Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
jPJaszTDNt.exe

Overview

General Information

Sample name:jPJaszTDNt.exe
renamed because original name is a hash value
Original sample name:dbbc02969b37bbafb45593c59fe22dc5.exe
Analysis ID:1581577
MD5:dbbc02969b37bbafb45593c59fe22dc5
SHA1:e0e8efc28d8e04ad6aa705b8c5459f3a21078310
SHA256:aa9f47a724e58b448f2a941fae2659a2923b68e9c754490bca4a5f027fccfa86
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Hides threads from debuggers
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to detect virtual machines (SIDT)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Entry point lies outside standard sections
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • jPJaszTDNt.exe (PID: 760 cmdline: "C:\Users\user\Desktop\jPJaszTDNt.exe" MD5: DBBC02969B37BBAFB45593C59FE22DC5)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: jPJaszTDNt.exeVirustotal: Detection: 55%Perma Link
Source: jPJaszTDNt.exeReversingLabs: Detection: 55%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: jPJaszTDNt.exeJoe Sandbox ML: detected
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: jPJaszTDNt.exe, 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmp

System Summary

barindex
PE file contains section with special chars
Source: jPJaszTDNt.exeStatic PE information: section name:
Source: jPJaszTDNt.exeStatic PE information: section name: .idata
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E6D05A0_2_00E6D05A
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E6D1BA0_2_00E6D1BA
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E6D19A0_2_00E6D19A
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E6D1640_2_00E6D164
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E6D17D0_2_00E6D17D
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E6D4F70_2_00E6D4F7
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E868E90_2_00E868E9
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E6CF820_2_00E6CF82
Source: jPJaszTDNt.exe, 00000000.00000000.2278500725.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs jPJaszTDNt.exe
Source: jPJaszTDNt.exe, 00000000.00000002.2428675729.000000000139E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs jPJaszTDNt.exe
Source: jPJaszTDNt.exeBinary or memory string: OriginalFilenamedefOff.exe. vs jPJaszTDNt.exe
Source: classification engineClassification label: mal100.evad.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\jPJaszTDNt.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\jPJaszTDNt.exe.logJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeMutant created: NULL
Source: C:\Users\user\Desktop\jPJaszTDNt.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: jPJaszTDNt.exeVirustotal: Detection: 55%
Source: jPJaszTDNt.exeReversingLabs: Detection: 55%
Source: jPJaszTDNt.exeString found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: jPJaszTDNt.exeString found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: jPJaszTDNt.exeString found in binary or memory: 3The file %s is missing. Please, re-install this applicationFDS_WL_
Source: C:\Users\user\Desktop\jPJaszTDNt.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeSection loaded: sspicli.dllJump to behavior
Source: jPJaszTDNt.exeStatic file information: File size 2798080 > 1048576
Source: jPJaszTDNt.exeStatic PE information: Raw size of ellqfowu is bigger than: 0x100000 < 0x2a2400
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: jPJaszTDNt.exe, 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmp

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\jPJaszTDNt.exeUnpacked PE file: 0.2.jPJaszTDNt.exe.cd0000.0.unpack :EW;.rsrc:W;.idata :W;ellqfowu:EW;pmacfkxm:EW;.taggant:EW; vs :ER;.rsrc:W;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: jPJaszTDNt.exeStatic PE information: real checksum: 0x2b03a6 should be: 0x2bafa2
Source: jPJaszTDNt.exeStatic PE information: section name:
Source: jPJaszTDNt.exeStatic PE information: section name: .idata
Source: jPJaszTDNt.exeStatic PE information: section name: ellqfowu
Source: jPJaszTDNt.exeStatic PE information: section name: pmacfkxm
Source: jPJaszTDNt.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E5A49C push ebx; mov dword ptr [esp], edx0_2_00E5A876
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E5A49C push ecx; mov dword ptr [esp], eax0_2_00E5A936
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E55D10 push edi; mov dword ptr [esp], 60DDE518h0_2_00E55D4C
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E55D10 push edx; mov dword ptr [esp], 19302700h0_2_00E55D86
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E55D10 push 2A2657F2h; mov dword ptr [esp], eax0_2_00E55DAA
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E55D10 push 037F619Ah; mov dword ptr [esp], ebp0_2_00E55E0E
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E55E7F push ebx; mov dword ptr [esp], 393C268Ch0_2_00E55F2D
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00CDD0C6 push 4DA6DD2Bh; mov dword ptr [esp], ebp0_2_00CDD8B1
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00CDF0DE push eax; mov dword ptr [esp], ecx0_2_00CDF2E6
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00F340E7 push 014BBFFFh; mov dword ptr [esp], ebx0_2_00F340EF
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00CE10E6 push 19929B05h; mov dword ptr [esp], ecx0_2_00CE324B
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E580D2 push 37851FD4h; mov dword ptr [esp], esp0_2_00E586C9
