xchg eax, esi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov edi, 2DA07276h 0x00000019 pushfd 0x0000001a jmp 00007FC1D4F13877h 0x0000001f adc cx, F2FEh 0x00000024 jmp 00007FC1D4F13879h 0x00000029 popfd 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71701C6 second address: 71701CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71701CC second address: 71701EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F13873h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov ch, 06h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71701EE second address: 717022A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, eax 0x00000005 pushfd 0x00000006 jmp 00007FC1D4CF3C34h 0x0000000b sub eax, 5501FB88h 0x00000011 jmp 00007FC1D4CF3C2Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, esi 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov ebx, 35A157F6h 0x00000023 movsx edx, si 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717022A second address: 7170230 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170230 second address: 7170234 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170234 second address: 7170238 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170238 second address: 7170252 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [74E806ECh] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC1D4CF3C2Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170252 second address: 7170258 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170258 second address: 717025C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717025C second address: 7170260 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170260 second address: 7170280 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC1D4CF3C34h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170280 second address: 71702A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F1386Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FC1D4F1477Ah 0x0000000f pushad 0x00000010 pushad 0x00000011 mov di, cx 0x00000014 popad 0x00000015 mov ax, dx 0x00000018 popad 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d mov ecx, edx 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71702A6 second address: 71702BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC1D4CF3C34h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71702BE second address: 71702D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F1386Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], edi 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71702D8 second address: 71702DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71702DC second address: 71702F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F13877h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71702F7 second address: 7170325 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call dword ptr [74E50B60h] 0x0000000f mov eax, 750BE5E0h 0x00000014 ret 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov ax, bx 0x0000001b mov di, 3F1Ah 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170325 second address: 71703EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F13870h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 00000044h 0x0000000b jmp 00007FC1D4F13870h 0x00000010 pop edi 0x00000011 jmp 00007FC1D4F13870h 0x00000016 xchg eax, edi 0x00000017 jmp 00007FC1D4F13870h 0x0000001c push eax 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007FC1D4F1386Dh 0x00000024 and ah, 00000056h 0x00000027 jmp 00007FC1D4F13871h 0x0000002c popfd 0x0000002d popad 0x0000002e xchg eax, edi 0x0000002f pushad 0x00000030 jmp 00007FC1D4F1386Ch 0x00000035 pushfd 0x00000036 jmp 00007FC1D4F13872h 0x0000003b xor ecx, 687E85A8h 0x00000041 jmp 00007FC1D4F1386Bh 0x00000046 popfd 0x00000047 popad 0x00000048 push dword ptr [eax] 0x0000004a jmp 00007FC1D4F13876h 0x0000004f mov eax, dword ptr fs:[00000030h] 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71703EB second address: 71703EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71703EF second address: 71703F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170451 second address: 7170457 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170538 second address: 7170566 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007FC1D4F1386Eh 0x0000000c adc cl, FFFFFF98h 0x0000000f jmp 00007FC1D4F1386Bh 0x00000014 popfd 0x00000015 popad 0x00000016 mov dword ptr [esi+10h], eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170566 second address: 717056A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717056A second address: 7170585 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F13877h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170585 second address: 717059D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC1D4CF3C34h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717059D second address: 71705BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+50h] 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC1D4F13873h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71705BE second address: 717061C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 call 00007FC1D4CF3C36h 0x0000000b pushfd 0x0000000c jmp 00007FC1D4CF3C32h 0x00000011 add ecx, 20D84A18h 0x00000017 jmp 00007FC1D4CF3C2Bh 0x0000001c popfd 0x0000001d pop esi 0x0000001e popad 0x0000001f mov dword ptr [esi+14h], eax 0x00000022 jmp 00007FC1D4CF3C2Fh 0x00000027 mov eax, dword ptr [ebx+54h] 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717061C second address: 7170620 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170620 second address: 717063B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C37h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717063B second address: 71706A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F13879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+18h], eax 0x0000000c jmp 00007FC1D4F1386Eh 0x00000011 mov eax, dword ptr [ebx+58h] 0x00000014 pushad 0x00000015 jmp 00007FC1D4F1386Eh 0x0000001a mov edi, esi 0x0000001c popad 0x0000001d mov dword ptr [esi+1Ch], eax 0x00000020 jmp 00007FC1D4F1386Ch 0x00000025 mov eax, dword ptr [ebx+5Ch] 0x00000028 pushad 0x00000029 mov edx, eax 0x0000002b mov di, si 0x0000002e popad 0x0000002f mov dword ptr [esi+20h], eax 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 mov dh, 13h 0x00000037 mov di, ax 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71706A3 second address: 71706C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 3Dh 0x00000005 call 00007FC1D4CF3C2Eh 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [ebx+60h] 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov cx, 1879h 0x00000018 push ecx 0x00000019 pop ebx 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71706C7 second address: 71706DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC1D4F13871h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71706DD second address: 717070F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esi+24h], eax 0x0000000a jmp 00007FC1D4CF3C2Ch 0x0000000f mov eax, dword ptr [ebx+64h] 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FC1D4CF3C37h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717070F second address: 717074E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC1D4F1386Fh 0x00000008 call 00007FC1D4F13878h 0x0000000d pop esi 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esi+28h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FC1D4F1386Ch 0x0000001b rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717074E second address: 7170753 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170753 second address: 71707D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FC1D4F13877h 0x0000000a add cl, FFFFFFEEh 0x0000000d jmp 00007FC1D4F13879h 0x00000012 popfd 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov eax, dword ptr [ebx+68h] 0x00000019 pushad 0x0000001a movzx esi, dx 0x0000001d pushfd 0x0000001e jmp 00007FC1D4F13879h 0x00000023 adc esi, 5EC1DAD6h 0x00000029 jmp 00007FC1D4F13871h 0x0000002e popfd 0x0000002f popad 0x00000030 mov dword ptr [esi+2Ch], eax 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 mov ax, di 0x00000039 mov bl, 93h 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71707D5 second address: 71707E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov bl, 47h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ax, word ptr [ebx+6Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71707E9 second address: 71707FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F1386Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71707FA second address: 717088A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 pushfd 0x00000006 jmp 00007FC1D4CF3C33h 0x0000000b and eax, 19C81A1Eh 0x00000011 jmp 00007FC1D4CF3C39h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov word ptr [esi+30h], ax 0x0000001e pushad 0x0000001f pushad 0x00000020 mov edi, 07D0AD2Ch 0x00000025 mov ax, di 0x00000028 popad 0x00000029 popad 0x0000002a mov ax, word ptr [ebx+00000088h] 0x00000031 jmp 00007FC1D4CF3C37h 0x00000036 mov word ptr [esi+32h], ax 0x0000003a jmp 00007FC1D4CF3C36h 0x0000003f mov eax, dword ptr [ebx+0000008Ch] 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717088A second address: 717088E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717088E second address: 7170892 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170892 second address: 7170898 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170898 second address: 71708C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C34h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+34h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC1D4CF3C2Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71708C1 second address: 71708C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71708C5 second address: 71708CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71708CB second address: 71708D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71708D1 second address: 71708D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71708D5 second address: 7170950 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+18h] 0x0000000b jmp 00007FC1D4F13874h 0x00000010 mov dword ptr [esi+38h], eax 0x00000013 pushad 0x00000014 movzx esi, di 0x00000017 push edi 0x00000018 pushfd 0x00000019 jmp 00007FC1D4F13876h 0x0000001e xor esi, 3D9B63F8h 0x00000024 jmp 00007FC1D4F1386Bh 0x00000029 popfd 0x0000002a pop ecx 0x0000002b popad 0x0000002c mov eax, dword ptr [ebx+1Ch] 0x0000002f jmp 00007FC1D4F1386Fh 0x00000034 mov dword ptr [esi+3Ch], eax 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007FC1D4F13870h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170950 second address: 7170954 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170954 second address: 717095A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717095A second address: 717099B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C2Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+20h] 0x0000000c jmp 00007FC1D4CF3C30h 0x00000011 mov dword ptr [esi+40h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FC1D4CF3C37h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717099B second address: 71709D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 call 00007FC1D4F1386Bh 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e lea eax, dword ptr [ebx+00000080h] 0x00000014 pushad 0x00000015 mov eax, edi 0x00000017 movsx ebx, si 0x0000001a popad 0x0000001b push 00000001h 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FC1D4F13872h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71709D4 second address: 71709D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71709D8 second address: 71709DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71709DE second address: 7170A0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C2Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC1D4CF3C37h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170A0A second address: 7170A10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170A10 second address: 7170AA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d call 00007FC1D4CF3C2Fh 0x00000012 pushfd 0x00000013 jmp 00007FC1D4CF3C38h 0x00000018 and ecx, 316576F8h 0x0000001e jmp 00007FC1D4CF3C2Bh 0x00000023 popfd 0x00000024 pop esi 0x00000025 pushfd 0x00000026 jmp 00007FC1D4CF3C39h 0x0000002b add ecx, 6FCFE396h 0x00000031 jmp 00007FC1D4CF3C31h 0x00000036 popfd 0x00000037 popad 0x00000038 nop 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007FC1D4CF3C2Dh 0x00000040 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170AA1 second address: 7170AA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170AA7 second address: 7170AAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170AAB second address: 7170AAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170AAF second address: 7170B17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebp-10h] 0x0000000b jmp 00007FC1D4CF3C2Fh 0x00000010 nop 0x00000011 pushad 0x00000012 mov dl, ch 0x00000014 jmp 00007FC1D4CF3C31h 0x00000019 popad 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e movzx eax, dx 0x00000021 pushfd 0x00000022 jmp 00007FC1D4CF3C2Fh 0x00000027 xor esi, 1D39C78Eh 0x0000002d jmp 00007FC1D4CF3C39h 0x00000032 popfd 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170B17 second address: 7170B36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FC1D4F1386Dh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov cx, bx 0x00000014 mov ah, bh 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170B8C second address: 7170BA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC1D4CF3C37h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170BA7 second address: 7170BAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170BAB second address: 7170BF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007FC242982736h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007FC1D4CF3C2Eh 0x00000017 add eax, 3327EEB8h 0x0000001d jmp 00007FC1D4CF3C2Bh 0x00000022 popfd 0x00000023 call 00007FC1D4CF3C38h 0x00000028 pop esi 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170BF7 second address: 7170BFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170BFD second address: 7170C01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170C01 second address: 7170C3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebp-0Ch] 0x0000000b jmp 00007FC1D4F13876h 0x00000010 mov dword ptr [esi+04h], eax 0x00000013 jmp 00007FC1D4F13870h 0x00000018 lea eax, dword ptr [ebx+78h] 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170C3D second address: 7170C47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edx, 453E1B3Eh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170C47 second address: 7170C67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F13874h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 00000001h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170C67 second address: 7170C84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170C84 second address: 7170C94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC1D4F1386Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170C94 second address: 7170CA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170CA3 second address: 7170CA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170CA7 second address: 7170CC0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C35h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170CC0 second address: 7170CD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC1D4F1386Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170CD0 second address: 7170D03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e jmp 00007FC1D4CF3C36h 0x00000013 lea eax, dword ptr [ebp-08h] 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170D03 second address: 7170D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170D07 second address: 7170D0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170D0B second address: 7170D11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170D11 second address: 7170D30 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C34h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170D30 second address: 7170D4D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F13879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170D4D second address: 7170D53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170D53 second address: 7170D57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170D57 second address: 7170D5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170D5B second address: 7170D74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov bx, ax 0x0000000d mov ax, 7AB7h 0x00000011 popad 0x00000012 nop 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170D74 second address: 7170D78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170D78 second address: 7170D7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170D7C second address: 7170D82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170DF3 second address: 7170EDD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F13879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b jmp 00007FC1D4F1386Eh 0x00000010 js 00007FC242BA20FFh 0x00000016 pushad 0x00000017 push esi 0x00000018 pushfd 0x00000019 jmp 00007FC1D4F1386Dh 0x0000001e or eax, 791C7F46h 0x00000024 jmp 00007FC1D4F13871h 0x00000029 popfd 0x0000002a pop ecx 0x0000002b movsx ebx, ax 0x0000002e popad 0x0000002f mov eax, dword ptr [ebp-04h] 0x00000032 jmp 00007FC1D4F13878h 0x00000037 mov dword ptr [esi+08h], eax 0x0000003a pushad 0x0000003b pushad 0x0000003c jmp 00007FC1D4F13878h 0x00000041 popad 0x00000042 mov dl, cl 0x00000044 popad 0x00000045 lea eax, dword ptr [ebx+70h] 0x00000048 jmp 00007FC1D4F1386Dh 0x0000004d push 00000001h 0x0000004f pushad 0x00000050 pushad 0x00000051 jmp 00007FC1D4F1386Ah 0x00000056 pushfd 0x00000057 jmp 00007FC1D4F13872h 0x0000005c sbb eax, 0E74E308h 0x00000062 jmp 00007FC1D4F1386Bh 0x00000067 popfd 0x00000068 popad 0x00000069 mov ebx, eax 0x0000006b popad 0x0000006c nop 0x0000006d push eax 0x0000006e push edx 0x0000006f push eax 0x00000070 push edx 0x00000071 pushad 0x00000072 popad 0x00000073 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170EDD second address: 7170EF4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C33h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170EF4 second address: 7170F81 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov ecx, ebx 0x0000000c pushfd 0x0000000d jmp 00007FC1D4F13873h 0x00000012 adc al, 0000005Eh 0x00000015 jmp 00007FC1D4F13879h 0x0000001a popfd 0x0000001b popad 0x0000001c nop 0x0000001d jmp 00007FC1D4F1386Eh 0x00000022 lea eax, dword ptr [ebp-18h] 0x00000025 jmp 00007FC1D4F13870h 0x0000002a nop 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e pushfd 0x0000002f jmp 00007FC1D4F1386Dh 0x00000034 sbb si, 10F6h 0x00000039 jmp 00007FC1D4F13871h 0x0000003e popfd 0x0000003f mov di, si 0x00000042 popad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170FC4 second address: 7170FCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170FCA second address: 7170FD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170FD0 second address: 7170FD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170FD4 second address: 7170FF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test edi, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC1D4F13874h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7170FF6 second address: 7171005 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7171005 second address: 717100B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717100B second address: 717100F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717100F second address: 71710CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F1386Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007FC242BA1EF5h 0x00000011 pushad 0x00000012 jmp 00007FC1D4F13874h 0x00000017 pushfd 0x00000018 jmp 00007FC1D4F13872h 0x0000001d and esi, 2DEBD5F8h 0x00000023 jmp 00007FC1D4F1386Bh 0x00000028 popfd 0x00000029 popad 0x0000002a mov eax, dword ptr [ebp-14h] 0x0000002d jmp 00007FC1D4F13876h 0x00000032 mov ecx, esi 0x00000034 jmp 00007FC1D4F13870h 0x00000039 mov dword ptr [esi+0Ch], eax 0x0000003c jmp 00007FC1D4F13870h 0x00000041 mov edx, 74E806ECh 0x00000046 pushad 0x00000047 mov dx, cx 0x0000004a mov ebx, eax 0x0000004c popad 0x0000004d sub eax, eax 0x0000004f jmp 00007FC1D4F13875h 0x00000054 lock cmpxchg dword ptr [edx], ecx 0x00000058 push eax 0x00000059 push edx 0x0000005a push eax 0x0000005b push edx 0x0000005c pushad 0x0000005d popad 0x0000005e rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71710CC second address: 71710DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71710DF second address: 7171119 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F13879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC1D4F13878h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7171119 second address: 717111F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717111F second address: 7171125 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7171125 second address: 7171165 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test eax, eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push edi 0x00000011 pop ecx 0x00000012 call 00007FC1D4CF3C39h 0x00000017 pop ecx 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7171165 second address: 717116B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717116B second address: 717116F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717116F second address: 7171173 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7171173 second address: 71711B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007FC242982187h 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FC1D4CF3C32h 0x00000015 and cl, 00000028h 0x00000018 jmp 00007FC1D4CF3C2Bh 0x0000001d popfd 0x0000001e pushad 0x0000001f push eax 0x00000020 pop edx 0x00000021 popad 0x00000022 popad 0x00000023 mov edx, dword ptr [ebp+08h] 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 mov cx, bx 0x0000002c mov ebx, 44183288h 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71711B8 second address: 71711BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71711BE second address: 7171227 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4CF3C38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esi] 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FC1D4CF3C2Eh 0x00000014 jmp 00007FC1D4CF3C35h 0x00000019 popfd 0x0000001a mov ecx, 3B6E4DC7h 0x0000001f popad 0x00000020 mov dword ptr [edx], eax 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FC1D4CF3C39h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7171227 second address: 7171266 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 7C95F8F2h 0x00000008 call 00007FC1D4F13873h 0x0000000d pop eax 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov eax, dword ptr [esi+04h] 0x00000014 jmp 00007FC1D4F1386Fh 0x00000019 mov dword ptr [edx+04h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f push ebx 0x00000020 pop esi 0x00000021 mov edx, 4DF7FA02h 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7171266 second address: 717126C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717126C second address: 71712A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F13872h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esi+08h] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push ebx 0x00000012 pop esi 0x00000013 call 00007FC1D4F13879h 0x00000018 pop eax 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71712A7 second address: 71712D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC1D4CF3C2Ch 0x00000008 mov ecx, 3BE3C841h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [edx+08h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC1D4CF3C33h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717141C second address: 7171454 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC1D4F13878h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+14h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC1D4F13877h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7171454 second address: 717155F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 push edi 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esi+18h] 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FC1D4CF3C33h 0x00000014 xor ax, 42DEh 0x00000019 jmp 00007FC1D4CF3C39h 0x0000001e popfd 0x0000001f movzx ecx, di 0x00000022 popad 0x00000023 mov dword ptr [edx+18h], eax 0x00000026 jmp 00007FC1D4CF3C33h 0x0000002b mov eax, dword ptr [esi+1Ch] 0x0000002e jmp 00007FC1D4CF3C36h 0x00000033 mov dword ptr [edx+1Ch], eax 0x00000036 jmp 00007FC1D4CF3C30h 0x0000003b mov eax, dword ptr [esi+20h] 0x0000003e pushad 0x0000003f push ecx 0x00000040 pushfd 0x00000041 jmp 00007FC1D4CF3C2Dh 0x00000046 adc eax, 4C2F13D6h 0x0000004c jmp 00007FC1D4CF3C31h 0x00000051 popfd 0x00000052 pop ecx 0x00000053 pushfd 0x00000054 jmp 00007FC1D4CF3C31h 0x00000059 xor ch, 00000036h 0x0000005c jmp 00007FC1D4CF3C31h 0x00000061 popfd 0x00000062 popad 0x00000063 mov dword ptr [edx+20h], eax 0x00000066 pushad 0x00000067 mov edi, eax 0x00000069 push eax 0x0000006a push edx 0x0000006b pushfd 0x0000006c jmp 00007FC1D4CF3C36h 0x00000071 add si, 2B88h 0x00000076 jmp 00007FC1D4CF3C2Bh 0x0000007b popfd 0x0000007c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717155F second address: 71715E6 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov eax, dword ptr [esi+24h] 0x0000000b pushad 0x0000000c mov esi, edi 0x0000000e mov edi, 26C174D0h 0x00000013 popad 0x00000014 mov dword ptr [edx+24h], eax 0x00000017 pushad 0x00000018 mov cx, bx 0x0000001b movsx edi, cx 0x0000001e popad 0x0000001f mov eax, dword ptr [esi+28h] 0x00000022 jmp 00007FC1D4F13878h 0x00000027 mov dword ptr [edx+28h], eax 0x0000002a jmp 00007FC1D4F13870h 0x0000002f mov ecx, dword ptr [esi+2Ch] 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 pushfd 0x00000036 jmp 00007FC1D4F1386Dh 0x0000003b and ch, 00000066h 0x0000003e jmp 00007FC1D4F13871h 0x00000043 popfd 0x00000044 jmp 00007FC1D4F13870h 0x00000049 popad 0x0000004a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71715E6 second address: 717164A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC1D4CF3C31h 0x00000009 sub esi, 5211ED76h 0x0000000f jmp 00007FC1D4CF3C31h 0x00000014 popfd 0x00000015 movzx esi, dx 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov dword ptr [edx+2Ch], ecx 0x0000001e jmp 00007FC1D4CF3C33h 0x00000023 mov ax, word ptr [esi+30h] 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FC1D4CF3C35h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717164A second address: 7171686 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC1D4F13877h 0x00000009 add ax, 68BEh 0x0000000e jmp 00007FC1D4F13879h 0x00000013 popfd 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7171686 second address: 71716C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov word ptr [edx+30h], ax 0x0000000b jmp 00007FC1D4CF3C2Ch 0x00000010 mov ax, word ptr [esi+32h] 0x00000014 jmp 00007FC1D4CF3C30h 0x00000019 mov word ptr [edx+32h], ax 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FC1D4CF3C2Ah 0x00000026 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71716C3 second address: 71716C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71716C9 second address: 717173A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC1D4CF3C2Ch 0x00000009 add esi, 7F74F348h 0x0000000f jmp 00007FC1D4CF3C2Bh 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007FC1D4CF3C38h 0x0000001b xor eax, 100BB5A8h 0x00000021 jmp 00007FC1D4CF3C2Bh 0x00000026 popfd 0x00000027 popad 0x00000028 pop edx 0x00000029 pop eax 0x0000002a mov eax, dword ptr [esi+34h] 0x0000002d jmp 00007FC1D4CF3C36h 0x00000032 mov dword ptr [edx+34h], eax 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 717173A second address: 7171743 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov di, D39Eh 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7171743 second address: 7171752 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC1D4CF3C2Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7171752 second address: 7171756 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7171756 second address: 71717CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test ecx, 00000700h 0x0000000e jmp 00007FC1D4CF3C35h 0x00000013 jne 00007FC242981BC4h 0x00000019 pushad 0x0000001a mov cx, 3EF3h 0x0000001e mov ebx, ecx 0x00000020 popad 0x00000021 or dword ptr [edx+38h], FFFFFFFFh 0x00000025 jmp 00007FC1D4CF3C32h 0x0000002a or dword ptr [edx+3Ch], FFFFFFFFh 0x0000002e jmp 00007FC1D4CF3C30h 0x00000033 or dword ptr [edx+40h], FFFFFFFFh 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007FC1D4CF3C37h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71C0BC3 second address: 71C0C22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC1D4F13872h 0x00000009 sbb cx, DBE8h 0x0000000e jmp 00007FC1D4F1386Bh 0x00000013 popfd 0x00000014 mov dx, ax 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b jmp 00007FC1D4F13872h 0x00000020 push eax 0x00000021 jmp 00007FC1D4F1386Bh 0x00000026 xchg eax, ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a jmp 00007FC1D4F1386Bh 0x0000002f mov bx, ax 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71C0C22 second address: 71C0C28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71C0C28 second address: 71C0C2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71C0C2C second address: 71C0C4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC1D4CF3C36h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7100093 second address: 7100099 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7100099 second address: 710009D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71006C0 second address: 71006C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71006C6 second address: 71006CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 71006CC second address: 710070B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007FC1D4F13872h 0x0000000e push eax 0x0000000f jmp 00007FC1D4F1386Bh 0x00000014 xchg eax, ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FC1D4F13875h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 710070B second address: 710074F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 3F840652h 0x00000008 movsx edi, ax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ebp, esp 0x00000010 pushad 0x00000011 pushad 0x00000012 mov ax, C54Dh 0x00000016 mov si, 6949h 0x0000001a popad 0x0000001b mov ebx, eax 0x0000001d popad 0x0000001e pop ebp 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007FC1D4CF3C2Eh 0x00000026 xor ecx, 092A6F98h 0x0000002c jmp 00007FC1D4CF3C2Bh 0x00000031 popfd 0x00000032 push eax 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7100A88 second address: 7100AAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esp 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 call 00007FC1D4F13879h 0x0000000e pop ecx 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7100AAE second address: 7100AFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FC1D4CF3C2Ah 0x00000008 pop esi 0x00000009 movsx edi, cx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], ebp 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FC1D4CF3C38h 0x00000019 and cx, D2F8h 0x0000001e jmp 00007FC1D4CF3C2Bh 0x00000023 popfd 0x00000024 mov ecx, 27B0502Fh 0x00000029 popad 0x0000002a mov ebp, esp 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7100AFD second address: 7100B02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7100B02 second address: 7100B63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC1D4CF3C2Fh 0x00000009 sbb cx, 0B6Eh 0x0000000e jmp 00007FC1D4CF3C39h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007FC1D4CF3C30h 0x0000001a adc eax, 0609FEE8h 0x00000020 jmp 00007FC1D4CF3C2Bh 0x00000025 popfd 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 pop ebp 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d mov ch, bl 0x0000002f mov al, E5h 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRDTSC instruction interceptor: First address: 7100B63 second address: 7100B69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSpecial instruction interceptor: First address: C5BA25 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSpecial instruction interceptor: First address: C5BA47 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSpecial instruction interceptor: First address: E0FA09 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSpecial instruction interceptor: First address: E97A93 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeCode function: 0_2_0714097B rdtsc 0_2_0714097B
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeAPI coverage: 7.4 %
Source: C:\Users\user\Desktop\4JpRlHS5uF.exe TID: 7536Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exe TID: 7536Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: 4JpRlHS5uF.exe, 4JpRlHS5uF.exe, 00000000.00000002.2139605198.0000000000DE9000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Amcache.hve.3.drBinary or memory string: VMware
Source: Amcache.hve.3.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.3.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.3.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.3.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.3.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.3.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.3.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.3.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: Amcache.hve.3.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.3.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.3.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: 4JpRlHS5uF.exe, 00000000.00000003.1800747561.0000000001892000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Amcache.hve.3.drBinary or memory string: vmci.sys
Source: 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: Amcache.hve.3.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.3.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.3.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.3.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.3.drBinary or memory string: VMware20,1
Source: Amcache.hve.3.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.3.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.3.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: 4JpRlHS5uF.exe, 00000000.00000002.2140530927.00000000018E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll-^s~
Source: Amcache.hve.3.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.3.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.3.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.3.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.3.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.3.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.3.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: 4JpRlHS5uF.exe, 00000000.00000002.2139605198.0000000000DE9000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Amcache.hve.3.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeCode function: 0_2_071E0EC1 Start: 071E0EE4 End: 071E0EE90_2_071E0EC1
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeFile opened: NTICE
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeFile opened: SICE
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeCode function: 0_2_0714097B rdtsc 0_2_0714097B
Source: 4JpRlHS5uF.exe, 4JpRlHS5uF.exe, 00000000.00000002.2139605198.0000000000DE9000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\4JpRlHS5uF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: 4JpRlHS5uF.exe, 00000000.00000002.2138827102.0000000000AED000.00000040.00000001.01000000.00000003.sdmp, 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: procmon.exe
Source: Amcache.hve.3.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.3.drBinary or memory string: msmpeng.exe
Source: 4JpRlHS5uF.exe, 00000000.00000002.2138827102.0000000000AED000.00000040.00000001.01000000.00000003.sdmp, 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: wireshark.exe
Source: Amcache.hve.3.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.3.drBinary or memory string: MsMpEng.exe
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter
1
DLL Side-Loading
2
Process Injection
24
Virtualization/Sandbox Evasion
OS Credential Dumping751
Security Software Discovery
Remote Services11
Archive Collected Data
11
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading
2
Process Injection
LSASS Memory24
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Obfuscated Files or Information
Security Account Manager2
Process Discovery
SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
Software Packing
NTDS1
Remote System Discovery
Distributed Component Object ModelInput Capture3
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading
LSA Secrets214
System Information Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
4JpRlHS5uF.exe68%ReversingLabsWin32.Trojan.Amadey
4JpRlHS5uF.exe51%VirustotalBrowse
4JpRlHS5uF.exe100%AviraTR/Crypt.TPM.Gen
4JpRlHS5uF.exe100%Joe Sandbox ML
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
httpbin.org
34.226.108.155
truefalse
    high
    home.fivetk5ht.top
    unknown
    unknownfalse
      high
      NameMaliciousAntivirus DetectionReputation
      https://httpbin.org/ipfalse
        high
        NameSourceMaliciousAntivirus DetectionReputation
        https://curl.se/docs/hsts.html4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpfalse
          high
          http://html4/loose.dtd4JpRlHS5uF.exe, 00000000.00000002.2138827102.0000000000AED000.00000040.00000001.01000000.00000003.sdmp, 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpfalse
            high
            http://home.fivetk5ht.top/zldPR4JpRlHS5uF.exe, 00000000.00000002.2140530927.00000000018E1000.00000004.00000020.00020000.00000000.sdmpfalse
              unknown
              http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851http://home.fivetk5ht.top/zldPRFrmVFHTtKntGp4JpRlHS5uF.exe, 00000000.00000002.2138827102.0000000000AED000.00000040.00000001.01000000.00000003.sdmpfalse
                high
                https://httpbin.org/ipbefore4JpRlHS5uF.exe, 00000000.00000002.2138827102.0000000000AED000.00000040.00000001.01000000.00000003.sdmp, 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpfalse
                  high
                  https://curl.se/docs/http-cookies.html4JpRlHS5uF.exe, 00000000.00000002.2138827102.0000000000AED000.00000040.00000001.01000000.00000003.sdmp, 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpfalse
                    high
                    http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851lse4JpRlHS5uF.exe, 00000000.00000002.2140530927.000000000185E000.00000004.00000020.00020000.00000000.sdmpfalse
                      unknown
                      http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv17345798514JpRlHS5uF.exe, 00000000.00000002.2140530927.000000000185E000.00000004.00000020.00020000.00000000.sdmp, 4JpRlHS5uF.exe, 00000000.00000002.2138827102.0000000000AED000.00000040.00000001.01000000.00000003.sdmp, 4JpRlHS5uF.exe, 00000000.00000002.2140530927.00000000018E1000.00000004.00000020.00020000.00000000.sdmpfalse
                        high
                        http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv174JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpfalse
                          high
                          http://upx.sf.netAmcache.hve.3.drfalse
                            high
                            https://curl.se/docs/alt-svc.html4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpfalse
                              high
                              http://.css4JpRlHS5uF.exe, 00000000.00000002.2138827102.0000000000AED000.00000040.00000001.01000000.00000003.sdmp, 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpfalse
                                high
                                http://.jpg4JpRlHS5uF.exe, 00000000.00000002.2138827102.0000000000AED000.00000040.00000001.01000000.00000003.sdmp, 4JpRlHS5uF.exe, 00000000.00000003.1769178978.0000000007466000.00000004.00001000.00020000.00000000.sdmpfalse
                                  high
                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs
                                  IPDomainCountryFlagASNASN NameMalicious
                                  34.226.108.155
                                  httpbin.orgUnited States
                                  14618AMAZON-AESUSfalse
                                  Joe Sandbox version:41.0.0 Charoite
                                  Analysis ID:1579740
                                  Start date and time:2024-12-23 08:24:35 +01:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 5m 13s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:8
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:4JpRlHS5uF.exe
                                  renamed because original name is a hash value
                                  Original Sample Name:5a59142c418a1913fb65a008b64b0d87.exe
                                  Detection:MAL
                                  Classification:mal100.evad.winEXE@2/5@14/1
                                  EGA Information:
                                  • Successful, ratio: 100%
                                  HCA Information:Failed
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe
                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 104.208.16.94, 20.190.177.21, 52.149.20.212, 13.107.246.63, 172.202.163.200
                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, onedsblobprdcus16.centralus.cloudapp.azure.com
                                  • Not all processes where analyzed, report is missing behavior information
                                  TimeTypeDescription
                                  02:25:41API Interceptor6x Sleep call for process: 4JpRlHS5uF.exe modified
                                  02:26:10API Interceptor1x Sleep call for process: WerFault.exe modified
                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  34.226.108.155ME3htMIepa.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                    tnMyloge4h.exeGet hashmaliciousCryptbotBrowse
                                      L07oVVY21C.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                        JC3iBBGcz9.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                          4yL3dr9Ryh.exeGet hashmaliciousCryptbotBrowse
                                            caINsyGzGP.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                              mPQW1NB2Px.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                dCdr6IBojN.exeGet hashmaliciousUnknownBrowse
                                                  94g4KHMj9B.exeGet hashmaliciousUnknownBrowse
                                                    Gy53Tq6BdK.exeGet hashmaliciousUnknownBrowse
                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      httpbin.orgnhBOIABEwD.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 98.85.100.80
                                                      Dc5hEJ2NYM.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 98.85.100.80
                                                      xWnpPJbKGK.exeGet hashmaliciousCryptbotBrowse
                                                      • 98.85.100.80
                                                      bi051BPQue.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 98.85.100.80
                                                      ME3htMIepa.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 34.226.108.155
                                                      tnMyloge4h.exeGet hashmaliciousCryptbotBrowse
                                                      • 34.226.108.155
                                                      L07oVVY21C.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 34.226.108.155
                                                      JC3iBBGcz9.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 34.226.108.155
                                                      8Zmq2c7W5E.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 98.85.100.80
                                                      4yL3dr9Ryh.exeGet hashmaliciousCryptbotBrowse
                                                      • 34.226.108.155
                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      AMAZON-AESUSME3htMIepa.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 34.226.108.155
                                                      tnMyloge4h.exeGet hashmaliciousCryptbotBrowse
                                                      • 34.226.108.155
                                                      L07oVVY21C.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 34.226.108.155
                                                      JC3iBBGcz9.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 34.226.108.155
                                                      4yL3dr9Ryh.exeGet hashmaliciousCryptbotBrowse
                                                      • 34.226.108.155
                                                      caINsyGzGP.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 34.226.108.155
                                                      mPQW1NB2Px.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 34.226.108.155
                                                      dCdr6IBojN.exeGet hashmaliciousUnknownBrowse
                                                      • 34.226.108.155
                                                      94g4KHMj9B.exeGet hashmaliciousUnknownBrowse
                                                      • 34.226.108.155
                                                      TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                      • 3.5.16.86
                                                      No context
                                                      No context
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):0.9425447354183427
                                                      Encrypted:false
                                                      SSDEEP:192:J7Dcf/U0BU/Qju0ZrPMtwzuiF4Z24IO8vA:Jn0PBU/Qj5zuiF4Y4IO8vA
                                                      MD5:F7D976296AEA73B9A93837D957E114EB
                                                      SHA1:E9F6536C5D233B31F8BE17615BDBA6C7FC6154BD
                                                      SHA-256:408368F1CA86CED423E3A6C61B62357BDC24A52400FEF313A269D4D5D408DA39