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00F200B7 push 709666C0h; mov dword ptr [esp], ebp0_2_00F200C3
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00F200B7 push 4434762Eh; mov dword ptr [esp], esi0_2_00F2011F
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00F200B7 push edx; mov dword ptr [esp], ebp0_2_00F20208
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E630B0 push edi; mov dword ptr [esp], ebx0_2_00E63256
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E6B0BD push ebx; ret 0_2_00E6B0CC
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00CDF0AD push 6549ED1Fh; mov dword ptr [esp], ebx0_2_00CDF0B6
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00CE20B1 push edx; mov dword ptr [esp], esi0_2_00CE3A01
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00F4206A push ebx; mov dword ptr [esp], ecx0_2_00F42085
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E63042 push 59A31451h; mov dword ptr [esp], ecx0_2_00E63079
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E6D05A push eax; mov dword ptr [esp], 12C5C955h0_2_00E6D1EC
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E6D05A push edx; mov dword ptr [esp], eax0_2_00E6D21E
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E6D05A push ecx; mov dword ptr [esp], esi0_2_00E6D25A
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E6D05A push edx; mov dword ptr [esp], 5E5DA090h0_2_00E6D273
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E6D05A push 135EA8B8h; mov dword ptr [esp], eax0_2_00E6D309
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E6D05A push esi; mov dword ptr [esp], ebx0_2_00E6D314
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E57026 push 5607D24Eh; mov dword ptr [esp], edx0_2_00E57040
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E57026 push edx; mov dword ptr [esp], ebp0_2_00E57044
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E57026 push ecx; mov dword ptr [esp], eax0_2_00E57106
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E57026 push esi; mov dword ptr [esp], 7AFA4AD5h0_2_00E5710A

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\jPJaszTDNt.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\jPJaszTDNt.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E51709 second address: E51711 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E56007 second address: E56041 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 pushad 0x00000007 jng 00007F4E0D52CE7Ch 0x0000000d pushad 0x0000000e jmp 00007F4E0D52CE89h 0x00000013 jmp 00007F4E0D52CE7Bh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E56184 second address: E56189 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E56189 second address: E56191 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E56191 second address: E56195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E56195 second address: E5619B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E5619B second address: E561C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jg 00007F4E0D1720D6h 0x0000000d jmp 00007F4E0D1720E5h 0x00000012 push eax 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E5632A second address: E56352 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D52CE83h 0x00000007 jl 00007F4E0D52CE76h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jne 00007F4E0D52CE76h 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E564AD second address: E564B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E5A27D second address: E5A2C0 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4E0D52CE76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F4E0D52CE85h 0x00000010 nop 0x00000011 add cx, CEFCh 0x00000016 push 00000000h 0x00000018 mov dx, 2056h 0x0000001c push 03C8D88Bh 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 jmp 00007F4E0D52CE7Eh 0x00000029 pop eax 0x0000002a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E5A2C0 second address: E5A2C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E5A2C6 second address: E5A30C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 03C8D80Bh 0x0000000f mov dword ptr [ebp+122D243Ah], esi 0x00000015 push 00000003h 0x00000017 jmp 00007F4E0D52CE81h 0x0000001c push 00000000h 0x0000001e mov si, A133h 0x00000022 push 00000003h 0x00000024 jc 00007F4E0D52CE7Ch 0x0000002a mov edx, dword ptr [ebp+122D2D99h] 0x00000030 push 8EDE42BAh 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E5A30C second address: E5A310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E5A310 second address: E5A373 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 xor dword ptr [esp], 4EDE42BAh 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007F4E0D52CE78h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 0000001Bh 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 mov dx, CA0Bh 0x0000002c add edi, 7FD2E400h 0x00000032 lea ebx, dword ptr [ebp+12450187h] 0x00000038 push ebx 0x00000039 push edx 0x0000003a jo 00007F4E0D52CE76h 0x00000040 pop edi 0x00000041 pop ecx 0x00000042 xchg eax, ebx 0x00000043 pushad 0x00000044 push ecx 0x00000045 jmp 00007F4E0D52CE81h 0x0000004a pop ecx 0x0000004b pushad 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E5A402 second address: E5A419 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D1720E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E5A419 second address: E5A4B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D52CE89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c sbb cx, AEBCh 0x00000011 push 00000000h 0x00000013 clc 0x00000014 push 2D0CA1CFh 0x00000019 push esi 0x0000001a jne 00007F4E0D52CE78h 0x00000020 pop esi 0x00000021 xor dword ptr [esp], 2D0CA14Fh 0x00000028 mov edi, dword ptr [ebp+122D2ED9h] 0x0000002e push 00000003h 0x00000030 pushad 0x00000031 mov eax, dword ptr [ebp+122D2CB1h] 0x00000037 stc 0x00000038 popad 0x00000039 push 00000000h 0x0000003b mov ecx, 062DFAB4h 0x00000040 push 00000003h 0x00000042 jmp 00007F4E0D52CE87h 0x00000047 call 00007F4E0D52CE79h 0x0000004c jg 00007F4E0D52CE84h 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007F4E0D52CE7Dh 0x0000005a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E5A4B5 second address: E5A4DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D1720DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007F4E0D1720DBh 0x00000012 mov eax, dword ptr [eax] 0x00000014 push edi 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E5A584 second address: E5A5DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D52CE89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c movzx esi, cx 0x0000000f mov dword ptr [ebp+122D1E37h], ecx 0x00000015 push 00000000h 0x00000017 mov ecx, dword ptr [ebp+122D2DB1h] 0x0000001d call 00007F4E0D52CE79h 0x00000022 jmp 00007F4E0D52CE7Fh 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a js 00007F4E0D52CE7Ch 0x00000030 je 00007F4E0D52CE76h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E5A5DC second address: E5A5E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F4E0D1720D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E5A5E7 second address: E5A5FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E5A5FA second address: E5A629 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4E0D1720D8h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007F4E0D1720E8h 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a push edi 0x0000001b pop edi 0x0000001c rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E5A629 second address: E5A62D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E5A62D second address: E5A63B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F4E0D1720DCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E7A025 second address: E7A03E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F4E0D52CE81h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E7A03E second address: E7A048 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4E0D1720DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E782C3 second address: E782C9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E7857F second address: E78583 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E78583 second address: E78587 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E78587 second address: E7858D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E786DC second address: E7870A instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4E0D52CE78h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007F4E0D52CE82h 0x00000012 jno 00007F4E0D52CE7Eh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E7870A second address: E78728 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F4E0D1720E5h 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E78D9E second address: E78DB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F4E0D52CE76h 0x00000009 jns 00007F4E0D52CE76h 0x0000000f jno 00007F4E0D52CE76h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E78EFA second address: E78F00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E7907B second address: E7908F instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4E0D52CE76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F4E0D52CE7Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E791FB second address: E791FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E791FF second address: E79216 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4E0D52CE81h 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E798C2 second address: E798CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E798CF second address: E79901 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D52CE81h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jo 00007F4E0D52CE76h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 jg 00007F4E0D52CE78h 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 push edi 0x00000025 pop edi 0x00000026 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E79901 second address: E79913 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4E0D1720D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007F4E0D1720D6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E79913 second address: E79919 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E79919 second address: E7993A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D1720E7h 0x00000007 push eax 0x00000008 push edx 0x00000009 jl 00007F4E0D1720D6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E7993A second address: E7993E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E79BBB second address: E79BBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E79BBF second address: E79BCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E79BCB second address: E79BD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E79BD1 second address: E79BD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E79BD5 second address: E79BF2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F4E0D1720E7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E79BF2 second address: E79C0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jo 00007F4E0D52CE76h 0x0000000b popad 0x0000000c push eax 0x0000000d push esi 0x0000000e pop esi 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 jl 00007F4E0D52CE76h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E7C2F9 second address: E7C2FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E7C2FD second address: E7C306 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E7EE3C second address: E7EE41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E7F0B8 second address: E7F0BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E7F0BC second address: E7F121 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 jmp 00007F4E0D1720E3h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jmp 00007F4E0D1720DDh 0x00000016 mov eax, dword ptr [eax] 0x00000018 jmp 00007F4E0D1720E5h 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 jnp 00007F4E0D1720D6h 0x0000002a jmp 00007F4E0D1720E4h 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E7F293 second address: E7F299 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E85ADA second address: E85AE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E85AE0 second address: E85AE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E863BB second address: E863D1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4E0D1720DCh 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8838B second address: E8839D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 js 00007F4E0D52CE76h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8839D second address: E883E2 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4E0D1720D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jg 00007F4E0D1720D8h 0x00000010 popad 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push eax 0x00000016 jmp 00007F4E0D1720E1h 0x0000001b pop eax 0x0000001c mov eax, dword ptr [eax] 0x0000001e pushad 0x0000001f pushad 0x00000020 pushad 0x00000021 popad 0x00000022 je 00007F4E0D1720D6h 0x00000028 popad 0x00000029 push edx 0x0000002a push eax 0x0000002b pop eax 0x0000002c pop edx 0x0000002d popad 0x0000002e mov dword ptr [esp+04h], eax 0x00000032 pushad 0x00000033 push eax 0x00000034 push edx 0x00000035 push edi 0x00000036 pop edi 0x00000037 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E883E2 second address: E88439 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D52CE7Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F4E0D52CE7Ah 0x0000000e popad 0x0000000f pop eax 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007F4E0D52CE78h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 00000019h 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a add dword ptr [ebp+122D1CEAh], ecx 0x00000030 push 5569D289h 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F4E0D52CE7Dh 0x0000003c rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E889BC second address: E889C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E889C0 second address: E889C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E88AA5 second address: E88AC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D1720DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push edi 0x00000011 pop edi 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E89136 second address: E8913C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8913C second address: E89176 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 js 00007F4E0D1720D6h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebx 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F4E0D1720D8h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 mov esi, dword ptr [ebp+122D2E25h] 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 pushad 0x00000032 popad 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E89176 second address: E8917B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8917B second address: E89181 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E89181 second address: E89185 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E894B3 second address: E894B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E894B7 second address: E894BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E894BD second address: E894C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8A53C second address: E8A557 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4E0D52CE87h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8A557 second address: E8A55B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8BE26 second address: E8BE34 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4E0D52CE76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8BE34 second address: E8BE38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8DB67 second address: E8DB6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8DB6C second address: E8DB8B instructions: 0x00000000 rdtsc 0x00000002 je 00007F4E0D1720E7h 0x00000008 jmp 00007F4E0D1720DFh 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push esi 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8DB8B second address: E8DB91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8DB91 second address: E8DB99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8DB99 second address: E8DBA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jnl 00007F4E0D52CE76h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8E1FC