                                                      SHA-512:2205394913E7ADA643548081209C9D3B1C5BA733EEBC9BFD714171FC13F3B4B1790FFD65BC262D66BBAEEAB85D697B275133FFC3477FB11E7BC9E87FA3851F30
                                                      Malicious:true
                                                      Reputation:low
                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.4.1.2.3.4.3.2.4.6.8.2.1.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.4.1.2.3.4.5.0.2.8.1.4.7.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.1.b.3.0.b.1.6.-.4.c.2.c.-.4.c.9.b.-.8.e.0.d.-.f.d.3.3.8.2.c.1.b.b.4.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.1.f.2.f.2.3.f.-.4.a.d.7.-.4.e.c.b.-.a.3.9.7.-.c.e.2.a.8.e.6.c.b.1.4.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.4.J.p.R.l.H.S.5.u.F...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.6.c.-.0.0.0.1.-.0.0.1.4.-.b.0.e.6.-.0.a.d.a.0.b.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.9.9.1.a.1.a.6.4.4.b.f.9.1.f.f.a.1.7.1.a.1.b.6.6.f.6.a.a.1.6.7.3.0.0.0.0.f.f.f.f.!.0.0.0.0.c.c.5.e.a.b.3.3.4.e.3.b.c.f.7.a.2.4.f.1.a.2.4.5.a.c.8.1.3.7.6.5.c.8.2.1.d.3.d.e.!.4.J.p.R.l.H.S.5.u.F...e.x.e.....T.a.r.g.e.t.A.p.p.
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Mini DuMP crash report, 15 streams, Mon Dec 23 07:25:43 2024, 0x1205a4 type
                                                      Category:dropped
                                                      Size (bytes):212458
                                                      Entropy (8bit):1.4094815453075706
                                                      Encrypted:false
                                                      SSDEEP:384:xTCTTSgUowEqhU7Tr31RUENATjQkJ3FsWilepGQn9dku4Z4DgUuv:xTCSdowEqhU7v1RKvQklyWRpGQYu4ZG
                                                      MD5:F7FC532BE7D59F1EB5294D8BFFC77884
                                                      SHA1:14EE87E725B13C058B64C967EF19A9F54B0B8E40
                                                      SHA-256:F503C5E96A8B59CE80EEA3B14471A64129CBCFACE598F846C1EA59DFEB7ED7D5
                                                      SHA-512:CDA2E9675B799FDB228724BDE1441611A906E0BE7F90908650AFD2C191E7ACA000A6EDC354DECC7B0CF57CB994645B599E6975AA7E27D4581EF7CDD63A72BB22
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:MDMP..a..... .......w.ig............D...........D...X............ ......D....z..........`.......8...........T...........H,.............. !...........#..............................................................................eJ.......#......GenuineIntel............T.......l...l.ig.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):8356
                                                      Entropy (8bit):3.703920281179706
                                                      Encrypted:false
                                                      SSDEEP:192:R6l7wVeJvV6t6Y9eSU3AcgmfYbbprU89b8LsfK0m:R6lXJd6t6YUSU3AcgmfYb38QfY
                                                      MD5:2115111820925FF60522506CC17CCAA4
                                                      SHA1:4DAE53EB5B93EC4F70A8E5682A961B2F1340B02E
                                                      SHA-256:0B572BA5A52F061C0BCF1F0D40E48B92E5A7FE63164679C3BBDF5D1415533CC8
                                                      SHA-512:933047BF6A7DBF6C53AEB47C0730F40EB4B5A80A72A568789A35E05398246E8E9397C681A964D98FFDD4D324D5E6C4F3DBCBADE758D2D3D00F45C3E1066B654A
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.3.2.<./.P.i.
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):4594
                                                      Entropy (8bit):4.47329560147426
                                                      Encrypted:false
                                                      SSDEEP:48:cvIwWl8zsngJg77aI9ITWpW8VY3Ym8M4JP5FJTF+q8IsrupFzRKd:uIjfnmI7Si7VfJF5IapFzRKd
                                                      MD5:03F3CD3631E92C20E146CE8BA8090FF8
                                                      SHA1:7B7442FC094EF8C410F731782069FA3056DE5284
                                                      SHA-256:7D654881F0056F62C41BC53B77018A9A9C0B3994E26EF9230753339112A43FDD
                                                      SHA-512:CD0E2D6BDB21CDFA2E015C02736F4FB1A6307DEAE3EDCDF96D16F2484379158666E8873D217693D63D8D52AB94A0271443DC1BB60F343E27A8B2202A97E2BC9F
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="643588" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:MS Windows registry file, NT/2000 or above
                                                      Category:dropped
                                                      Size (bytes):1835008
                                                      Entropy (8bit):4.465425324999037
                                                      Encrypted:false
                                                      SSDEEP:6144:JIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNNdwBCswSbr:6XD94+WlLZMM6YFHH+r
                                                      MD5:1EDC9E94A05269259D3AE60671271839
                                                      SHA1:B929C29D71B964AD5B099CF5F82646B872A2C3BD
                                                      SHA-256:3F39FF7EBEC566855C2E9753D6D7B336A707B37C8F8FC941E623B70A5B9FB006
                                                      SHA-512:3120A5B482FEDF5E0A4727B78F2948C8BBDF7EDC5BED389F11E315587F1D0D0ACCA22B7B48602C69658A36EA69DDBF801A99302A9C136BB8A9546789E3C2ACC0
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.*..U..............................................................................................................................................................................................................................................................................................................................................sa=.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                      File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                      Entropy (8bit):7.985575298010103
                                                      TrID:
                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                      • DOS Executable Generic (2002/1) 0.02%
                                                      • VXD Driver (31/22) 0.00%
                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                      File name:4JpRlHS5uF.exe
                                                      File size:4'495'360 bytes
                                                      MD5:5a59142c418a1913fb65a008b64b0d87
                                                      SHA1:cc5eab334e3bcf7a24f1a245ac813765c821d3de
                                                      SHA256:08f893c18fb3d1d85e9ab5b5a8ff2843c4b7d20561287a70de23cb776c99d6a9
                                                      SHA512:18b7c05f8786a6004f6ef802fe90d01c1e042ef0a0c6c54418767a23b13cf033650444bdc729e62a62f769ad68ff994f7e26f51d807aa9c5d2d231045b6ca84a
                                                      SSDEEP:98304:3T4HBZrgaALlZb1+DGDGLP+HvL5jxMKABP0f9jUSdGm+vwURAM:3T43HALlF1YGg6nM10f9pltM
                                                      TLSH:BB2633F155B62A83CE6E2673FD13DB7972BA06F2A4690FD72310E00642F745E5A848F4
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....cg...............(.VH...v..2...........pH...@..........................0......!.D...@... ............................
                                                      Icon Hash:90cececece8e8eb0
                                                      Entrypoint:0x10a0000
                                                      Entrypoint Section:.taggant
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                                      DLL Characteristics:DYNAMIC_BASE
                                                      Time Stamp:0x67639809 [Thu Dec 19 03:50:33 2024 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:2eabe9054cad5152567f0699947a2c5b
                                                      Instruction
                                                      jmp 00007FC1D4C291FAh
                                                      pcmpeqd mm0, qword ptr [eax+eax+00h]
                                                      add byte ptr [eax], al
                                                      add cl, ch
                                                      add byte ptr [eax], ah
                                                      add byte ptr [eax], al
                                                      add byte ptr [ebx], cl
                                                      or al, byte ptr [eax]
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [ebx], al
                                                      or al, byte ptr [eax]
                                                      add byte ptr [edi], al
                                                      or al, byte ptr [eax]
                                                      add byte ptr [ecx], al
                                                      or al, byte ptr [eax]
                                                      add byte ptr [esi], al
                                                      or al, byte ptr [eax]
                                                      add byte ptr [ebx], cl
                                                      or al, byte ptr [eax]
                                                      add byte ptr [edx], al
                                                      or al, byte ptr [eax]
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], cl
                                                      add byte ptr [eax], 00000000h
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      adc byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add ecx, dword ptr [edx]
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      xor byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add al, 00h
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x74705f0x73.idata
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x7460000x1ac.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xc9eda00x10yefovael
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0xc9ed500x18yefovael
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      0x10000x7450000x284c00d813426287b6bc00eff1f60c4c76b2eaunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .rsrc0x7460000x1ac0x20097109f94808977299a212af97811ce82False0.583984375data4.539699435794372IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .idata 0x7470000x10000x200e84636d45557e74dadd0f14f36394655False0.166015625data1.1471680400846989IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      0x7480000x3960000x200596fc7d04dc292936c837860488c579bunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      yefovael0xade0000x1c10000x1c1000a10210bd804cecd06ed3ff3d115eef53False0.9944293525542873data7.955475326711672IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      eavrkykj0xc9f0000x10000x40099180376513b705746e9670e40a6d95fFalse0.791015625data6.162183866966903IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .taggant0xca00000x30000x22008061da9d873ade2ed2a6fc4f87fce153False0.06962316176470588DOS executable (COM)0.7762549867520577IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_MANIFEST0xc9edb00x152ASCII text, with CRLF line terminators0.6479289940828402
                                                      DLLImport
                                                      kernel32.dlllstrcpy
                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Dec 23, 2024 08:25:37.637670994 CET49730443192.168.2.434.226.108.155
                                                      Dec 23, 2024 08:25:37.637734890 CET4434973034.226.108.155192.168.2.4
                                                      Dec 23, 2024 08:25:37.637823105 CET49730443192.168.2.434.226.108.155
                                                      Dec 23, 2024 08:25:37.651784897 CET49730443192.168.2.434.226.108.155
                                                      Dec 23, 2024 08:25:37.651851892 CET4434973034.226.108.155192.168.2.4
                                                      Dec 23, 2024 08:25:39.410517931 CET4434973034.226.108.155192.168.2.4
                                                      Dec 23, 2024 08:25:39.411115885 CET49730443192.168.2.434.226.108.155
                                                      Dec 23, 2024 08:25:39.411153078 CET4434973034.226.108.155192.168.2.4
                                                      Dec 23, 2024 08:25:39.413142920 CET4434973034.226.108.155192.168.2.4
                                                      Dec 23, 2024 08:25:39.413225889 CET49730443192.168.2.434.226.108.155
                                                      Dec 23, 2024 08:25:39.414654970 CET49730443192.168.2.434.226.108.155
                                                      Dec 23, 2024 08:25:39.414756060 CET4434973034.226.108.155192.168.2.4
                                                      Dec 23, 2024 08:25:39.446857929 CET49730443192.168.2.434.226.108.155
                                                      Dec 23, 2024 08:25:39.446891069 CET4434973034.226.108.155192.168.2.4
                                                      Dec 23, 2024 08:25:39.494601011 CET49730443192.168.2.434.226.108.155
                                                      Dec 23, 2024 08:25:39.766880035 CET4434973034.226.108.155192.168.2.4
                                                      Dec 23, 2024 08:25:39.767024994 CET4434973034.226.108.155192.168.2.4
                                                      Dec 23, 2024 08:25:39.767190933 CET49730443192.168.2.434.226.108.155
                                                      Dec 23, 2024 08:25:39.777107954 CET49730443192.168.2.434.226.108.155
                                                      Dec 23, 2024 08:25:39.777139902 CET4434973034.226.108.155192.168.2.4
                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Dec 23, 2024 08:25:37.352300882 CET6165153192.168.2.41.1.1.1
                                                      Dec 23, 2024 08:25:37.352412939 CET6165153192.168.2.41.1.1.1
                                                      Dec 23, 2024 08:25:37.489531994 CET53616511.1.1.1192.168.2.4
                                                      Dec 23, 2024 08:25:37.635282040 CET53616511.1.1.1192.168.2.4
                                                      Dec 23, 2024 08:25:40.842839003 CET6165453192.168.2.41.1.1.1
                                                      Dec 23, 2024 08:25:40.842906952 CET6165453192.168.2.41.1.1.1
                                                      Dec 23, 2024 08:25:41.922327042 CET53616541.1.1.1192.168.2.4
                                                      Dec 23, 2024 08:25:41.922472954 CET53616541.1.1.1192.168.2.4
                                                      Dec 23, 2024 08:25:42.109481096 CET6165553192.168.2.41.1.1.1
                                                      Dec 23, 2024 08:25:42.109545946 CET6165553192.168.2.41.1.1.1
                                                      Dec 23, 2024 08:25:42.248380899 CET53616551.1.1.1192.168.2.4
                                                      Dec 23, 2024 08:25:42.248416901 CET53616551.1.1.1192.168.2.4
                                                      Dec 23, 2024 08:25:42.439177036 CET6165653192.168.2.41.1.1.1
                                                      Dec 23, 2024 08:25:42.439275980 CET6165653192.168.2.41.1.1.1
                                                      Dec 23, 2024 08:25:42.577909946 CET53616561.1.1.1192.168.2.4
                                                      Dec 23, 2024 08:25:42.577924967 CET53616561.1.1.1192.168.2.4
                                                      Dec 23, 2024 08:25:42.770620108 CET6165753192.168.2.41.1.1.1
                                                      Dec 23, 2024 08:25:42.770677090 CET6165753192.168.2.41.1.1.1
                                                      Dec 23, 2024 08:25:42.908256054 CET53616571.1.1.1192.168.2.4
                                                      Dec 23, 2024 08:25:42.909590960 CET53616571.1.1.1192.168.2.4
                                                      Dec 23, 2024 08:25:43.187201023 CET6165853192.168.2.41.1.1.1
                                                      Dec 23, 2024 08:25:43.187254906 CET6165853192.168.2.41.1.1.1
                                                      Dec 23, 2024 08:25:43.325687885 CET53616581.1.1.1192.168.2.4
                                                      Dec 23, 2024 08:25:43.325722933 CET53616581.1.1.1192.168.2.4
                                                      Dec 23, 2024 08:25:43.499365091 CET6165953192.168.2.41.1.1.1
                                                      Dec 23, 2024 08:25:43.499609947 CET6165953192.168.2.41.1.1.1
                                                      Dec 23, 2024 08:25:43.637399912 CET53616591.1.1.1192.168.2.4
                                                      Dec 23, 2024 08:25:43.637564898 CET53616591.1.1.1192.168.2.4
                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Dec 23, 2024 08:25:37.352300882 CET192.168.2.41.1.1.10x8709Standard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                                      Dec 23, 2024 08:25:37.352412939 CET192.168.2.41.1.1.10x9d2dStandard query (0)httpbin.org28IN (0x0001)false
                                                      Dec 23, 2024 08:25:40.842839003 CET192.168.2.41.1.1.10x969bStandard query (0)home.fivetk5ht.topA (IP address)IN (0x0001)false
                                                      Dec 23, 2024 08:25:40.842906952 CET192.168.2.41.1.1.10x4232Standard query (0)home.fivetk5ht.top28IN (0x0001)false
                                                      Dec 23, 2024 08:25:42.109481096 CET192.168.2.41.1.1.10x33dcStandard query (0)home.fivetk5ht.topA (IP address)IN (0x0001)false
                                                      Dec 23, 2024 08:25:42.109545946 CET192.168.2.41.1.1.10x44b1Standard query (0)home.fivetk5ht.top28IN (0x0001)false
                                                      Dec 23, 2024 08:25:42.439177036 CET192.168.2.41.1.1.10x9d65Standard query (0)home.fivetk5ht.topA (IP address)IN (0x0001)false
                                                      Dec 23, 2024 08:25:42.439275980 CET192.168.2.41.1.1.10x45dcStandard query (0)home.fivetk5ht.top28IN (0x0001)false
                                                      Dec 23, 2024 08:25:42.770620108 CET192.168.2.41.1.1.10xe1dcStandard query (0)home.fivetk5ht.topA (IP address)IN (0x0001)false
                                                      Dec 23, 2024 08:25:42.770677090 CET192.168.2.41.1.1.10x5048Standard query (0)home.fivetk5ht.top28IN (0x0001)false
                                                      Dec 23, 2024 08:25:43.187201023 CET192.168.2.41.1.1.10x4138Standard query (0)home.fivetk5ht.topA (IP address)IN (0x0001)false
                                                      Dec 23, 2024 08:25:43.187254906 CET192.168.2.41.1.1.10x2117Standard query (0)home.fivetk5ht.top28IN (0x0001)false
                                                      Dec 23, 2024 08:25:43.499365091 CET192.168.2.41.1.1.10x82d1Standard query (0)home.fivetk5ht.topA (IP address)IN (0x0001)false
                                                      Dec 23, 2024 08:25:43.499609947 CET192.168.2.41.1.1.10x25e9Standard query (0)home.fivetk5ht.top28IN (0x0001)false
                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Dec 23, 2024 08:25:37.635282040 CET1.1.1.1192.168.2.40x8709No error (0)httpbin.org34.226.108.155A (IP address)IN (0x0001)false
                                                      Dec 23, 2024 08:25:37.635282040 CET1.1.1.1192.168.2.40x8709No error (0)httpbin.org98.85.100.80A (IP address)IN (0x0001)false
                                                      Dec 23, 2024 08:25:41.922327042 CET1.1.1.1192.168.2.40x4232Name error (3)home.fivetk5ht.topnonenone28IN (0x0001)false
                                                      Dec 23, 2024 08:25:41.922472954 CET1.1.1.1192.168.2.40x969bName error (3)home.fivetk5ht.topnonenoneA (IP address)IN (0x0001)false
                                                      Dec 23, 2024 08:25:42.248380899 CET1.1.1.1192.168.2.40x33dcName error (3)home.fivetk5ht.topnonenoneA (IP address)IN (0x0001)false
                                                      Dec 23, 2024 08:25:42.248416901 CET1.1.1.1192.168.2.40x44b1Name error (3)home.fivetk5ht.topnonenone28IN (0x0001)false
                                                      Dec 23, 2024 08:25:42.577909946 CET1.1.1.1192.168.2.40x9d65Name error (3)home.fivetk5ht.topnonenoneA (IP address)IN (0x0001)false
                                                      Dec 23, 2024 08:25:42.577924967 CET1.1.1.1192.168.2.40x45dcName error (3)home.fivetk5ht.topnonenone28IN (0x0001)false
                                                      Dec 23, 2024 08:25:42.908256054 CET1.1.1.1192.168.2.40x5048Name error (3)home.fivetk5ht.topnonenone28IN (0x0001)false
                                                      Dec 23, 2024 08:25:42.909590960 CET1.1.1.1192.168.2.40xe1dcName error (3)home.fivetk5ht.topnonenoneA (IP address)IN (0x0001)false
                                                      Dec 23, 2024 08:25:43.325687885 CET1.1.1.1192.168.2.40x4138Name error (3)home.fivetk5ht.topnonenoneA (IP address)IN (0x0001)false
                                                      Dec 23, 2024 08:25:43.325722933 CET1.1.1.1192.168.2.40x2117Name error (3)home.fivetk5ht.topnonenone28IN (0x0001)false
                                                      Dec 23, 2024 08:25:43.637399912 CET1.1.1.1192.168.2.40x25e9Name error (3)home.fivetk5ht.topnonenone28IN (0x0001)false
                                                      Dec 23, 2024 08:25:43.637564898 CET1.1.1.1192.168.2.40x82d1Name error (3)home.fivetk5ht.topnonenoneA (IP address)IN (0x0001)false
                                                      • httpbin.org
                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.44973034.226.108.1554437532C:\Users\user\Desktop\4JpRlHS5uF.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-23 07:25:39 UTC52OUTGET /ip HTTP/1.1
                                                      Host: httpbin.org
                                                      Accept: */*
                                                      2024-12-23 07:25:39 UTC224INHTTP/1.1 200 OK
                                                      Date: Mon, 23 Dec 2024 07:25:39 GMT
                                                      Content-Type: application/json
                                                      Content-Length: 31
                                                      Connection: close
                                                      Server: gunicorn/19.9.0
                                                      Access-Control-Allow-Origin: *
                                                      Access-Control-Allow-Credentials: true
                                                      2024-12-23 07:25:39 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                                      Data Ascii: { "origin": "8.46.123.189"}


                                                      Click to jump to process

                                                      Click to jump to process

                                                      Click to dive into process behavior distribution

                                                      Click to jump to process

                                                      Target ID:0
                                                      Start time:02:25:32
                                                      Start date:23/12/2024
                                                      Path:C:\Users\user\Desktop\4JpRlHS5uF.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\4JpRlHS5uF.exe"
                                                      Imagebase:0x510000
                                                      File size:4'495'360 bytes
                                                      MD5 hash:5A59142C418A1913FB65A008B64B0D87
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      Target ID:3
                                                      Start time:02:25:43
                                                      Start date:23/12/2024
                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 1156
                                                      Imagebase:0xd0000
                                                      File size:483'680 bytes
                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      Reset < >

                                                        Execution Graph

                                                        Execution Coverage:0.1%
                                                        Dynamic/Decrypted Code Coverage:100%
                                                        Signature Coverage:0%
                                                        Total number of Nodes:128
                                                        Total number of Limit Nodes:4
                                                        execution_graph 15137 7160417 15138 71603ff 15137->15138 15139 716040d GetLogicalDrives 15138->15139 15140 7160420 15138->15140 15139->15140 15143 71a031f 15144 71a0334 15143->15144 15147 71a035c 15144->15147 15153 71a0375 15147->15153 15149 71a0368 15151 71a035c 2 API calls 15152 71a034a 15151->15152 15154 71a0382 15153->15154 15157 71a03b5 15154->15157 15156 71a0300 15156->15149 15156->15151 15158 71a03c6 15157->15158 15160 71a04eb Process32FirstW 15158->15160 15162 71a04ee Process32FirstW 15158->15162 15161 71a050e 15160->15161 15161->15156 15163 71a050e 15162->15163 15163->15158 15349 71a0191 15350 71a018d 15349->15350 15350->15349 15351 71a025e 2 API calls 15350->15351 15352 71a025a 15350->15352 15351->15350 15228 71a020a 15230 71a01f3 15228->15230 15231 71a025a 15230->15231 15232 71a025e 15230->15232 15233 71a028b 15232->15233 15234 71a035c 2 API calls 15233->15234 15235 71a034a 15234->15235 15389 7160000 15390 7160016 15389->15390 15391 7160118 GetLogicalDrives 15390->15391 15392 7160137 15390->15392 15391->15390 15393 71601f9 GetLogicalDrives 15392->15393 15394 71601f1 15393->15394 15191 71a038d 15192 71a03ae 15191->15192 15193 71a03b5 2 API calls 15191->15193 15193->15192 15260 71a0282 15261 71a029a 15260->15261 15262 71a035c 2 API calls 15261->15262 15263 71a034a 15262->15263 15395 71a0000 15397 71a001a 15395->15397 15396 71a00ff 2 API calls 15396->15397 15397->15396 15398 71a0172 15397->15398 15399 71a0133 15397->15399 15400 71a018a 2 API calls 15399->15400 15402 71a0182 15400->15402 15401 71a025e 2 API calls 15401->15402 15402->15401 15403 71a025a 15402->15403 15288 71a0106 15290 71a011a 15288->15290 15294 71a018a 15290->15294 15295 71a019d 15294->15295 15296 71a025e 2 API calls 15295->15296 15297 71a025a 15295->15297 15296->15295 15357 71a01bf 15359 71a01c4 15357->15359 15358 71a025e 2 API calls 15358->15359 15359->15358 15360 71a025a 15359->15360 15298 716013c 15299 7160147 15298->15299 15302 71601f9 15299->15302 15303 7160217 GetLogicalDrives 15302->15303 15305 7160422 15303->15305 15198 71a03af 15199 71a0370 15198->15199 15202 71a03b2 15198->15202 15200 71a03b5 2 API calls 15199->15200 15201 71a03ae 15200->15201 15203 71a04ee Process32FirstW 15202->15203 15204 71a04eb Process32FirstW 15202->15204 15203->15202 15205 71a050e 15204->15205 15306 716012a 15307 71600d3 15306->15307 15309 7160137 15306->15309 15307->15306 15312 7160118 15307->15312 15310 71601f9 GetLogicalDrives 15309->15310 15311 71601f1 15310->15311 15313 7160136 15312->15313 15314 71601f9 GetLogicalDrives 15313->15314 15315 71601f1 15314->15315 15316 71a0127 15317 71a0133 15316->15317 15319 71a00d0 15316->15319 15320 71a018a 2 API calls 15317->15320 15319->15316 15321 71a0172 15319->15321 15325 71a00ff 15319->15325 15322 71a0182 15320->15322 15323 71a025e 2 API calls 15322->15323 15324 71a025a 15322->15324 15323->15322 15326 71a0119 15325->15326 15327 71a018a 2 API calls 15326->15327 15328 71a0182 15327->15328 15329 71a025e 2 API calls 15328->15329 15330 71a025a 15328->15330 15329->15328 15244 7160229 15245 716026b GetLogicalDrives 15244->15245 15247 7160422 15245->15247 15331 7160152 15332 7160155 15331->15332 15333 71601f9 GetLogicalDrives 15332->15333 15334 71601f1 15333->15334 15335 71a0152 15336 71a011e 15335->15336 15337 71a018a 2 API calls 15336->15337 15339 71a0182 15337->15339 15338 71a025e 2 API calls 15338->15339 15339->15338 15340 71a025a 15339->15340 15176 71a037d 15177 71a0380 15176->15177 15178 71a031d 15176->15178 15180 71a03b5 2 API calls 15177->15180 15179 71a035c 2 API calls 15178->15179 15181 71a034a 15179->15181 15182 71a03ae 15180->15182 15365 71601e5 15366 71601f1 15365->15366 15367 71601f9 GetLogicalDrives 15365->15367 15367->15366 15141 71a04ee Process32FirstW 15142 71a050e 15141->15142 15223 71a03e6 15224 71a03ec 15223->15224 15225 71a04ee Process32FirstW 15224->15225 15226 71a04eb Process32FirstW 15224->15226 15225->15224 15227 71a050e 15226->15227
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 8f083b4fef207e780ce57add25ee71009c057d0ee5bb9dffd6f4b14f179aeae6
                                                        • Instruction ID: a14b7c0a054e6f9c37b9bb4f6b221effb80343d56be3addf62a38bbd1e28a6e9
                                                        • Opcode Fuzzy Hash: 8f083b4fef207e780ce57add25ee71009c057d0ee5bb9dffd6f4b14f179aeae6
                                                        • Instruction Fuzzy Hash: 45F1A2FB15C111BDB24685836F14BFA676DE7CB730F3284AAF907D6582E3980E4A5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 244378d98ad96623c7254d0c3d4343fc67170838a2e7125c4805765389205f17
                                                        • Instruction ID: 28fa3085989e8683aafa7021814f080f2b50ad9fb12e27f9f765d9eecb747e63
                                                        • Opcode Fuzzy Hash: 244378d98ad96623c7254d0c3d4343fc67170838a2e7125c4805765389205f17
                                                        • Instruction Fuzzy Hash: DF415CEB25C110BDB105C0826F24EFA676ED6DBB30B32C4A6F907D6286E3940F8E5135
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142492935.00000000071E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71e0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c836439fe80bdd166e65d81f18a6abc96129ae43be22b3d2d5a59eb28fc38b5e
                                                        • Instruction ID: 9c63de8e6cc150bedb1f23b2d6c840015d1e9b4d38363fa854bf44b8df353649
                                                        • Opcode Fuzzy Hash: c836439fe80bdd166e65d81f18a6abc96129ae43be22b3d2d5a59eb28fc38b5e
                                                        • Instruction Fuzzy Hash: 9901BDD304CECC2FC20942649E65EF63F2DE69B33073A4267F482EA4C3D79149424272

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 0 71601f9-71603fc 21 7160403-7160412 GetLogicalDrives 0->21 23 7160422-7160603 21->23 43 7160613-7160659 call 7160666 23->43 46 716065e 43->46 47 7160660-716073a 46->47 48 7160649-716064c 46->48 50 7160611 48->50 51 716064e-716064f 48->51 50->43 53 7160651-7160658 51->53 54 716060f-7160610 51->54 53->46 56 7160659 call 7160666 53->56 54->50 56->46
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 0716040D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142345112.0000000007160000.00000040.00001000.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7160000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\$A:\
                                                        • API String ID: 999431828-1047444362
                                                        • Opcode ID: abda575e562299ce6449b38059529be4aae948e3b2179af866a988063bdf9422
                                                        • Instruction ID: d5aa95409bc7b88f6c7b3bf7810dffffbcc7e3e11fed96cb32a4ebf5970e7358
                                                        • Opcode Fuzzy Hash: abda575e562299ce6449b38059529be4aae948e3b2179af866a988063bdf9422
                                                        • Instruction Fuzzy Hash: 4671D4EB26C120BD714A81862B5CEFA677EE5CB731B32842BF403D5582E3C40FA95131

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 67 7160229-71603fc 86 7160403-7160412 GetLogicalDrives 67->86 88 7160422-7160603 86->88 108 7160613-7160659 call 7160666 88->108 111 716065e 108->111 112 7160660-716073a 111->112 113 7160649-716064c 111->113 115 7160611 113->115 116 716064e-716064f 113->116 115->108 118 7160651-7160658 116->118 119 716060f-7160610 116->119 118->111 121 7160659 call 7160666 118->121 119->115 121->111
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 0716040D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142345112.0000000007160000.00000040.00001000.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7160000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\$A:\
                                                        • API String ID: 999431828-1047444362
                                                        • Opcode ID: a1e99648d34b3e70e7cc80b7985abe8a73bd72ab9f724f1d13820e568e00683b
                                                        • Instruction ID: 88c0a402a6e36e5d6e2d42e5c9dd869b88de8e688afc14254e4c52becb62bc54
                                                        • Opcode Fuzzy Hash: a1e99648d34b3e70e7cc80b7985abe8a73bd72ab9f724f1d13820e568e00683b
                                                        • Instruction Fuzzy Hash: 2271B4EB26D120BD714A81952B5CEFA6B7EE5CB731B32842BF403D6582E3D40FA95131

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 132 7160292-716029c 133 7160261-716028d 132->133 134 716029e-716029f 132->134 138 71602a6-71603fc 133->138 135 71602a1-71602a3 134->135 136 716025f-7160260 134->136 135->138 136->133 155 7160403-7160412 GetLogicalDrives 138->155 157 7160422-7160603 155->157 177 7160613-7160659 call 7160666 157->177 180 716065e 177->180 181 7160660-716073a 180->181 182 7160649-716064c 180->182 184 7160611 182->184 185 716064e-716064f 182->185 184->177 187 7160651-7160658 185->187 188 716060f-7160610 185->188 187->180 190 7160659 call 7160666 187->190 188->184 190->180
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142345112.0000000007160000.00000040.00001000.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7160000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: A:\$A:\
                                                        • API String ID: 0-1047444362
                                                        • Opcode ID: e8c184455ccd10d087904e2263a18d29d15e219d18f3ef39a069260da76d5535
                                                        • Instruction ID: b3afacc0e883c1a77b4877645b2b9f1078d801beed57c9f159520dded2e1ea80
                                                        • Opcode Fuzzy Hash: e8c184455ccd10d087904e2263a18d29d15e219d18f3ef39a069260da76d5535
                                                        • Instruction Fuzzy Hash: 3D71C2EB26D120BD724A81962B5CEF66B7EE5CB731B32842BF407D5582E3C40FA95131

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 201 716025b-71603fc 222 7160403-7160412 GetLogicalDrives 201->222 224 7160422-7160603 222->224 244 7160613-7160659 call 7160666 224->244 247 716065e 244->247 248 7160660-716073a 247->248 249 7160649-716064c 247->249 251 7160611 249->251 252 716064e-716064f 249->252 251->244 254 7160651-7160658 252->254 255 716060f-7160610 252->255 254->247 257 7160659 call 7160666 254->257 255->251 257->247
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 0716040D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142345112.0000000007160000.00000040.00001000.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7160000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\$A:\
                                                        • API String ID: 999431828-1047444362
                                                        • Opcode ID: ff1fb2e16dc7ba37ec1470246f41d924daf055a00cf312f51bd62b00dc30639c
                                                        • Instruction ID: 46a71fb5ae3b878fc4518452b45149be556e48d36e71ef539255ef38f677e241
                                                        • Opcode Fuzzy Hash: ff1fb2e16dc7ba37ec1470246f41d924daf055a00cf312f51bd62b00dc30639c
                                                        • Instruction Fuzzy Hash: 0961B3EB26D120BD724A81922B5CEFA6B7EE5CB731B32843AF407D5586E3C40F695131

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 268 7160275-71603fc 286 7160403-7160412 GetLogicalDrives 268->286 288 7160422-7160603 286->288 308 7160613-7160659 call 7160666 288->308 311 716065e 308->311 312 7160660-716073a 311->312 313 7160649-716064c 311->313 315 7160611 313->315 316 716064e-716064f 313->316 315->308 318 7160651-7160658 316->318 319 716060f-7160610 316->319 318->311 321 7160659 call 7160666 318->321 319->315 321->311
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 0716040D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142345112.0000000007160000.00000040.00001000.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7160000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\$A:\
                                                        • API String ID: 999431828-1047444362
                                                        • Opcode ID: a8b1b0e2d2acf1d06ed3f45dbab5a9f63dc201754ea872622bcf56a81bd1b057
                                                        • Instruction ID: c670408f30d70a9e21756af7b80e1648587f9fb8a34ff3fc162edf688912fe6e
                                                        • Opcode Fuzzy Hash: a8b1b0e2d2acf1d06ed3f45dbab5a9f63dc201754ea872622bcf56a81bd1b057
                                                        • Instruction Fuzzy Hash: 4461B2EB26D120BD714A81922B5CEFA6B6EE5CB731B32843BF407D5582E3C40F695131

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 332 71602bd-71603fc 346 7160403-7160412 GetLogicalDrives 332->346 348 7160422-7160603 346->348 368 7160613-7160659 call 7160666 348->368 371 716065e 368->371 372 7160660-716073a 371->372 373 7160649-716064c 371->373 375 7160611 373->375 376 716064e-716064f 373->376 375->368 378 7160651-7160658 376->378 379 716060f-7160610 376->379 378->371 381 7160659 call 7160666 378->381 379->375 381->371
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 0716040D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142345112.0000000007160000.00000040.00001000.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7160000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\$A:\
                                                        • API String ID: 999431828-1047444362
                                                        • Opcode ID: feecfaf3c2f800dcd7c1877afa0aa6c509e8bc0c22fe1024bb5d3c9f288f3fb9
                                                        • Instruction ID: f68bdafb9807150547f9fa13a90ac95446bf234776170fcc1757eff1f12788e2
                                                        • Opcode Fuzzy Hash: feecfaf3c2f800dcd7c1877afa0aa6c509e8bc0c22fe1024bb5d3c9f288f3fb9
                                                        • Instruction Fuzzy Hash: 2C6107EB26D120BD724A85962B58EF66B7EE5CB731B32843AF403D6582E3C40F695131

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 392 71602f0-71603fc 405 7160403-7160412 GetLogicalDrives 392->405 407 7160422-7160603 405->407 427 7160613-7160659 call 7160666 407->427 430 716065e 427->430 431 7160660-716073a 430->431 432 7160649-716064c 430->432 434 7160611 432->434 435 716064e-716064f 432->435 434->427 437 7160651-7160658 435->437 438 716060f-7160610 435->438 437->430 440 7160659 call 7160666 437->440 438->434 440->430
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 0716040D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142345112.0000000007160000.00000040.00001000.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7160000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\$A:\
                                                        • API String ID: 999431828-1047444362
                                                        • Opcode ID: 0dbd032984addf73e79dc73f661f479889953b322279f46da2817a15fe6c2f03
                                                        • Instruction ID: 7134d9a91fa99222937d4345b2938b91c5c276817bdebb65b943c81356db9f8c
                                                        • Opcode Fuzzy Hash: 0dbd032984addf73e79dc73f661f479889953b322279f46da2817a15fe6c2f03
                                                        • Instruction Fuzzy Hash: 5351E5EB26C120BD724A85922B58EFA6B7EE5CB731B32842AF407D5582E3840F695131

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 451 716030b-71603fc 463 7160403-7160412 GetLogicalDrives 451->463 465 7160422-7160603 463->465 485 7160613-7160659 call 7160666 465->485 488 716065e 485->488 489 7160660-716073a 488->489 490 7160649-716064c 488->490 492 7160611 490->492 493 716064e-716064f 490->493 492->485 495 7160651-7160658 493->495 496 716060f-7160610 493->496 495->488 498 7160659 call 7160666 495->498 496->492 498->488
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 0716040D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142345112.0000000007160000.00000040.00001000.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7160000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\$A:\
                                                        • API String ID: 999431828-1047444362
                                                        • Opcode ID: a6492f61d5c90876dac0fcd3aa9ea322bfcd226ad06eb7a3e4d5b572bcd771cf
                                                        • Instruction ID: 6e55ed9d4666ebbd27dd12e3db73c53b204ca5e91a6dd113129810ffb1aeffb0
                                                        • Opcode Fuzzy Hash: a6492f61d5c90876dac0fcd3aa9ea322bfcd226ad06eb7a3e4d5b572bcd771cf
                                                        • Instruction Fuzzy Hash: 0A51F6EB26C120BD724A85922B5CEFA6B7EE5CB731B328436F407D5586E3C80F695131

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 509 716031b-71603fc 521 7160403-7160412 GetLogicalDrives 509->521 523 7160422-7160603 521->523 543 7160613-7160659 call 7160666 523->543 546 716065e 543->546 547 7160660-716073a 546->547 548 7160649-716064c 546->548 550 7160611 548->550 551 716064e-716064f 548->551 550->543 553 7160651-7160658 551->553 554 716060f-7160610 551->554 553->546 556 7160659 call 7160666 553->556 554->550 556->546
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 0716040D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142345112.0000000007160000.00000040.00001000.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7160000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\$A:\
                                                        • API String ID: 999431828-1047444362
                                                        • Opcode ID: 49445c7ff48489f1cb00969bd08f7b328de17b79a06bef16ac3cc558aa22d1ae
                                                        • Instruction ID: db36ccc59617abe8e718908deea3ab1250c8c1bae6c68874c5e3bc713a422d75
                                                        • Opcode Fuzzy Hash: 49445c7ff48489f1cb00969bd08f7b328de17b79a06bef16ac3cc558aa22d1ae
                                                        • Instruction Fuzzy Hash: E551F4EB26C120BD724A85922B5CEF66B7EE5CB731B32843AF407D5586E3C80F695131

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 567 716036a-71603fc 576 7160403-7160412 GetLogicalDrives 567->576 578 7160422-7160603 576->578 598 7160613-7160659 call 7160666 578->598 601 716065e 598->601 602 7160660-716073a 601->602 603 7160649-716064c 601->603 605 7160611 603->605 606 716064e-716064f 603->606 605->598 608 7160651-7160658 606->608 609 716060f-7160610 606->609 608->601 611 7160659 call 7160666 608->611 609->605 611->601
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 0716040D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142345112.0000000007160000.00000040.00001000.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7160000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\
                                                        • API String ID: 999431828-3379428675
                                                        • Opcode ID: d5c8c7f5f11e4127b9a267cab2b8f2574cb0ed9204d6f70a988e6aaa12c2218c
                                                        • Instruction ID: 2053b96153e6e84ceb8444768adc914d9f16b6e647729fffe52bcd9967bfd3c5
                                                        • Opcode Fuzzy Hash: d5c8c7f5f11e4127b9a267cab2b8f2574cb0ed9204d6f70a988e6aaa12c2218c
                                                        • Instruction Fuzzy Hash: EF5104EB22C120BDB24A81552B5CEF66B7EE5CF731B32842BF403D5582E3840F694131

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 622 71603a6-71603a7 623 7160346-71603a0 622->623 624 71603a9 622->624 625 71603ab-71603fc 623->625 624->625 634 7160403-7160412 GetLogicalDrives 625->634 636 7160422-7160603 634->636 656 7160613-7160659 call 7160666 636->656 659 716065e 656->659 660 7160660-716073a 659->660 661 7160649-716064c 659->661 663 7160611 661->663 664 716064e-716064f 661->664 663->656 666 7160651-7160658 664->666 667 716060f-7160610 664->667 666->659 669 7160659 call 7160666 666->669 667->663 669->659
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 0716040D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142345112.0000000007160000.00000040.00001000.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7160000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\
                                                        • API String ID: 999431828-3379428675
                                                        • Opcode ID: fc7ef3fb6699048612a2f8d61b53e56f53048cbe97c80f4910d906d93cfb7c47
                                                        • Instruction ID: 77a9a7e25a89e63b0b90f8bbf81764ed9ae2917e3e1bcec2f98d7f0cf8d2bdd4
                                                        • Opcode Fuzzy Hash: fc7ef3fb6699048612a2f8d61b53e56f53048cbe97c80f4910d906d93cfb7c47
                                                        • Instruction Fuzzy Hash: 0551E2EB26C120BD724A85922B5CEF66B7EE5CF731B328427F407D5586E3880FA95131

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 680 716034d-71603fc 689 7160403-7160412 GetLogicalDrives 680->689 691 7160422-7160603 689->691 711 7160613-7160659 call 7160666 691->711 714 716065e 711->714 715 7160660-716073a 714->715 716 7160649-716064c 714->716 718 7160611 716->718 719 716064e-716064f 716->719 718->711 721 7160651-7160658 719->721 722 716060f-7160610 719->722 721->714 724 7160659 call 7160666 721->724 722->718 724->714
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 0716040D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142345112.0000000007160000.00000040.00001000.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7160000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\
                                                        • API String ID: 999431828-3379428675
                                                        • Opcode ID: 4e720aa38149fec466cdea8c041dc75cd4293cfb978292532c5e1bef7ae835a0
                                                        • Instruction ID: 0f6eb45d99d6b85f3a61e3b45a157511f4bce230980079593e83c89e86aeeef6
                                                        • Opcode Fuzzy Hash: 4e720aa38149fec466cdea8c041dc75cd4293cfb978292532c5e1bef7ae835a0
                                                        • Instruction Fuzzy Hash: D151F6EB26C120BD724A85952B5CDF66B7EE5CF731B328426F403D6586E3880F695131

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 735 7160390-71603fc 741 7160403-7160412 GetLogicalDrives 735->741 743 7160422-7160603 741->743 763 7160613-7160659 call 7160666 743->763 766 716065e 763->766 767 7160660-716073a 766->767 768 7160649-716064c 766->768 770 7160611 768->770 771 716064e-716064f 768->771 770->763 773 7160651-7160658 771->773 774 716060f-7160610 771->774 773->766 776 7160659 call 7160666 773->776 774->770 776->766
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 0716040D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142345112.0000000007160000.00000040.00001000.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7160000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\
                                                        • API String ID: 999431828-3379428675
                                                        • Opcode ID: 45bb528a3012e093c2567aaae7d665b2778c569fc62340f7f42d738bb036b594
                                                        • Instruction ID: a24f9a099a021e514b8e86db1050bba02b02bd2905ce729a5eef067e37ef96b6
                                                        • Opcode Fuzzy Hash: 45bb528a3012e093c2567aaae7d665b2778c569fc62340f7f42d738bb036b594
                                                        • Instruction Fuzzy Hash: 5751F4EB26C120BD724A85922B5CEF66B7EE5CB730B328436F803D5586E3C40F695131