second address: E8E200 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8EE9E second address: E8EEBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4E0D52CE87h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8EB83 second address: E8EB87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8EEBA second address: E8EED0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D52CE7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8F847 second address: E8F84C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8F84C second address: E8F852 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8F852 second address: E8F894 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007F4E0D1720D8h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 push 00000000h 0x00000026 xor dword ptr [ebp+1244DF6Bh], edi 0x0000002c push 00000000h 0x0000002e mov dword ptr [ebp+124492DEh], edi 0x00000034 xchg eax, ebx 0x00000035 pushad 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8F894 second address: E8F8A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F4E0D52CE76h 0x0000000a popad 0x0000000b jo 00007F4E0D52CE7Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E900C7 second address: E900CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E91D4C second address: E91D60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4E0D52CE80h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E90B18 second address: E90B26 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F4E0D1720D6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E91D60 second address: E91D88 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D52CE80h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jnl 00007F4E0D52CE76h 0x00000010 jl 00007F4E0D52CE76h 0x00000016 push edi 0x00000017 pop edi 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E90B26 second address: E90B2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E91D88 second address: E91DBB instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4E0D52CE76h 0x00000008 jc 00007F4E0D52CE76h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 ja 00007F4E0D52CE7Ah 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jnp 00007F4E0D52CE82h 0x0000001f jnl 00007F4E0D52CE76h 0x00000025 ja 00007F4E0D52CE76h 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E90B2A second address: E90B4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b jmp 00007F4E0D1720E9h 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E91DBB second address: E91DBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E91DBF second address: E91DD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D1720E6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E91DD9 second address: E91DE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F4E0D52CE76h 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E939DC second address: E93A29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 nop 0x00000007 sub dword ptr [ebp+122D275Eh], edi 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007F4E0D1720D8h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 00000014h 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 jc 00007F4E0D1720DFh 0x0000002f pushad 0x00000030 jnl 00007F4E0D1720D6h 0x00000036 stc 0x00000037 popad 0x00000038 mov edi, ebx 0x0000003a push 00000000h 0x0000003c mov ebx, dword ptr [ebp+122D23C7h] 0x00000042 mov di, E1E2h 0x00000046 push eax 0x00000047 pushad 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E949D3 second address: E94A43 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4E0D52CE76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007F4E0D52CE78h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 00000017h 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 push edx 0x00000029 mov di, cx 0x0000002c pop edi 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push eax 0x00000032 call 00007F4E0D52CE78h 0x00000037 pop eax 0x00000038 mov dword ptr [esp+04h], eax 0x0000003c add dword ptr [esp+04h], 00000016h 0x00000044 inc eax 0x00000045 push eax 0x00000046 ret 0x00000047 pop eax 0x00000048 ret 0x00000049 push 00000000h 0x0000004b mov ebx, dword ptr [ebp+122D2C41h] 0x00000051 push eax 0x00000052 jp 00007F4E0D52CE8Fh 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F4E0D52CE7Dh 0x0000005f rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E94A43 second address: E94A47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9719F second address: E971A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E94B7A second address: E94C4E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D1720DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b jmp 00007F4E0D1720DBh 0x00000010 pop esi 0x00000011 nop 0x00000012 cld 0x00000013 push dword ptr fs:[00000000h] 0x0000001a push 00000000h 0x0000001c push edi 0x0000001d call 00007F4E0D1720D8h 0x00000022 pop edi 0x00000023 mov dword ptr [esp+04h], edi 0x00000027 add dword ptr [esp+04h], 00000019h 0x0000002f inc edi 0x00000030 push edi 0x00000031 ret 0x00000032 pop edi 0x00000033 ret 0x00000034 mov ebx, 273E7954h 0x00000039 mov dword ptr fs:[00000000h], esp 0x00000040 mov dword ptr [ebp+122D232Ch], esi 0x00000046 mov eax, dword ptr [ebp+122D07CDh] 0x0000004c push 00000000h 0x0000004e push ecx 0x0000004f call 00007F4E0D1720D8h 0x00000054 pop ecx 0x00000055 mov dword ptr [esp+04h], ecx 0x00000059 add dword ptr [esp+04h], 0000001Dh 0x00000061 inc ecx 0x00000062 push ecx 0x00000063 ret 0x00000064 pop ecx 0x00000065 ret 0x00000066 mov dword ptr [ebp+122D3C58h], esi 0x0000006c movsx ebx, cx 0x0000006f push FFFFFFFFh 0x00000071 call 00007F4E0D1720E1h 0x00000076 sub edi, 20F0C22Dh 0x0000007c pop ebx 0x0000007d nop 0x0000007e jmp 00007F4E0D1720E1h 0x00000083 push eax 0x00000084 push eax 0x00000085 push edx 0x00000086 jnp 00007F4E0D1720E9h 0x0000008c rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E94C4E second address: E94C54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E98247 second address: E9824B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E973D1 second address: E973D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9839D second address: E983A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9A146 second address: E9A188 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4E0D52CE8Ah 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F4E0D52CE84h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F4E0D52CE7Ch 0x00000018 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9C2DA second address: E9C2E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jc 00007F4E0D1720D6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9C2E8 second address: E9C377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ebx 0x0000000c call 00007F4E0D52CE78h 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], ebx 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc ebx 0x0000001f push ebx 0x00000020 ret 0x00000021 pop ebx 0x00000022 ret 0x00000023 or dword ptr [ebp+122D1FACh], eax 0x00000029 push 00000000h 0x0000002b add ebx, 31E7B316h 0x00000031 push 00000000h 0x00000033 mov dword ptr [ebp+1245E33Eh], ecx 0x00000039 call 00007F4E0D52CE89h 0x0000003e pushad 0x0000003f mov dword ptr [ebp+122D3B3Ah], ebx 0x00000045 call 00007F4E0D52CE87h 0x0000004a pop ecx 0x0000004b popad 0x0000004c pop edi 0x0000004d push eax 0x0000004e pushad 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007F4E0D52CE84h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9B649 second address: E9B653 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F4E0D1720D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9D2EA second address: E9D2F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9D2F0 second address: E9D2F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9C4BA second address: E9C4C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9C4C0 second address: E9C4C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9C4C5 second address: E9C4DF instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4E0D52CE7Ch 0x00000008 jc 00007F4E0D52CE76h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 jnl 00007F4E0D52CE7Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9E384 second address: E9E38A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9E38A second address: E9E38E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9E38E second address: E9E392 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9E392 second address: E9E3A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9E3A0 second address: E9E3A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9E3A4 second address: E9E422 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D52CE7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007F4E0D52CE78h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 mov edi, 5B31703Eh 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push esi 0x0000002f call 00007F4E0D52CE78h 0x00000034 pop esi 0x00000035 mov dword ptr [esp+04h], esi 0x00000039 add dword ptr [esp+04h], 00000014h 0x00000041 inc esi 0x00000042 push esi 0x00000043 ret 0x00000044 pop esi 0x00000045 ret 0x00000046 mov bl, ch 0x00000048 push 00000000h 0x0000004a mov bx, 3CE9h 0x0000004e xchg eax, esi 0x0000004f jmp 00007F4E0D52CE87h 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 jl 00007F4E0D52CE76h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9E422 second address: E9E428 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9E428 second address: E9E432 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F4E0D52CE76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EA0476 second address: EA047C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EA255C second address: EA25DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F4E0D52CE76h 0x00000009 jmp 00007F4E0D52CE81h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 pushad 0x00000013 push eax 0x00000014 jne 00007F4E0D52CE76h 0x0000001a pop eax 0x0000001b jmp 00007F4E0D52CE85h 0x00000020 popad 0x00000021 nop 0x00000022 push 00000000h 0x00000024 xor di, 9CD8h 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push ebx 0x0000002e call 00007F4E0D52CE78h 0x00000033 pop ebx 0x00000034 mov dword ptr [esp+04h], ebx 0x00000038 add dword ptr [esp+04h], 00000019h 0x00000040 inc ebx 0x00000041 push ebx 0x00000042 ret 0x00000043 pop ebx 0x00000044 ret 0x00000045 or ebx, 37775AA7h 0x0000004b xchg eax, esi 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f jmp 00007F4E0D52CE7Fh 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EA25DF second address: EA25E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9E552 second address: E9E557 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9E557 second address: E9E578 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D1720E2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007F4E0D1720DCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9E578 second address: E9E57C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9F5DD second address: E9F5F3 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4E0D1720D8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jl 00007F4E0D1720DCh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9E57C second address: E9E60D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b jmp 00007F4E0D52CE84h 0x00000010 push dword ptr fs:[00000000h] 0x00000017 add edi, dword ptr [ebp+122D2E05h] 0x0000001d mov dword ptr fs:[00000000h], esp 0x00000024 push 00000000h 0x00000026 push edi 0x00000027 call 00007F4E0D52CE78h 0x0000002c pop edi 0x0000002d mov dword ptr [esp+04h], edi 0x00000031 add dword ptr [esp+04h], 0000001Bh 0x00000039 inc edi 0x0000003a push edi 0x0000003b ret 0x0000003c pop edi 0x0000003d ret 0x0000003e or ebx, 0F782E53h 0x00000044 mov eax, dword ptr [ebp+122D0FC1h] 0x0000004a mov ebx, edi 0x0000004c push FFFFFFFFh 0x0000004e pushad 0x0000004f xor dword ptr [ebp+122D2223h], eax 0x00000055 mov dword ptr [ebp+122DB698h], esi 0x0000005b popad 0x0000005c push eax 0x0000005d push eax 0x0000005e push edx 0x0000005f push esi 0x00000060 jmp 00007F4E0D52CE88h 0x00000065 pop esi 0x00000066 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EA34C7 second address: EA34D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9F5F3 second address: E9F663 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F4E0D52CE78h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d nop 0x0000000e mov dword ptr [ebp+122D229Dh], edi 0x00000014 push dword ptr fs:[00000000h] 0x0000001b push 00000000h 0x0000001d push ecx 0x0000001e call 00007F4E0D52CE78h 0x00000023 pop ecx 0x00000024 mov dword ptr [esp+04h], ecx 0x00000028 add dword ptr [esp+04h], 00000015h 0x00000030 inc ecx 0x00000031 push ecx 0x00000032 ret 0x00000033 pop ecx 0x00000034 ret 0x00000035 sub edi, dword ptr [ebp+122D2A1Ah] 0x0000003b mov dword ptr [ebp+122D2218h], esi 0x00000041 mov dword ptr fs:[00000000h], esp 0x00000048 mov ebx, dword ptr [ebp+122D2DE5h] 0x0000004e mov eax, dword ptr [ebp+122D0A59h] 0x00000054 mov dword ptr [ebp+122D238Bh], ecx 0x0000005a mov bx, 028Ah 0x0000005e push FFFFFFFFh 0x00000060 and edi, dword ptr [ebp+122D2BE1h] 0x00000066 push eax 0x00000067 push eax 0x00000068 push edx 0x00000069 push ebx 0x0000006a push edx 0x0000006b pop edx 0x0000006c pop ebx 0x0000006d rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E9E60D second address: E9E617 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4E0D1720DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EA34D3 second address: EA34D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EA34D8 second address: EA34DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EA1822 second address: EA1827 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EA34DD second address: EA3536 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F4E0D1720D6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F4E0D1720D8h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 mov edi, dword ptr [ebp+122D2DD9h] 0x0000002e movsx edi, di 0x00000031 push 00000000h 0x00000033 mov ebx, edx 0x00000035 push 00000000h 0x00000037 mov di, B112h 0x0000003b xchg eax, esi 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F4E0D1720DFh 0x00000045 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EA3536 second address: EA353C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EA4524 second address: EA4528 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EA4528 second address: EA452C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EA3652 second address: EA36DF instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4E0D1720DCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov edi, esi 0x0000000f push dword ptr fs:[00000000h] 0x00000016 push 00000000h 0x00000018 push ecx 0x00000019 call 00007F4E0D1720D8h 0x0000001e pop ecx 0x0000001f mov dword ptr [esp+04h], ecx 0x00000023 add dword ptr [esp+04h], 0000001Ch 0x0000002b inc ecx 0x0000002c push ecx 0x0000002d ret 0x0000002e pop ecx 0x0000002f ret 0x00000030 mov edi, dword ptr [ebp+122D2B9Dh] 0x00000036 mov dword ptr [ebp+122D34D2h], edi 0x0000003c mov dword ptr fs:[00000000h], esp 0x00000043 push ebx 0x00000044 mov dword ptr [ebp+122D2B47h], ecx 0x0000004a pop edi 0x0000004b mov eax, dword ptr [ebp+122D0679h] 0x00000051 push 00000000h 0x00000053 push eax 0x00000054 call 00007F4E0D1720D8h 0x00000059 pop eax 0x0000005a mov dword ptr [esp+04h], eax 0x0000005e add dword ptr [esp+04h], 00000016h 0x00000066 inc eax 0x00000067 push eax 0x00000068 ret 0x00000069 pop eax 0x0000006a ret 0x0000006b mov ebx, dword ptr [ebp+122D2E65h] 0x00000071 push FFFFFFFFh 0x00000073 stc 0x00000074 nop 0x00000075 push edx 0x00000076 push eax 0x00000077 push eax 0x00000078 push edx 0x00000079 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EA93B9 second address: EA93D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F4E0D52CE76h 0x0000000a push edi 0x0000000b pop edi 0x0000000c jo 00007F4E0D52CE76h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jg 00007F4E0D52CE76h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8AD4A second address: E8AD4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EBD387 second address: EBD3A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 jmp 00007F4E0D52CE7Ah 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EBD3A0 second address: EBD3C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov eax, dword ptr [eax] 0x00000009 push