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 787 71603c1-71603fc 791 7160403-7160412 GetLogicalDrives 787->791 793 7160422-7160603 791->793 813 7160613-7160659 call 7160666 793->813 816 716065e 813->816 817 7160660-716073a 816->817 818 7160649-716064c 816->818 820 7160611 818->820 821 716064e-716064f 818->821 820->813 823 7160651-7160658 821->823 824 716060f-7160610 821->824 823->816 826 7160659 call 7160666 823->826 824->820 826->816
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 0716040D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142345112.0000000007160000.00000040.00001000.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7160000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\
                                                        • API String ID: 999431828-3379428675
                                                        • Opcode ID: 3316100e2cec850f292a66d0d01f6bcd1dddf1b8820bb275ae970285e50ee792
                                                        • Instruction ID: 43b24a07b3b18e0bda6fa8e44e1d7a89da784bbad45753cbfa9d686ca083c367
                                                        • Opcode Fuzzy Hash: 3316100e2cec850f292a66d0d01f6bcd1dddf1b8820bb275ae970285e50ee792
                                                        • Instruction Fuzzy Hash: 7D41D3EB26C120BD724A95962B5CEF65B7EE5CB730B32843AF803D5586E3C40F695131

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 837 71603d3-71603fc 840 7160403-7160412 GetLogicalDrives 837->840 842 7160422-7160603 840->842 862 7160613-7160659 call 7160666 842->862 865 716065e 862->865 866 7160660-716073a 865->866 867 7160649-716064c 865->867 869 7160611 867->869 870 716064e-716064f 867->870 869->862 872 7160651-7160658 870->872 873 716060f-7160610 870->873 872->865 875 7160659 call 7160666 872->875 873->869 875->865
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 0716040D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142345112.0000000007160000.00000040.00001000.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7160000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\
                                                        • API String ID: 999431828-3379428675
                                                        • Opcode ID: b3c467b65b59f480739b00a4341cbefcd67fe54e2ea906d0d472eed92ea915e1
                                                        • Instruction ID: 6cb059d0488960539d3265f77f26669868442f6fce7df7ac3adc50d3e0403a79
                                                        • Opcode Fuzzy Hash: b3c467b65b59f480739b00a4341cbefcd67fe54e2ea906d0d472eed92ea915e1
                                                        • Instruction Fuzzy Hash: 5C41E7EB26C120BD724A85952B5CEF66B7EE5CB730B328436F403D5586E3C80F695131
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 0716040D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142345112.0000000007160000.00000040.00001000.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7160000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\
                                                        • API String ID: 999431828-3379428675
                                                        • Opcode ID: 0ba87c7aa84eb11121bdcaad18cf542fcaab7d0f16d34611c6ac788ceb928c60
                                                        • Instruction ID: 5a7dd9480a223abec66d1dde457f169a4cc53a5d53e1fe2430c067e6e1aee40e
                                                        • Opcode Fuzzy Hash: 0ba87c7aa84eb11121bdcaad18cf542fcaab7d0f16d34611c6ac788ceb928c60
                                                        • Instruction Fuzzy Hash: DD41D7EB26C120BD724A95952B5CEF65B7EE5CB730B32843AF803D5586E3C40F695131
                                                        APIs
                                                        • GetLogicalDrives.KERNELBASE ref: 0716040D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142345112.0000000007160000.00000040.00001000.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7160000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: DrivesLogical
                                                        • String ID: A:\
                                                        • API String ID: 999431828-3379428675
                                                        • Opcode ID: 615882c12725209e830e88adcff2b0aeba763d9c03178ee4d1d5eb764651d498
                                                        • Instruction ID: 70032675ffe3920adb5c3a7270c016e574f2ab279ff62c76a217ce855149a066
                                                        • Opcode Fuzzy Hash: 615882c12725209e830e88adcff2b0aeba763d9c03178ee4d1d5eb764651d498
                                                        • Instruction Fuzzy Hash: 9341E7EB26C120BD724A85552B5CDF65B7EE5CF630B328436F803D1586E3C44B695131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 764aa2c6bdaafc3cc868b42ab782f0dc66e4801ef1b92fca1a73e93d940614e9
                                                        • Instruction ID: 05f2f95fe1893aa19662b5d9c888ef35db04733869a500e37a90d9339892624a
                                                        • Opcode Fuzzy Hash: 764aa2c6bdaafc3cc868b42ab782f0dc66e4801ef1b92fca1a73e93d940614e9
                                                        • Instruction Fuzzy Hash: C002A4FB16C111BDB14685836F14EFA676EE3DB730F3284AAFA07D6582E3980E495131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: a721912923acc0129abd2b21a706fad4d4218454a3dfcd0393a5616038e79251
                                                        • Instruction ID: 96593a5cd854bded2a52b17779cc1f9c73ad49c27159e0928aa92cac99ac4401
                                                        • Opcode Fuzzy Hash: a721912923acc0129abd2b21a706fad4d4218454a3dfcd0393a5616038e79251
                                                        • Instruction Fuzzy Hash: 7B0293FB16C111BDB14685836F14EFA676DE3DB730F3284AAFA07D6582E3980E495131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: b70c3bef00990bf1f0d1a532908d77d46722363ed3cccf9c87bd5212f4c474ee
                                                        • Instruction ID: a8a77ac42697482f8a3007db03bd108400d0c0a6b75a1f8296ef0d210cdcfd4b
                                                        • Opcode Fuzzy Hash: b70c3bef00990bf1f0d1a532908d77d46722363ed3cccf9c87bd5212f4c474ee
                                                        • Instruction Fuzzy Hash: 9A0292FB16C115BDB14681836F14BFA676EE3DB730F3284AAFA07D6582E3980E495131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: fba90d4a66e5502ae69df11fddf0b3e07714f075705e4634e4e14c512c766521
                                                        • Instruction ID: 813fc993bd88eac3ff138b71a4414ed3933c318eaa5c397edd5b630bbf97c004
                                                        • Opcode Fuzzy Hash: fba90d4a66e5502ae69df11fddf0b3e07714f075705e4634e4e14c512c766521
                                                        • Instruction Fuzzy Hash: FC0292FB16C111BDB14685836F14EFA676EE3DB730F3284AAFA07D6582E3980E495131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: ba2bb9fb9b25361e22cd175ed95327bd15af76b721db9a57b2606d05ff1119bd
                                                        • Instruction ID: 14fb09b18b5381f27e2cac3ea57589da6a7791f30ff7596e3154260555158cb6
                                                        • Opcode Fuzzy Hash: ba2bb9fb9b25361e22cd175ed95327bd15af76b721db9a57b2606d05ff1119bd
                                                        • Instruction Fuzzy Hash: 3C0291FB16C111BDB14685836F14EFA676EE3DB730F3284AAFA07D6582E3980E495131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: fe435654e28dfef2c7f468a6faafb50d30b1bc37c309631b80760db63c01d259
                                                        • Instruction ID: 900af53eacc949a703fc6cbd89633bc51bedbbc81af33394122db6f8cd9afd94
                                                        • Opcode Fuzzy Hash: fe435654e28dfef2c7f468a6faafb50d30b1bc37c309631b80760db63c01d259
                                                        • Instruction Fuzzy Hash: 7E0292FB16C111BDB14685836F14EFA676EE3DB730F3284AAF907D6582E3980E4A5131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 9f6ddc74fa5c75f6cae89f16fc354578e1dd3d320d09bb9cc73435690784aceb
                                                        • Instruction ID: f390775ac5f93eea540cbb82940a9b15fe3d46890944cb7a5f876f9a55c0e453
                                                        • Opcode Fuzzy Hash: 9f6ddc74fa5c75f6cae89f16fc354578e1dd3d320d09bb9cc73435690784aceb
                                                        • Instruction Fuzzy Hash: C90292FB16C111BDB14685836F14AFA676EE3DB730F3284AAF907D6582E3980E4A5131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: c22eab8bd4c5096cf4c9a14e1239d99bcdb1bd80123e53173441ea84cbfb6d5e
                                                        • Instruction ID: dafdc935c8c6312f3490d14ee0f5018191b5c9de775a2a982ebc78b6373140ad
                                                        • Opcode Fuzzy Hash: c22eab8bd4c5096cf4c9a14e1239d99bcdb1bd80123e53173441ea84cbfb6d5e
                                                        • Instruction Fuzzy Hash: D30291FB16C111BDB14685836F14EFA676DE3DB730F3284AAFA07D6582E3980E4A5131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 8c0e5f0927dd87a096f3ebce8eb339d80a933e53ddfa8a76e4276f59f1bbb55f
                                                        • Instruction ID: b7b08fb8095426c3970627919d154a37c9f3d262ad17ad46f5cab0941bcca4f0
                                                        • Opcode Fuzzy Hash: 8c0e5f0927dd87a096f3ebce8eb339d80a933e53ddfa8a76e4276f59f1bbb55f
                                                        • Instruction Fuzzy Hash: 9E0292FB16C111BDB14685836F14BFA676DE3DB730F3284AAFA07D5582E3980E4A5131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 61d0932e6a16fce74108647685636f6efbd25ab943d0453bd0e4fcbaf13d47ef
                                                        • Instruction ID: 0fda76d6ce2cf96bfd58b9eec390da8c44e0040439b43c06f15051d243a0fb3a
                                                        • Opcode Fuzzy Hash: 61d0932e6a16fce74108647685636f6efbd25ab943d0453bd0e4fcbaf13d47ef
                                                        • Instruction Fuzzy Hash: AE0291FB16C111BDB24585836F14BFA676DE3DB730F3284AAFA07D6582E3980E4A5131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 3ac4cb66f2181790bb73de8c5997df308a648550ea6b6708dcaf0f26e5164ccf
                                                        • Instruction ID: 8572419befcb526232816d7ee9ff2113900f51cb40dca69a1a7e7e72e82d419c
                                                        • Opcode Fuzzy Hash: 3ac4cb66f2181790bb73de8c5997df308a648550ea6b6708dcaf0f26e5164ccf
                                                        • Instruction Fuzzy Hash: A1F180FB26C111BDB14585836F14BFA676DE3DB730F3284AAFA07D6582E3980E4A5131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 17dba05715b4f1b647f8241a4d26325f07d33648a26503bfe6c08e24c0a9e38b
                                                        • Instruction ID: 07d0c27380ab9537719bae2eadd88359251eab4f6f1dc6bd54076b2f0708828b
                                                        • Opcode Fuzzy Hash: 17dba05715b4f1b647f8241a4d26325f07d33648a26503bfe6c08e24c0a9e38b
                                                        • Instruction Fuzzy Hash: 1DF180FB16C111BDB14585836F14BFA676DE3DB730F3284AAFA07D6582E3980E4A5131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: eb75876451db6fa42f5c0611044579673b235fe0def4580f3d72f4f30dc419d5
                                                        • Instruction ID: 771eee7f87e4699844d5b7b56325e43bb2cd9ee21d365fbbdb71b7379202480a
                                                        • Opcode Fuzzy Hash: eb75876451db6fa42f5c0611044579673b235fe0def4580f3d72f4f30dc419d5
                                                        • Instruction Fuzzy Hash: C5F190FB16C111BDB14685836F14BFA676DE3DB730F3284AAFA07D6582E3980E4A5131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 7b45d88b843e9b02439e141500e06e42752419fc850a89f7bdfe014ad35f42c3
                                                        • Instruction ID: a6e1da6522ffaa133436f3e155f5b382567021ece3b839caf2997311fab445c3
                                                        • Opcode Fuzzy Hash: 7b45d88b843e9b02439e141500e06e42752419fc850a89f7bdfe014ad35f42c3
                                                        • Instruction Fuzzy Hash: 2DF1A2FB15C111BDB24685836F14EFA676DE3CB730F3284AAFA07D5582E3980E4A5131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 563c333fbdd1894aed8929e5d35ff9b099edf6cdbcf083cc54d17940fdb764ea
                                                        • Instruction ID: ddd26644c48d93362a7c8676ba3a6d9b54c49842b1a95366ff5e1ae0a1a0233c
                                                        • Opcode Fuzzy Hash: 563c333fbdd1894aed8929e5d35ff9b099edf6cdbcf083cc54d17940fdb764ea
                                                        • Instruction Fuzzy Hash: 61F190FB16C111BDB24585836F14BFA676DE3DB730F3284AAFA07D5582E3980E4A5131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 31853726967792b39fdc6e424b0bb61d92f351f1539ab8b010e4abb6150c7ce6
                                                        • Instruction ID: 67c9d0b2b1ac97636990ea3c1824925767019e0495fc421dccedab43b93f9e05
                                                        • Opcode Fuzzy Hash: 31853726967792b39fdc6e424b0bb61d92f351f1539ab8b010e4abb6150c7ce6
                                                        • Instruction Fuzzy Hash: DAF190FB16C115BDB24585836F14BFA676DE3CB730F3284AAFA07D5582E3980E4A5131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 3695ed14caf314905fe246520b27daa1d4e2a6efb3fa6b6dd0cf5abfaa8236cc
                                                        • Instruction ID: ef0f4031cee7d14fa2ef710af0730f29feed04644fe38c2d35ec88484a19ab28
                                                        • Opcode Fuzzy Hash: 3695ed14caf314905fe246520b27daa1d4e2a6efb3fa6b6dd0cf5abfaa8236cc
                                                        • Instruction Fuzzy Hash: 6CF190FB16C111BDB14585836F14EFA676DE3CB730F3284AAFA07D5582E3980E4A5131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 6d7f6d6d2b707e44f4b28307bbb93ce237d0d855dcf9054308284b081b305c92
                                                        • Instruction ID: 011a8847fc4ed3da8467fef8c72e626ba7ef4fdcd6d446e9040a92eb3b0a8e92
                                                        • Opcode Fuzzy Hash: 6d7f6d6d2b707e44f4b28307bbb93ce237d0d855dcf9054308284b081b305c92
                                                        • Instruction Fuzzy Hash: 01F190FB16C111BDB24585836F14BFA676DE3CB730F3284AAFA07D5582E3980E4A5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142419732.00000000071A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71a0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: 3f388dcf8b80784ca4cacbaa8919eed8fb5c7bb3b5f6791934b658b4d65ad58f
                                                        • Instruction ID: 15914c93c52d51c0b8b013df3a3804b01a30abd8aa0dcdd313208d521f558465
                                                        • Opcode Fuzzy Hash: 3f388dcf8b80784ca4cacbaa8919eed8fb5c7bb3b5f6791934b658b4d65ad58f
                                                        • Instruction Fuzzy Hash: 9CC166FF55C210BEB20A85555B54AFA6B6DEBCB730F32846AF007C7682F3A40E494171
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142419732.00000000071A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71a0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: 54787fddd7b02976009d0a69d1fd1682329a78b5b7ca2ce2b9bede9b577f2cd8
                                                        • Instruction ID: 5ba8dd76a4ad21c74b30dddffadbc380751c7dbdb9a43ff1bf9dba76202b649b
                                                        • Opcode Fuzzy Hash: 54787fddd7b02976009d0a69d1fd1682329a78b5b7ca2ce2b9bede9b577f2cd8
                                                        • Instruction Fuzzy Hash: 73B146FF65C211BEB20A85555B54AFA6B6DEACF330F328426F407D6682F3E44E490171
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 77e1e7d5b5f0e594998d4a226eb65a6d1c44e09b44016a440ad634be54055dad
                                                        • Instruction ID: fe1583ee599f80d6e2a87a947f5b061ba4d85864b8ac6d3f50e8d24f8348abf2
                                                        • Opcode Fuzzy Hash: 77e1e7d5b5f0e594998d4a226eb65a6d1c44e09b44016a440ad634be54055dad
                                                        • Instruction Fuzzy Hash: 1FF1A1FB66C111BDB24585836F14BFA676DE3CB730F3284AAF907D6582E3980E4A5131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 41490684efaeee3aff240085ccf48815f7e8d91597c114399b88fdf8713bf0fb
                                                        • Instruction ID: 6328b57b58ba5109172ec743162630a1dc244fc1c29a94c3a14429cbf80a1ca3
                                                        • Opcode Fuzzy Hash: 41490684efaeee3aff240085ccf48815f7e8d91597c114399b88fdf8713bf0fb
                                                        • Instruction Fuzzy Hash: 8EE1A0FB26C115BDB24585836F14BFA676DE3CB730F3284AAFA07D5582E3980A4A5131
                                                        APIs
                                                        • Process32FirstW.KERNEL32(?,?,?,?), ref: 071A04F2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142419732.00000000071A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71a0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: 23e9797c5d75587e1f75d0d7934dc11d11e391b9c006de7202387540f3c1e1cd
                                                        • Instruction ID: beba430b242b8adaa7e5a5f077914b687366ddd4cb89157525cd3c939030ab71
                                                        • Opcode Fuzzy Hash: 23e9797c5d75587e1f75d0d7934dc11d11e391b9c006de7202387540f3c1e1cd
                                                        • Instruction Fuzzy Hash: 0AB135FF65C211BEB20A85955B54AFA6BADE6CB330F328436F407C6682F3E44E490571
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 8ad3a65426210af2ef06cc24480118263c81dd474841031c117d9b335d51888c
                                                        • Instruction ID: e9f79148cda05110315368fad147a26ba7a08e72eb31319cbe5eeb44e9a7c897
                                                        • Opcode Fuzzy Hash: 8ad3a65426210af2ef06cc24480118263c81dd474841031c117d9b335d51888c
                                                        • Instruction Fuzzy Hash: 6BE1A0FB66C111BDB24585836F14BFA676DE3CB730F3284AAFA07D5582E3980B4A5131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: dca79bfc3791657c64abade58db17a628dca5446a64ab5f17048762ce2683b59
                                                        • Instruction ID: 1afa6aab32579e91c028eee0b3bfa9116aede009a999de26f6a08cfcbfef2601
                                                        • Opcode Fuzzy Hash: dca79bfc3791657c64abade58db17a628dca5446a64ab5f17048762ce2683b59
                                                        • Instruction Fuzzy Hash: 10E1A0FB66C111BDB24585836F14BFA676DE3CB730F3284AAFA07D5582E3980B4A5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142419732.00000000071A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71a0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: 2199cd5881e54ca583f1e1f0de64343361d1b0a368ddeb27bcce8605b956f373
                                                        • Instruction ID: 2ec2002bcdad708cb6446e5d5547e2239ae2c8d91a6b906d0f0a6431dd94b8c8
                                                        • Opcode Fuzzy Hash: 2199cd5881e54ca583f1e1f0de64343361d1b0a368ddeb27bcce8605b956f373
                                                        • Instruction Fuzzy Hash: 03B133FF65C211BDB20A85955B54AFA6B6DE6CB330F328436F407C6682F3E44E490171
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 28a36a76aa042c39d20fbec5a6f78dea56623db1349b3b8aae4c8121a8f8dc9c
                                                        • Instruction ID: a0a6c04e31b1a1637b5de04f536f7dd83ac8199a7f6b425a14487fcaae9e95cd
                                                        • Opcode Fuzzy Hash: 28a36a76aa042c39d20fbec5a6f78dea56623db1349b3b8aae4c8121a8f8dc9c
                                                        • Instruction Fuzzy Hash: 2EE1A1FB56C111BDB24585836F24BFA676DE3CB730F3284AAFA07D5582E3980E4A5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142419732.00000000071A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71a0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: 13c4aab0790df815d7763f76e2328a9b055cb21a6db094b2ee59001f657ed892
                                                        • Instruction ID: 06ee93341fc9bf43881ca5fa77c2e6d17863e893f682911d614c94baab31e9c2
                                                        • Opcode Fuzzy Hash: 13c4aab0790df815d7763f76e2328a9b055cb21a6db094b2ee59001f657ed892
                                                        • Instruction Fuzzy Hash: A5B143EF65C211BDB20A85955B14AFA6BBDE6CB730B32843AF407C7682F3E44E490171
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142419732.00000000071A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71a0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: 504ac5a0eb1225fbdc119b161dbd0c2496804784404272bb7be992f81d019f50
                                                        • Instruction ID: d652d02b0273740fbd55682df430a72cbc78e8cadb04749b7969eaeec8705846
                                                        • Opcode Fuzzy Hash: 504ac5a0eb1225fbdc119b161dbd0c2496804784404272bb7be992f81d019f50
                                                        • Instruction Fuzzy Hash: F7B134EF25C211BDB20AC5955B54AFA6BADE6CB730B328436F407C6682F3E44E490571
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: cd1a767781c18e1130617d452730d4a073d5f4ef088af873ef5bf33b13360520
                                                        • Instruction ID: 11a73d172366690dee2c53e0866f5537fb8e5b568e8334a125da5a6b8332f79f
                                                        • Opcode Fuzzy Hash: cd1a767781c18e1130617d452730d4a073d5f4ef088af873ef5bf33b13360520
                                                        • Instruction Fuzzy Hash: 8FE1A1FB66C111BDB24585836F14BFA676DE3CB730F3284AAFA07D5582E3980A4A5131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: f534e79dbd4d2d771ebb300c26bfa274e82f917499413e04a0034aa2a96f9005
                                                        • Instruction ID: 644743ad489c5a0cdee42693ed848bfb56e7b358b832c8919c499373996e2bb4
                                                        • Opcode Fuzzy Hash: f534e79dbd4d2d771ebb300c26bfa274e82f917499413e04a0034aa2a96f9005
                                                        • Instruction Fuzzy Hash: ADE190FB66C111BDB14585836F14BFA676DE3CB730F3284AAFA07D5582E3980E4A5131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: dcd450429c781753256a7b532b06574a7a17b48d0ce9e1944ce71df2e9a56528
                                                        • Instruction ID: 4302fd717609b7aacec6b1c388afbca755b433d3952acc1c7f512e76a1cdd1e0
                                                        • Opcode Fuzzy Hash: dcd450429c781753256a7b532b06574a7a17b48d0ce9e1944ce71df2e9a56528
                                                        • Instruction Fuzzy Hash: 7DE1A0FB16C111BDB14585836F24BFA676DE3DB730F3284AAFA07D5582E3980A4A5131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: d4d25dfa344a66e84ebc71ffc4d0b5c467ed9d737dcfbb057278daa953138642
                                                        • Instruction ID: 2a7b15bdae8b93acfa904d7e67e6ad1ff7db842d427ccd85bb86f93891b62369
                                                        • Opcode Fuzzy Hash: d4d25dfa344a66e84ebc71ffc4d0b5c467ed9d737dcfbb057278daa953138642
                                                        • Instruction Fuzzy Hash: 9EE1B1FB26C111BDB14585836F14BFA676DE3CB730F3284AAFA07D5582E3980E4A1531
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 63e2bb9833e170809b3606d23b228c865bddc75ed21620fd1dc9d4ea31a4a6e1
                                                        • Instruction ID: 7fa98179fb72e0293de56e61a155546907937484741a07bcb28672cee215d85c
                                                        • Opcode Fuzzy Hash: 63e2bb9833e170809b3606d23b228c865bddc75ed21620fd1dc9d4ea31a4a6e1
                                                        • Instruction Fuzzy Hash: FBE1A0FB26C111BDB14585836F14BFA676DE3CB730F3284AAFA07D5582E3980A4A5131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 1d8b644b95652dd6ec7a64bf6bdea04240dd32927ddfc7d473323818c34a2473
                                                        • Instruction ID: 144e56e8c2c20acb231fbdff94c8b2e6a03f1b1b4dd0403b891ab9af5f555048
                                                        • Opcode Fuzzy Hash: 1d8b644b95652dd6ec7a64bf6bdea04240dd32927ddfc7d473323818c34a2473
                                                        • Instruction Fuzzy Hash: 47E1A1FB65C111BDB245C5836F14BFA676DE3CB730F3284AAFA07D5582E3980A4A5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142419732.00000000071A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71a0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: 594a89d0001ea51fe633e4d27486ad3365a03f173357ad143ffa58b0d23ca93e
                                                        • Instruction ID: 09044a560ad94c090563e8609def3d623c48ce457694a2da125c69689cad013f
                                                        • Opcode Fuzzy Hash: 594a89d0001ea51fe633e4d27486ad3365a03f173357ad143ffa58b0d23ca93e
                                                        • Instruction Fuzzy Hash: 85A167FF65C211BEB20AC5555B54AFA6B7DE6CB730B32842AF407C7682F3A04E490571
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: af32713e8e92e8f60b750fe20e947f8b122914e949f5286f2939f03f88f951e4
                                                        • Instruction ID: 2b093901b4b5fb1e3a7e31968b6e4d70f2c2dbc3747fa47e70177105572502be
                                                        • Opcode Fuzzy Hash: af32713e8e92e8f60b750fe20e947f8b122914e949f5286f2939f03f88f951e4
                                                        • Instruction Fuzzy Hash: 61E1A0FB66C111BDB24581836F24BFA676DE3CB730F3284AAF907D5582E3980A4E5531
                                                        APIs
                                                        • Process32FirstW.KERNEL32(?,?,?,?), ref: 071A04F2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142419732.00000000071A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71a0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: 3851d224a898d22de98d9ba02ae136fad7a9d67592230484b7981f3683709d27
                                                        • Instruction ID: 334bc4e66c294d0649d0539cfa4e85e6bc8d02cc210778030980ac98bc94e74c
                                                        • Opcode Fuzzy Hash: 3851d224a898d22de98d9ba02ae136fad7a9d67592230484b7981f3683709d27
                                                        • Instruction Fuzzy Hash: 59A157EF65C211BEB20AC5555B54AFA6BBDEACB730B328426F007C7682F3E04E490571
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142419732.00000000071A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71a0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: 4590d584584e90f775c65d6215a4d2bf7fbb3ec27ff53f2b282770ceaeef7804
                                                        • Instruction ID: 10ccec308b5d2998b9362e15cbd807f63b6c26670b8edc56f09961789284d3ca
                                                        • Opcode Fuzzy Hash: 4590d584584e90f775c65d6215a4d2bf7fbb3ec27ff53f2b282770ceaeef7804
                                                        • Instruction Fuzzy Hash: F6A156EF65C211BEB20AC5955B54AFA6BBDE6CB330B328436F407C6682F3E44E490571
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: d0c3f0b6bcf41fa19d8b808b78efae7a6b89302a9f09d1919465a244e14a7100
                                                        • Instruction ID: afe5aa9d3eba17738bd52dcd4f2107ef9dfc3d9049dd6df07dc59eba21774eb4
                                                        • Opcode Fuzzy Hash: d0c3f0b6bcf41fa19d8b808b78efae7a6b89302a9f09d1919465a244e14a7100
                                                        • Instruction Fuzzy Hash: 7CD1B0FB66C111BDB24581836F14BFA676DE3CB730F3284AAFA07D5582E3980B4A5131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 8deb9c234b1b0ac5670783736559816d30683d91b943afa309645a8fe25d1851
                                                        • Instruction ID: 37ba8af83394f6857f4b2e2bde834fd966e633325863ab39c1e26fb02a8ff182
                                                        • Opcode Fuzzy Hash: 8deb9c234b1b0ac5670783736559816d30683d91b943afa309645a8fe25d1851
                                                        • Instruction Fuzzy Hash: BCD1B0FB26C111BDB24581836F14BFA676DE3CB730F3284AAFA07D5582E3980B4A5531
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 6ebdcfeeea7d89dc9f857bde3e366bb3bbeed9a781468b59b102a29a3051b717
                                                        • Instruction ID: 66f77dd39b29e0bfbc1ed13b38f61a40bdce0c1421d5ccf88187dbc5fae128ea
                                                        • Opcode Fuzzy Hash: 6ebdcfeeea7d89dc9f857bde3e366bb3bbeed9a781468b59b102a29a3051b717
                                                        • Instruction Fuzzy Hash: D5D1BEFB66C111BDB24585836F14BFA677DE3CB730F3284AAFA07D5182E3980A4A5531
                                                        APIs
                                                        • Process32FirstW.KERNEL32(?,?,?,?), ref: 071A04F2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142419732.00000000071A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71a0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: 9794e9c5a9ddbc5f791d9a8422a74d251e9fd797d986f9ae4f444379dd6ced12
                                                        • Instruction ID: ebd2a5432e42598e63e29fbbd087ab3cab9a258c7fa951aadcf116789e209e25
                                                        • Opcode Fuzzy Hash: 9794e9c5a9ddbc5f791d9a8422a74d251e9fd797d986f9ae4f444379dd6ced12
                                                        • Instruction Fuzzy Hash: 7C9156EF25C211BEB20AC5555B54AFAABBDE6CB730B328436F007C6682F3E44E490571
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 9c299a8baf3fafc6ff82aa435fa6bb314d44d89fd4cc744aa4a85c648badf00f
                                                        • Instruction ID: 48712b2ee9c36fa6826a68b244292612578b36748c731470140ced883c2526df
                                                        • Opcode Fuzzy Hash: 9c299a8baf3fafc6ff82aa435fa6bb314d44d89fd4cc744aa4a85c648badf00f
                                                        • Instruction Fuzzy Hash: 72D1BEFB65C114BDB24585826F24BFA676DE7CB730F3284AAF907E5182E3980B4E5131
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 4302a73fa24393177f61a4fff1de7de48386d00e2b7f5db33b31a2ba1a7ebdd3
                                                        • Instruction ID: 74bc81f4dde6e4d15c96df7e17a07a224c1b350471d85bc63d494ade614ff30a
                                                        • Opcode Fuzzy Hash: 4302a73fa24393177f61a4fff1de7de48386d00e2b7f5db33b31a2ba1a7ebdd3
                                                        • Instruction Fuzzy Hash: AFD1A0FB66C111BDB24581836F14BFA676DE3CB730F3284AAFA07D5582E3980A4A5531
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 2755225594d5ce6bfd84f3f67d2e2999cf55ee7b7380fce9ff4b9e68f8352455
                                                        • Instruction ID: e2aae517b05442fb28e99b84e9e7f7962946f845a7227cf871aa6426b3b2ca20
                                                        • Opcode Fuzzy Hash: 2755225594d5ce6bfd84f3f67d2e2999cf55ee7b7380fce9ff4b9e68f8352455
                                                        • Instruction Fuzzy Hash: 1BD1BFFB26C111BDB24585836F14BFA676DE3CB730F3284AAF907D5182E3980B4A5531
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: bb032647925d3e9d6b96a4f94fc2b42f7901d867a91e7dd37333ec13eb028042
                                                        • Instruction ID: 17ec4711915f987c1013dc6f2d8782e383afe2516f2b9a102f2a70ff4d3be3dd
                                                        • Opcode Fuzzy Hash: bb032647925d3e9d6b96a4f94fc2b42f7901d867a91e7dd37333ec13eb028042
                                                        • Instruction Fuzzy Hash: AED1AEFB66C111BDB245C5826F24BFA676DE3CB730F3284AAF907D5182E3980A4E5531
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: f8d72ca2dcbe8c5d5b14918d80b830a70a2207a26e02a011f2cb02b9cc2cb1a2
                                                        • Instruction ID: f91c28157b7f90dbc567f19df7f2295cbb8205c0a710817451a7a6ffb9acf60c
                                                        • Opcode Fuzzy Hash: f8d72ca2dcbe8c5d5b14918d80b830a70a2207a26e02a011f2cb02b9cc2cb1a2
                                                        • Instruction Fuzzy Hash: A6D1BFFB16C114BDB24585826F24BFA676DE3CB730F3284AAF907D5582E3980B4E5531
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8Hi
                                                        • API String ID: 0-233417135
                                                        • Opcode ID: 6593988a3830a8f646d9c63d62205700c902dc8aa075b9e444f130ea084137a9
                                                        • Instruction ID: 840e98ed19dab6718a03151af772aa46084f2a45f036ab5f8bd7c6174bc2c33c
                                                        • Opcode Fuzzy Hash: 6593988a3830a8f646d9c63d62205700c902dc8aa075b9e444f130ea084137a9
                                                        • Instruction Fuzzy Hash: 6AD1BEFB56C110BDB24585826F24BFA676DE3CB730F3284AAFA07D5182E3980B4A5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 18f3158e760e490f0cc9853a1110c7291c0ccfdd26e516c495c107bfb421acdd
                                                        • Instruction ID: 017e992110dd56a672af469f23f8e960a6c081eea9fa24506aca898f6cb00ee3
                                                        • Opcode Fuzzy Hash: 18f3158e760e490f0cc9853a1110c7291c0ccfdd26e516c495c107bfb421acdd
                                                        • Instruction Fuzzy Hash: CFC1AEFB56C114BDB24585826F14BFA676DE3CB730F3284AAF907E5182E3980B4A5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 45e0bc242488ef630c974877f0db000db77e0c0805faacfa1766e09061bdfdef
                                                        • Instruction ID: 1ec91bba18a8e5320ca8f737c218c0ec8fa50568b84e75c676140483afb50c83
                                                        • Opcode Fuzzy Hash: 45e0bc242488ef630c974877f0db000db77e0c0805faacfa1766e09061bdfdef
                                                        • Instruction Fuzzy Hash: 95C1BEFB56C110BDB24585826F14BFA676DE3CB730F3284AAFA07D5182E3980B4A5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 554a771dfc537b10e3ca37bd8574c9147f24a5dfc339cb8c5f3fd6cd2c97f6ce
                                                        • Instruction ID: 2002749d9e9e5cab734ed7afad17047d4139e7bd9435032da5b7d3a69086632a
                                                        • Opcode Fuzzy Hash: 554a771dfc537b10e3ca37bd8574c9147f24a5dfc339cb8c5f3fd6cd2c97f6ce
                                                        • Instruction Fuzzy Hash: B5C1BEFB56C110BDB24585826F24BFA676DE3CB730F3284AAF907D5582E3980B4E5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b1fbd74578b36ac94450e5259083e0eac52d7eddb8077249cf23d9e0ff55b46a
                                                        • Instruction ID: 5413dc47e0b4c3cd2e59967fdb28518181db5e2c9fb1bdfc5924eb9ec16aeea9
                                                        • Opcode Fuzzy Hash: b1fbd74578b36ac94450e5259083e0eac52d7eddb8077249cf23d9e0ff55b46a
                                                        • Instruction Fuzzy Hash: 97C1ACFB65C110BDB205C5826F24BFA676EE7CB730F3284AAF907D5182E3980B4A5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0a0a8b4c84e840344dc6f5b1a5cfd3968bebc5e9d2b8c4712bc0ffd32e87ecec
                                                        • Instruction ID: b0ba0c3a283de16c85c39e4738c3917e73f6f53e580138cb9643292eb88d44c0
                                                        • Opcode Fuzzy Hash: 0a0a8b4c84e840344dc6f5b1a5cfd3968bebc5e9d2b8c4712bc0ffd32e87ecec
                                                        • Instruction Fuzzy Hash: 5BC1BDFB16C114BDB245C5826F24BFA676DE3CB730F3284AAF907E5182E3980A4E5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 767ebce9a9f99ae6fbe1af6069033a0799cd3ae79a8a5aa69dcf3fa0fd350f67
                                                        • Instruction ID: 29a8fb60bc609c27b7d5b52db007379439d02d5bb043d5caab5390d2a59d81fa
                                                        • Opcode Fuzzy Hash: 767ebce9a9f99ae6fbe1af6069033a0799cd3ae79a8a5aa69dcf3fa0fd350f67
                                                        • Instruction Fuzzy Hash: C7C1ADFB26C114BDF245C5826F24BFA676DE3DB730F3284AAF907D5182E3980A4A5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f7511c37534a375d9ecc4bda60090cc49a44453d6af6ef6f70308b3c8f71ba11
                                                        • Instruction ID: 6a357854fdee507505113b05e2187a40c4ab9be807b02239aa6081eca62c635d
                                                        • Opcode Fuzzy Hash: f7511c37534a375d9ecc4bda60090cc49a44453d6af6ef6f70308b3c8f71ba11
                                                        • Instruction Fuzzy Hash: 7CC1CEFB56C115BDF20581826F24BFA676EE3CB730F3284AAF907D5182E3980A4A5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: aa2104026734d327c66c5ee53ef8d1514b775a28abc681f86c3ef6be202b6276
                                                        • Instruction ID: 0859b5379c6395ae8d3603ec4806284c21958e28d39a89f4201a5ac847b6f05d
                                                        • Opcode Fuzzy Hash: aa2104026734d327c66c5ee53ef8d1514b775a28abc681f86c3ef6be202b6276
                                                        • Instruction Fuzzy Hash: D4B1BFFB16C111BDB205C5826F24BFA676DE7DB730F3284AAFA07D5182E3980A4E5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ff1ab0483ce99461e7dd027ac6198cc0447f06debb353ea4a473c1db09194458
                                                        • Instruction ID: e9daedaf5a798befb7bde156d85dcd922422487318974a238f5ce61cf5542861
                                                        • Opcode Fuzzy Hash: ff1ab0483ce99461e7dd027ac6198cc0447f06debb353ea4a473c1db09194458
                                                        • Instruction Fuzzy Hash: A0B1BEFB12C111BDF205C1826F24BFA676DE7CB730F3284AAF907D5182E3980A4A5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3bbd9a85a8084bf0d550f605aead0430a98eb4c2910365c0fda4a490ea268329
                                                        • Instruction ID: 6d59d453acd27522167e4a3aa391279662f9b37dc2445298fb87330b7c53a893
                                                        • Opcode Fuzzy Hash: 3bbd9a85a8084bf0d550f605aead0430a98eb4c2910365c0fda4a490ea268329
                                                        • Instruction Fuzzy Hash: DFB1BEFB66C110BDF205C5826F24BFA676DE7CB730F3284AAF907D5182E3980A4A5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5c747d54eceaa1c76cd3f3480558a448b9c7bfcb84c464b291a92489eebab4fc
                                                        • Instruction ID: 897147bbdca2428f8e2dd05bd06440dbd9d5b5b9f6afa9c6056cb7c4ae64d84d
                                                        • Opcode Fuzzy Hash: 5c747d54eceaa1c76cd3f3480558a448b9c7bfcb84c464b291a92489eebab4fc
                                                        • Instruction Fuzzy Hash: 11B1BEFB66C110BDF205C5826F24BFA676DE3CB730F3284AAF907D5182E3980A4A5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a4ca9471f135873fc7232e931242924edf3b2f58456e90e1d462fe1fc7c9a03c
                                                        • Instruction ID: 2f010bb1fed9c257bea307ef4f56a347bc598665869c43d295a56ea648fa324a
                                                        • Opcode Fuzzy Hash: a4ca9471f135873fc7232e931242924edf3b2f58456e90e1d462fe1fc7c9a03c
                                                        • Instruction Fuzzy Hash: 93B1BFFB26C110BDF20585826F24BFA676DE7CB730F3284AAF907D5182E3980B4A5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 33e1aef062f712ea6317612facb44d4a8f203b1e2d319da654ca1e35a22616c6
                                                        • Instruction ID: 8493c17991324d025d247a43e8c5af89c26e048b64e40ac08984445321b8387e
                                                        • Opcode Fuzzy Hash: 33e1aef062f712ea6317612facb44d4a8f203b1e2d319da654ca1e35a22616c6
                                                        • Instruction Fuzzy Hash: D2B1C1FB26C114BDF20585826F24BFA676DE3CB730F3284AAF907D5182E3980A4E5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1263438337e6b91c3937cfb9f9a05606746bfeddbded33fba3bc4ffb7dd1a5f9
                                                        • Instruction ID: 7950eb1096460cbd1a51fa7394d4a5d8783e890f26736cc83f8909e402dc8986
                                                        • Opcode Fuzzy Hash: 1263438337e6b91c3937cfb9f9a05606746bfeddbded33fba3bc4ffb7dd1a5f9
                                                        • Instruction Fuzzy Hash: BBB1C0FB65C114BDF20585826F24BFA676EE7CB730F3284AAF907D5182E3980A4E5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c10ac7b181935eda9cf77435ffb58a244cfcbb9f3f4f5cf0ec111cff735a09a6
                                                        • Instruction ID: 138619293156684d03742a63df90d0a788314a21c92ff14859b51160e8570d5b
                                                        • Opcode Fuzzy Hash: c10ac7b181935eda9cf77435ffb58a244cfcbb9f3f4f5cf0ec111cff735a09a6
                                                        • Instruction Fuzzy Hash: C4A1B0FB65C110BDF20585826F24BFA676DE7CB730F3284AAF907D5182E3980A4E5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4df78d6fc3e4f260f3fee7dc062251bc1fc08f9ca2ff1a15856aaa81b00003e8
                                                        • Instruction ID: e6785328acdc518161f047a3ab063d4e79fd608363f2d47083e0df17032051e8
                                                        • Opcode Fuzzy Hash: 4df78d6fc3e4f260f3fee7dc062251bc1fc08f9ca2ff1a15856aaa81b00003e8
                                                        • Instruction Fuzzy Hash: C5A1AFEB65C110BDF20585826F24BFA676DE7DB730F3284AAF907D6182E3980A4E5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d5affc1386de906b8f9393b87e4b1761f36d547e0e0b7a5310fee63a38dd55dc
                                                        • Instruction ID: d3b1021149ba5aabd2e6ece18a3a1aa54637dd8971d3014e68e825d2cc25d9f8
                                                        • Opcode Fuzzy Hash: d5affc1386de906b8f9393b87e4b1761f36d547e0e0b7a5310fee63a38dd55dc
                                                        • Instruction Fuzzy Hash: 8BA1D0FB25C114BDB205C5826F24BFA676DE7CB730F32C4AAFA07D5182E3980A4A5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9733be29b4b265fdf61592ccb90de7284a3a8623dbe433d3d96317803a3563c3
                                                        • Instruction ID: 61fa9a35c9557c1ead7b952b6a1e3430fafc00c31d6028da7fcd1e7812c2feb8
                                                        • Opcode Fuzzy Hash: 9733be29b4b265fdf61592ccb90de7284a3a8623dbe433d3d96317803a3563c3
                                                        • Instruction Fuzzy Hash: A2A1BFFB26C114BDF20585826F24BFA676DE7DB730F3284AAF907D5182E3980A4E5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3c9a4510978dca49ca2f40374e30f6ed64b49a23d28c0cd5c738f35508cfbe00
                                                        • Instruction ID: 0d643a56db66c38cd087b1fafb64782a2ffd3e803a29aeaf0c0412fb5fe82d2c
                                                        • Opcode Fuzzy Hash: 3c9a4510978dca49ca2f40374e30f6ed64b49a23d28c0cd5c738f35508cfbe00
                                                        • Instruction Fuzzy Hash: 97A1BFFB55C114BDB205C1826F24BFA676DE7DB730F32C4AAF907E5182E3980A8A5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 87862636ad9842587af96e68386375d8835afc09f606eb512b358a2feb541b00
                                                        • Instruction ID: 784435d2002db791e08895fbc519fbae19a7f2b8e64266416b08e98ade3177ac
                                                        • Opcode Fuzzy Hash: 87862636ad9842587af96e68386375d8835afc09f606eb512b358a2feb541b00
                                                        • Instruction Fuzzy Hash: 8FA1BFFB15C110BDB24581826F24BFA676DE7DB730F3284AAF907E1182E3980A8E5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cd11031bd9d2cb80333e4c94db9b123024644f7c7590e36c7be8d1155ce65546
                                                        • Instruction ID: 4f5b463723f139a21da2b343a7f84abeffaee777e3b346106f9fa23e070ffd85
                                                        • Opcode Fuzzy Hash: cd11031bd9d2cb80333e4c94db9b123024644f7c7590e36c7be8d1155ce65546
                                                        • Instruction Fuzzy Hash: 18A1BFEB15C110BDB205C5826F24BFA676DE7DB730F3284AAF907D5182E3980B8E5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9ed98be210be3940f83e2af48a4095b989aaa5263b70c4bc67e74e9bd397ef80
                                                        • Instruction ID: 4e02bc27fefcbabac0cc88b4b0d446f63bf34e6c3a8b8febcf7843fed6c39521
                                                        • Opcode Fuzzy Hash: 9ed98be210be3940f83e2af48a4095b989aaa5263b70c4bc67e74e9bd397ef80
                                                        • Instruction Fuzzy Hash: EFA1BFFB25C114BDB20585826F24BFA676DE7DB730F3284AAFA07D5182E3980A4E5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e2276485330ed3532d26e71985361eabdba420a85652e3822f543bc2b0cdd83c
                                                        • Instruction ID: 36329ab62d2bb5a0b1f78c49ea22eac362117836307ab744c3f563b9b4d1e512
                                                        • Opcode Fuzzy Hash: e2276485330ed3532d26e71985361eabdba420a85652e3822f543bc2b0cdd83c
                                                        • Instruction Fuzzy Hash: 3591C0EB15C110BDB205C5826F64AFA676EE7CB730F3284AAF907D5182E3980A8E5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: edf614e323ad2f9199a6305e672d254011d39222b70ec71fc7fcac8bc9f6d0ad
                                                        • Instruction ID: 3a1c56fb5d27c42855e625a92acd29af0980f2b81183475733b79793d81c43b2
                                                        • Opcode Fuzzy Hash: edf614e323ad2f9199a6305e672d254011d39222b70ec71fc7fcac8bc9f6d0ad
                                                        • Instruction Fuzzy Hash: B591AEEB15C114BDB245C1826F24BFA676DE7DB730F3284AAFA07D1182E3980B4E5531
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7cd2b208c67f681df2e69fe53cc3d23c2171300a619f8e2086916b49efe621ba
                                                        • Instruction ID: 0c989759fd9b1b26c872ef4c40b25f20448649de070b40ca9b08278e49fe6a6b
                                                        • Opcode Fuzzy Hash: 7cd2b208c67f681df2e69fe53cc3d23c2171300a619f8e2086916b49efe621ba
                                                        • Instruction Fuzzy Hash: 2E91C0EB15C110BDB245C5826F64AFA676DE7DB730F3284AAFA07D6182E3980B4E5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b4d2d71e601da1704f089f094a8340afde36e5b00522efe3b144169ccf69e3bc
                                                        • Instruction ID: 77765b3213c7774b9b2eafad05f2fe5bfa78d9ee939dea1762f0b331bed31d78
                                                        • Opcode Fuzzy Hash: b4d2d71e601da1704f089f094a8340afde36e5b00522efe3b144169ccf69e3bc
                                                        • Instruction Fuzzy Hash: B291BEEB15C114BDB245C1826F24AFA676DE7CB730F3284AAFA07D5182E3980B4E5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 90f7d2f33e483e027ad8a7bce83756d988fb92548578ffd6eacef42a53533fdf
                                                        • Instruction ID: ed3fb1b4fe5dfca17c5a130b65a15a955cae1e3799442b669d9e859f56ae7b0e
                                                        • Opcode Fuzzy Hash: 90f7d2f33e483e027ad8a7bce83756d988fb92548578ffd6eacef42a53533fdf
                                                        • Instruction Fuzzy Hash: 8681C1EB15C114BDB145C1826F64EFA676EE7DB730B32C4AAF907D6182E3980B4E5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3f7513025c4fc8ae21f8f5f6153ed58a478e76c1bf975f7a4af94724d9608d7c
                                                        • Instruction ID: 9b5c1b9b9e75341bf96fba9adbf77e7447431023de101982c4e8a92f7cbfb38a
                                                        • Opcode Fuzzy Hash: 3f7513025c4fc8ae21f8f5f6153ed58a478e76c1bf975f7a4af94724d9608d7c
                                                        • Instruction Fuzzy Hash: B281C0EB15C114BDB145C5836F24EFA676EE7DB730B3284AAFA07D6182E3980F4A5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ccebdb78e7427bf6a723c8602c67634574f8f8b577d525b77bef143bb7d5fbfc
                                                        • Instruction ID: ab0545b7572086cfff47fe467f0f985386f0b4bcd4fa3b216ef2c33cf4c215a6
                                                        • Opcode Fuzzy Hash: ccebdb78e7427bf6a723c8602c67634574f8f8b577d525b77bef143bb7d5fbfc
                                                        • Instruction Fuzzy Hash: FF81D0EB11C110BDB145C5826F24EFA676EE7DB730B32C4AAFA07D6182E3980F4A5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f77761cde53155e8c19e9cca9fe660e7b95224862e2c666cb1779a0c49cba67a
                                                        • Instruction ID: 30312b132608ae6bb2aac84192d746fa89ed67d75926836fe96b8dfe9a55f3ce
                                                        • Opcode Fuzzy Hash: f77761cde53155e8c19e9cca9fe660e7b95224862e2c666cb1779a0c49cba67a
                                                        • Instruction Fuzzy Hash: 9281A1EB51C110BCB245C5826F24AFA676EE7DB730B3284ABF907D6582E3940F8E5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 60e1b26b57fcd6f91b026b561fad69cfdbf61a3fe76436cc89f55c28115210df
                                                        • Instruction ID: 09e9ccd3e29fbfbcdf3db4aefc24e296e4271dbeaefa5b0d35d4f24505478b2e
                                                        • Opcode Fuzzy Hash: 60e1b26b57fcd6f91b026b561fad69cfdbf61a3fe76436cc89f55c28115210df
                                                        • Instruction Fuzzy Hash: AF71AFEB15C110BCB145C5826F64EFA676EE7DB730B3284A6FA07D5182E3980F8E5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cd165f2a1c31229255ad6289a425dac435a3b5295e891788b89b4d42c32fa9d7
                                                        • Instruction ID: 00c3c594b0d852414375e33e06b9d42ad38b238c181c70926f8d1cbf19d7570c
                                                        • Opcode Fuzzy Hash: cd165f2a1c31229255ad6289a425dac435a3b5295e891788b89b4d42c32fa9d7
                                                        • Instruction Fuzzy Hash: 9A719FEB15C110BCB145C5826F24EFA676EE7DB730B3284AAFA07D5582E3980F8E5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a70423a4b6ca7d6ee9c94c4746851cfa3bdbb8569ebf3ae5a8363a62da379d57
                                                        • Instruction ID: be99981caf6f51188038c527e39237f324fc1d92f0c3dcac7104193c2c05d1c7
                                                        • Opcode Fuzzy Hash: a70423a4b6ca7d6ee9c94c4746851cfa3bdbb8569ebf3ae5a8363a62da379d57
                                                        • Instruction Fuzzy Hash: 1C71A1EB15C110BDB145C5826F64EFA676EE7DB730B32C4AAFA07D6182E3940F4A5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e097d423a25b6eccc1ec876e41de6b23111ca35253a33b6d07d39cc683739c4b
                                                        • Instruction ID: 21b6997346e2a6e34dba45b98660e9f5b8e8477a49882bcd6966c188b0ea9a6e
                                                        • Opcode Fuzzy Hash: e097d423a25b6eccc1ec876e41de6b23111ca35253a33b6d07d39cc683739c4b
                                                        • Instruction Fuzzy Hash: 8B61A1EB15C110BCB145C4826F60EFA676EE7DB730B3284A6FA07D6686E3940F8E5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5ef0379d173da8f21e261cb1dcb3478b4f2c0ff9c9e3455a209e39e2b77f423c
                                                        • Instruction ID: 45f834bbe7a5812e45b9d4798516529421896ddad7b0793ff60f677d720f0d8b
                                                        • Opcode Fuzzy Hash: 5ef0379d173da8f21e261cb1dcb3478b4f2c0ff9c9e3455a209e39e2b77f423c
                                                        • Instruction Fuzzy Hash: FC517DEB15C114BCB149C5876F20EFA676EE2DB730B3284A6FA07D6681E3940F8A5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4ab5a8bd3e508d7d36d972581809dfe56f36e5cf0302c4107fa9a47c7abf9905
                                                        • Instruction ID: f1418fafe0305089c556cb47c269abef34010794d77bb6fea861b26ce2a04a2a
                                                        • Opcode Fuzzy Hash: 4ab5a8bd3e508d7d36d972581809dfe56f36e5cf0302c4107fa9a47c7abf9905
                                                        • Instruction Fuzzy Hash: 5E519FEB15C114BDB149C5836F20AFA676EE6DB730B3284A7F907D5581E3940F8E5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 356a9fd818f1cea677d21d896252e694f8b5c68a5e5ec98d849fbfe68fe762b3
                                                        • Instruction ID: 491b1f226972d1bb86fee6bd3f94553085b3175eeda31103598668e4c6b793ae
                                                        • Opcode Fuzzy Hash: 356a9fd818f1cea677d21d896252e694f8b5c68a5e5ec98d849fbfe68fe762b3
                                                        • Instruction Fuzzy Hash: 2A51D2EB21C110BDB145C1836F60AFA676EE7DBA30B3284A7F907D6586E3944F8A5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e0fab8f5c310a50303a989f138480e352cdedb27cc297dc1b3dc951811c7814f
                                                        • Instruction ID: 2cd85a970c2ac9b0902a7ee973fe6ab2b18808bd00734eece95c62b2206fea33
                                                        • Opcode Fuzzy Hash: e0fab8f5c310a50303a989f138480e352cdedb27cc297dc1b3dc951811c7814f
                                                        • Instruction Fuzzy Hash: 4E5190EB15C114BCB149C5876F20EFA676EE6DB730B3284A7F907D5682E3940F8A5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 93145bf7fe69cef7e194270a3492cea61973549184ef0f0dfd92ca2970f5abfa
                                                        • Instruction ID: b41117aba1008dd87a82a51bf8e92d5912f76c4a2eca207c23a2cc65b70dbf2f
                                                        • Opcode Fuzzy Hash: 93145bf7fe69cef7e194270a3492cea61973549184ef0f0dfd92ca2970f5abfa
                                                        • Instruction Fuzzy Hash: 6B5190EB15C110BCB145C5826F20EFB676EE6DB730B3284AAF907D6686E3940F8A5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fdceb3b9091c976faaaf249fd957d6eb3eba14b7835c6c4c2f9e20ff31203833
                                                        • Instruction ID: ff60ca655a6cdb1156da1f92b22dc3da3f4885da4d5c79a603b4605b7c66026c
                                                        • Opcode Fuzzy Hash: fdceb3b9091c976faaaf249fd957d6eb3eba14b7835c6c4c2f9e20ff31203833
                                                        • Instruction Fuzzy Hash: B651C1EB15C110BCB146C1826F60EFA676EE7DB730B3284A6F907D6682E3940F8E5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ebe71e8f60c4e789a9549fa1a295ae73c27b1653ad1edbba730316a39340203a
                                                        • Instruction ID: 0ea17c0beec9834b6bde3dbf97d70118a83d38d310eba9ec8fe059800f4d9e25
                                                        • Opcode Fuzzy Hash: ebe71e8f60c4e789a9549fa1a295ae73c27b1653ad1edbba730316a39340203a
                                                        • Instruction Fuzzy Hash: 9E51B1EB25C110BDB116C1826F60EFA676EE7DB730B3284A7F907D6681E3940F8A5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7f99b6531d2c939dcd2b8173e7a6e559f882b9288b45074e5f7f932704abd260
                                                        • Instruction ID: 0a5a843781a287aedc5d2c3f64365ba7471b6ea72ee4bc0a98988a24b905b69a
                                                        • Opcode Fuzzy Hash: 7f99b6531d2c939dcd2b8173e7a6e559f882b9288b45074e5f7f932704abd260
                                                        • Instruction Fuzzy Hash: BD51A0EB25C114BDB145C0826F60EFA676EE3DB730B3284A6F907D6682E3940F8A5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8ffc0d09a33a92b201db6a3b0f2a3f3bef8a6988e65cbf08cc39387b51283246
                                                        • Instruction ID: d8cd1a97a3f4acd1c20c48ed4d334e3313ff88ab7f7517ee23ba1f88a8f88722
                                                        • Opcode Fuzzy Hash: 8ffc0d09a33a92b201db6a3b0f2a3f3bef8a6988e65cbf08cc39387b51283246
                                                        • Instruction Fuzzy Hash: C75170EB25C110BDB155C1826F20EFA676ED6DB730B32C4A6F907D6285E3944F8A5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c4cd20c07f8fc92b1e3518c78236efacf56c187feb9aa94fe2c09395f0c7ac27
                                                        • Instruction ID: 4a7ea11e8851a2e8410bf9906ff136b1d004ba0c75705fa758aebc56824f9177
                                                        • Opcode Fuzzy Hash: c4cd20c07f8fc92b1e3518c78236efacf56c187feb9aa94fe2c09395f0c7ac27
                                                        • Instruction Fuzzy Hash: 77418DEB25C110BDB105C5826F24EFA676ED6DBB30B32C4A6F907D6286E3944F8E5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e6d616edd8c36bb00d45540f4c7c53ede7c51fd7264de14e9994c63d304941c3
                                                        • Instruction ID: 0c34243ab28f4043c4783caaa7ea8af98fd311f5d1a79878b48c7bbfef616d7b
                                                        • Opcode Fuzzy Hash: e6d616edd8c36bb00d45540f4c7c53ede7c51fd7264de14e9994c63d304941c3
                                                        • Instruction Fuzzy Hash: 7C4171EB25C110BD7106C4822F24EFA676ED6DBB30B32C4A6F907D6186E3940F8E5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 108979306c080f1fde7aa7481b233b4eb5033b585a1274476a782c220e6426c3
                                                        • Instruction ID: a72a4b5b52d8523088d4a82d3d4b4db63e974483888a464f48f48bf9e06ae99f
                                                        • Opcode Fuzzy Hash: 108979306c080f1fde7aa7481b233b4eb5033b585a1274476a782c220e6426c3
                                                        • Instruction Fuzzy Hash: D14192EB25C114BDB216C5822F24EFA676DD7DBA30B32C4A6F907D6182D3950F8E5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 50c78787672b07dfdd74fd68bd468ce6355446ee9a452ee00781b9ac415557db
                                                        • Instruction ID: ca0485fceb5e313d80fd587ced92ab8135c6ff3ce33bccb3247c7a5f40f3e9c9
                                                        • Opcode Fuzzy Hash: 50c78787672b07dfdd74fd68bd468ce6355446ee9a452ee00781b9ac415557db
                                                        • Instruction Fuzzy Hash: 35419FEB25C114BDB205C5926F24EFA676DD6DBB30B32C4AAF907D6182E3940F4A5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f2549884be9b1344cb9b31ddf2081a0521d6a1c495302ed7ab32484ce122ee9b
                                                        • Instruction ID: 70abafb89d372ee732b3ffc4a090e288bdec5f7304baffdb8e3f0442c302efff
                                                        • Opcode Fuzzy Hash: f2549884be9b1344cb9b31ddf2081a0521d6a1c495302ed7ab32484ce122ee9b
                                                        • Instruction Fuzzy Hash: 99418FEB25C114BD7105C1826B24EFAA76DD7DB730B3284A6F907E6182E3950F8A5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d2aee0994f6ba38e52ee450de27b9da60a25c0056173bc6e99fbac27ccd0b7a6
                                                        • Instruction ID: b0875e65d26b255c6e33f59e917024ffe0e6017c3b19dc1bf48d4a5358955ed2
                                                        • Opcode Fuzzy Hash: d2aee0994f6ba38e52ee450de27b9da60a25c0056173bc6e99fbac27ccd0b7a6
                                                        • Instruction Fuzzy Hash: B2418FEB21C114BDB115C5822F24EFA676DD7DBB30B3284A6F907D6182D3940F8E5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 48673d16be716f778c9d0e988485fea8802271bb0da1c8820e4868f27685aa0d
                                                        • Instruction ID: 3df04fc5cbdba8f8bcfdd124b053368fa8ccb7e29709d03ebac2c3a5ce944d1f
                                                        • Opcode Fuzzy Hash: 48673d16be716f778c9d0e988485fea8802271bb0da1c8820e4868f27685aa0d
                                                        • Instruction Fuzzy Hash: F6318EEB25C110BDB115C5822F24EFAA76ED2DB730B32C4A6F907D6282E3950F8E5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f1d14b4ebdf6f47dabed71a362ac891e5596d7ae68c5fc39b042dc257cb53d6e
                                                        • Instruction ID: 411c2b8954b9868b8a1b4284ebe19359bf7bc7b907a8385c01bb4f68b96d2db8
                                                        • Opcode Fuzzy Hash: f1d14b4ebdf6f47dabed71a362ac891e5596d7ae68c5fc39b042dc257cb53d6e
                                                        • Instruction Fuzzy Hash: 68319EEB25C010BDB205C0826F24EFA676DD2DBB30B32C4AAF907D6186E3950F8E5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8211149a66eafba3f0aef76d06d5ed3fa560ee6a0293309813cbe11b580518f9
                                                        • Instruction ID: e6f4f4580f0f61e475fe684907deefb7d4ea007b6726fb000428868870edd27f
                                                        • Opcode Fuzzy Hash: 8211149a66eafba3f0aef76d06d5ed3fa560ee6a0293309813cbe11b580518f9
                                                        • Instruction Fuzzy Hash: 89317EEB25C014BDB115C1826F24EFA636DD6DB730B32C4A6F907D6146E3950F8E5131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a61ee1d944c1a24a59c856c9b87a2cfa3fc0d0e968b96031ff22d3e3bdfd9638
                                                        • Instruction ID: 7e6798efc34b01ac83d11a889b350acc72f6b368ba8f6f9e970b9439fe3bed6b
                                                        • Opcode Fuzzy Hash: a61ee1d944c1a24a59c856c9b87a2cfa3fc0d0e968b96031ff22d3e3bdfd9638
                                                        • Instruction Fuzzy Hash: 1B317AEB21C154BDB205C4826F20EFA636DD6CB730B32C8BAF907D6146D3950F4A5135
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 56702e0e4c269fb7091fc2f68520b473a68612d9f424687b0fbc832e7a243203
                                                        • Instruction ID: b75ceea1caa56e675c4ec58677e2a3ff509e2036609d946d3e23e6777e7b2fe6
                                                        • Opcode Fuzzy Hash: 56702e0e4c269fb7091fc2f68520b473a68612d9f424687b0fbc832e7a243203
                                                        • Instruction Fuzzy Hash: 15317CFB258114BDB215C4826F60EFA636ED6CB730B32C4AAF906D6146D3950F8A6135
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142492935.00000000071E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71e0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c09e27169d4f18aebaac3c57e63336582269d738d2117422110e875457195c85
                                                        • Instruction ID: 974bc300f1352c5feff467f36f222351e41b50384036786b17a9fda48b1ca270
                                                        • Opcode Fuzzy Hash: c09e27169d4f18aebaac3c57e63336582269d738d2117422110e875457195c85
                                                        • Instruction Fuzzy Hash: CB3125E720DA58ADF21A91642F54AF63B6EE3CB730B368437F402D54C2D3D19A4A0271
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 001fd839053fff2293273a3521746b645d1a7eb90b594289adda8a92829842d7
                                                        • Instruction ID: 990787c3a0ad77199846f2af4309e47e4254b70525ea005ef4399fcaf6ed1f32
                                                        • Opcode Fuzzy Hash: 001fd839053fff2293273a3521746b645d1a7eb90b594289adda8a92829842d7
                                                        • Instruction Fuzzy Hash: 4D21DDFB21C114BDB209C4426B50EFB67ADD7CA730B32C4AAF947D6042E3A50F8A9135
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142492935.00000000071E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71e0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 37fbcf35f276e9a950c66add05ea88198c9d04dd2580e5ac12c34a5dcdf2cdb1
                                                        • Instruction ID: 4986c15e48411206fd4b3885c1bbd2e22eac81b9a7da4710450f68b4086b8b1c
                                                        • Opcode Fuzzy Hash: 37fbcf35f276e9a950c66add05ea88198c9d04dd2580e5ac12c34a5dcdf2cdb1
                                                        • Instruction Fuzzy Hash: 142105E710C995BDF64991642A55AFA3B6EE3CB330F36843BF402D44C2D3D1DA4A0232
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142492935.00000000071E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71e0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e310b6ac2cedcd8d57dfce45853853a62bc16bb3a82bb520c10f403280e9af4d
                                                        • Instruction ID: 9aa66dda2306228162e285e9c37a03b57720fa97371e6546ce5e3c7905dc855f
                                                        • Opcode Fuzzy Hash: e310b6ac2cedcd8d57dfce45853853a62bc16bb3a82bb520c10f403280e9af4d
                                                        • Instruction Fuzzy Hash: CF3146E315CA55ADE20A41546B11AFA3B6EF3CB330F378426F403E99C2D3D1DA8A4271
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 632076a447973d8fa2a381aa2eb23ae785d63e3cb850e3d2449e209ffd3da40a
                                                        • Instruction ID: bbc1876bf706aba2d87a21286f1640d503a60d99282b8c3c60fc92077cd56a9c
                                                        • Opcode Fuzzy Hash: 632076a447973d8fa2a381aa2eb23ae785d63e3cb850e3d2449e209ffd3da40a
                                                        • Instruction Fuzzy Hash: 3421ACFB26C014BDB209C5826F20FFA636DD6DB730B3284AAF907E2142D3990F4A5135
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f2d4b2bb4a5d19d7ab030acda6cbc4a1531a661ce833a16f5e569394a50d3149
                                                        • Instruction ID: 7e486f7746fa5bac6b52129ababe23c269f9b5e2c78fcba1c4dec676ba9b9f0d
                                                        • Opcode Fuzzy Hash: f2d4b2bb4a5d19d7ab030acda6cbc4a1531a661ce833a16f5e569394a50d3149
                                                        • Instruction Fuzzy Hash: 7C2159FB22C114BDB215C5426F20AFA636DD6DA730B3288AAF947E2182D3A50B4A5135
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142492935.00000000071E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71e0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: acab78349121f139a1c83e6bb069239e115ef6babaaaba6ec9a713f5375a4216
                                                        • Instruction ID: 9c70ddf7548fe81e0d446d093a27e8a8c8f16d101398d29dc66cbd7924ffcd35
                                                        • Opcode Fuzzy Hash: acab78349121f139a1c83e6bb069239e115ef6babaaaba6ec9a713f5375a4216
                                                        • Instruction Fuzzy Hash: 98212CF310C999ADE60991642A55AFA3B5DE78B330F368437F402E94C2D3D19A490261
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142492935.00000000071E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71e0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f9e415e99a7d11c43ff4a9d7d13d8e0fa8c8d602c0850dedeb15dd9578f73a81
                                                        • Instruction ID: df885ba0ed6b44977a303068b62e4e315e2977ce633f82dd091df43ce5adea40
                                                        • Opcode Fuzzy Hash: f9e415e99a7d11c43ff4a9d7d13d8e0fa8c8d602c0850dedeb15dd9578f73a81
                                                        • Instruction Fuzzy Hash: BB2105E314C955ADE20A91642A51AFA3B1EF78B330F368436F442E84C2D3D19A490261
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2b64a1dd56cd7541c09b06a9e5dbd5d4669592e9f9ec8964157fa72810a5290b
                                                        • Instruction ID: b5aab50ab85bec24c47812d9e69a0fc18e53ca8366c42de17caaf640d7711bd3
                                                        • Opcode Fuzzy Hash: 2b64a1dd56cd7541c09b06a9e5dbd5d4669592e9f9ec8964157fa72810a5290b
                                                        • Instruction Fuzzy Hash: 9E2104FA21C010AEB609C1525A54BFB2B7DE7CA230B32C8AAF447D3141E3564F4A8575
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3e81744ee4d32dd1abd6a3a1093287a46ea1f8466ba59fab738402d4d7101b97
                                                        • Instruction ID: 126010f7b94a502b8af27bd74797edecba6f2f74f2c014830fdc7266f0d5538e
                                                        • Opcode Fuzzy Hash: 3e81744ee4d32dd1abd6a3a1093287a46ea1f8466ba59fab738402d4d7101b97
                                                        • Instruction Fuzzy Hash: C9118CFB168114BDB219C5826F20EFA636ED6DA730B32C4AAF907E6141E3990F4A5135
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8030d310965e292b2c0f181f42bcf02fa5627c9e27a0f389fd86d304e6019a97
                                                        • Instruction ID: ef5d3972c7561fb2b53bab7e2ca1cce4bd4a08ae8a12678e154717f4d676b90d
                                                        • Opcode Fuzzy Hash: 8030d310965e292b2c0f181f42bcf02fa5627c9e27a0f389fd86d304e6019a97
                                                        • Instruction Fuzzy Hash: D311CDFB128014BDB205C1426F24FFB63ADD6CA730B32C4AAF906E2041D3550F4A4135
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142492935.00000000071E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71e0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9c55bfce1ab1e79c1624058036b627e2140f02c1a4948315fa159b07ea0a26bc
                                                        • Instruction ID: f0022eea7a10abce87a512a435d6ada17347c2ce05b079fd7eea2337332c10b2
                                                        • Opcode Fuzzy Hash: 9c55bfce1ab1e79c1624058036b627e2140f02c1a4948315fa159b07ea0a26bc
                                                        • Instruction Fuzzy Hash: 7C217FF310C999ADE60A85542A50AFA3F6EF7CB330F368437F002E94C2D7D19A494271
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142492935.00000000071E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71e0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d5a14e4df008dbe73fb5a1233c751c8b19ff54e8a3af07167eef480836a32f62
                                                        • Instruction ID: bd3f88945a1b29e436f05ffdc727befc99e7d3f839ced64bb47da8429adc4701
                                                        • Opcode Fuzzy Hash: d5a14e4df008dbe73fb5a1233c751c8b19ff54e8a3af07167eef480836a32f62
                                                        • Instruction Fuzzy Hash: 6811E4E765CA98ADE20991652A11FFA3B6EE3D7730F378437F402E5982E3D18A490171
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 16e49bb5855b92b1fdab35158edf4dc804ed7ade9f53da311c064c5af7ddd677
                                                        • Instruction ID: 62047edbdbc03266aa6b3c5080b3b6706817456f1fa451bc0bbdd2cfe5471e86
                                                        • Opcode Fuzzy Hash: 16e49bb5855b92b1fdab35158edf4dc804ed7ade9f53da311c064c5af7ddd677
                                                        • Instruction Fuzzy Hash: F511A0FB228114FDB215D1826B50AFA636DD7CA330B32C8A6F546E2141D3650F4A5135
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142492935.00000000071E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71e0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d7f19a76fdee1e0a70acdd819adfb4db2bbef576017d8079fd2d5bb7a712bf76
                                                        • Instruction ID: 090e8afa01d0bc8622632b879ca5ffde2630d981f06bd67d87cfd396d5800c1a
                                                        • Opcode Fuzzy Hash: d7f19a76fdee1e0a70acdd819adfb4db2bbef576017d8079fd2d5bb7a712bf76
                                                        • Instruction Fuzzy Hash: 49F0C2F315C96CAD664D91556B109FA3B6EE1CB730B32843BF443E5885E3E54E481131
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ea1d639c932a1c07ea593350f59f76bc4626ca013a3b8dd2ede880d7cd14fcb6
                                                        • Instruction ID: 89e10fdae4f864f7210af13f2b24143272b035cba61f21a11d320373775ce384
                                                        • Opcode Fuzzy Hash: ea1d639c932a1c07ea593350f59f76bc4626ca013a3b8dd2ede880d7cd14fcb6
                                                        • Instruction Fuzzy Hash: C00147F5668114EED729C6924B107FA33B5ABDA230F3284F9F546E7140D3654F028135
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7089996750b67f465ea255c6bdbc679fab1f5a1308084e6f5ae0850e8df794ef
                                                        • Instruction ID: 0750a50ce46772841b4667ad7d4d184005cda378659dae4cea12b93bbb4e6a9a
                                                        • Opcode Fuzzy Hash: 7089996750b67f465ea255c6bdbc679fab1f5a1308084e6f5ae0850e8df794ef
                                                        • Instruction Fuzzy Hash: 87F0F4F6628018EEA719C6524B10AFE76B9A7CA230F3280E5F946E6141E3664E018234
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142492935.00000000071E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71e0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 54219e2dc60021bc25788bdb8409ed4d579bd18c6cf0ab3f273337c4aaff7d35
                                                        • Instruction ID: 84099963682ca55952e1bed69cbaa12a2ba4f5b9749304c7179ba5567629a125
                                                        • Opcode Fuzzy Hash: 54219e2dc60021bc25788bdb8409ed4d579bd18c6cf0ab3f273337c4aaff7d35
                                                        • Instruction Fuzzy Hash: 2FF08BF315C71CEE834CA6A897405BA7AAFB69B330B32803EF443E5885E3F25E440160
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d0d233da343211806d17818555dbdaba610ac6abef5b887fba90e082d3f7ae24
                                                        • Instruction ID: c4f9a20e8ccb7183e8f596765909454e3314a03c82f3a380bd1eb0fbf61a850a
                                                        • Opcode Fuzzy Hash: d0d233da343211806d17818555dbdaba610ac6abef5b887fba90e082d3f7ae24
                                                        • Instruction Fuzzy Hash: B0F02BF2958114EDE726C5911F047FE76B5EB9A230B3240EAF882B2441D3520E419175
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142313094.0000000007140000.00000040.00001000.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7140000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d5f52083e0e94eaea0e678fbfc65f945ab2ac490f9a6098955b9f8ad188ec47e
                                                        • Instruction ID: a3338b448c12d841a49b14e30ff9ee2a94acf60b79f546cc6fc53d2a2167500a
                                                        • Opcode Fuzzy Hash: d5f52083e0e94eaea0e678fbfc65f945ab2ac490f9a6098955b9f8ad188ec47e
                                                        • Instruction Fuzzy Hash: 01E0A7F6528114EDE62581921F147FE62AAE7DA230F3385F7F456F2141D3560E418135
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142492935.00000000071E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71e0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 234f6905860214873ef00e4c95003eb43bee08afd9cc2471d33df7aa8e485fe9
                                                        • Instruction ID: 5ceb443f00e9376284522b01b02f5f80de38fbcc4384ab9a3df80329389e4d41
                                                        • Opcode Fuzzy Hash: 234f6905860214873ef00e4c95003eb43bee08afd9cc2471d33df7aa8e485fe9
                                                        • Instruction Fuzzy Hash: 1CE02BE319CA2CAD464D91989B509FA7E6FA1DB330B37813BF443F5C85E3E14A440171
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142492935.00000000071E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71e0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bfb69df7c8536019ee6afaf5decf07e14dee9f6d9749542825076db191d89c85
                                                        • Instruction ID: 8b4ae28dd2f702ccfba97f8a94a5155e1f36d03905dc07c7c6584d63eb85973f
                                                        • Opcode Fuzzy Hash: bfb69df7c8536019ee6afaf5decf07e14dee9f6d9749542825076db191d89c85
                                                        • Instruction Fuzzy Hash: 38F05CE315852CAC854D969C87509BE7A6EA19B330B36452BF403E5842E3A20A000271
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142492935.00000000071E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71e0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 93df80eeeee74c84f54c89084c20731aba43d36c7304f2ab8141b383f779b523
                                                        • Instruction ID: b388f857afcad7764fc6c53fce4960ef11e4a91ef8eef88f9465405c0a7ca951
                                                        • Opcode Fuzzy Hash: 93df80eeeee74c84f54c89084c20731aba43d36c7304f2ab8141b383f779b523
                                                        • Instruction Fuzzy Hash: 45E02BE314C6985EC2058258DE61AFB7BAED797330B228423F846DB4C3E3A609450171
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142492935.00000000071E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71e0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e278c9b1caa55d9784d8efe9137573815597e3efbeecb20a561359bb2b30c1a2
                                                        • Instruction ID: 46c26e7d0bf71812f867da0d2ad9cbe7efcf0beaaf087a2b5a398ad1b9717946
                                                        • Opcode Fuzzy Hash: e278c9b1caa55d9784d8efe9137573815597e3efbeecb20a561359bb2b30c1a2
                                                        • Instruction Fuzzy Hash: 5DE0D1F314C61D9D4148969947509FA776EE5C7730B32442BF446E5846E7B249441171
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142492935.00000000071E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71e0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b4f4c548506487a2936a23becf4bc01d80894b26aa878991ece16682b310e4d7
                                                        • Instruction ID: 95dd8a54a20adc983ae8a03a4fbaf52cbb5e3cb05b4145896ab66f2811330a43
                                                        • Opcode Fuzzy Hash: b4f4c548506487a2936a23becf4bc01d80894b26aa878991ece16682b310e4d7
                                                        • Instruction Fuzzy Hash: D8D0A9E324CA28AD914890892A409FF7A6EE1E7732B33C423F003D0846E3A24A892130
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2142492935.00000000071E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_71e0000_4JpRlHS5uF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a56313458f7efd7b4ee0d9557007285c66f23534b81eddbaae105de1d2892b5f
                                                        • Instruction ID: db22fe2a05226afa204aad4676a6170e4037b3591477f6fb139d4fb695ca1c39
                                                        • Opcode Fuzzy Hash: a56313458f7efd7b4ee0d9557007285c66f23534b81eddbaae105de1d2892b5f
                                                        • Instruction Fuzzy Hash: 66C012D724D6297C6045C0052E10EBF76ADE0D6B34733C42BF101D1486D796194D1071