edi 0x0000000a jno 00007F4E0D1720DCh 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F4E0D1720DAh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EBD3C7 second address: EBD3D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F4E0D52CE76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EC119F second address: EC11A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EC11A3 second address: EC11AD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EC11AD second address: EC11B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F4E0D1720D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EC11B7 second address: EC11BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EC11BB second address: EC11C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EC11C1 second address: EC11CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EC11CA second address: EC11E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F4E0D1720E0h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EC11E3 second address: EC11FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D52CE85h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EC50C3 second address: EC50DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4E0D1720DDh 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EC50DA second address: EC50F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4E0D52CE82h 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EC50F1 second address: EC50F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EC50F6 second address: EC50FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EC50FE second address: EC5106 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EC56B8 second address: EC56C2 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4E0D52CE82h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EC56C2 second address: EC56D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F4E0D1720D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007F4E0D1720D6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EC56D6 second address: EC56DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EC57FC second address: EC5800 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EC5963 second address: EC598F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D52CE85h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jne 00007F4E0D52CE76h 0x00000014 jnp 00007F4E0D52CE76h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EC598F second address: EC5998 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push esi 0x00000007 pop esi 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EC60A4 second address: EC60AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ECA9D6 second address: ECA9F3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jbe 00007F4E0D1720D6h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jp 00007F4E0D1720D8h 0x00000013 pushad 0x00000014 popad 0x00000015 jo 00007F4E0D1720DCh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ECAB30 second address: ECAB36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ECAB36 second address: ECAB3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ECAB3B second address: ECAB41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ECAB41 second address: ECAB52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F4E0D1720D6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ECAB52 second address: ECAB56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ECAB56 second address: ECAB68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007F4E0D1720E8h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ECAB68 second address: ECAB6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ECAB6C second address: ECAB70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ECAC99 second address: ECACEE instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4E0D52CE76h 0x00000008 jmp 00007F4E0D52CE84h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F4E0D52CE82h 0x00000014 popad 0x00000015 jne 00007F4E0D52CEA9h 0x0000001b pushad 0x0000001c push eax 0x0000001d pop eax 0x0000001e jmp 00007F4E0D52CE89h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ECACEE second address: ECACF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ECACF7 second address: ECACFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ECB0AC second address: ECB0CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4E0D1720E4h 0x00000009 jnp 00007F4E0D1720D6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ECB0CA second address: ECB0CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ECA6DF second address: ECA6E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ECB3B8 second address: ECB3E6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jmp 00007F4E0D52CE7Fh 0x0000000e jmp 00007F4E0D52CE85h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ECB3E6 second address: ECB42C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F4E0D1720D6h 0x00000009 jmp 00007F4E0D1720E1h 0x0000000e popad 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F4E0D1720E9h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f jng 00007F4E0D1720D6h 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ED2173 second address: ED217E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ED6878 second address: ED687C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ED687C second address: ED6882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ED6882 second address: ED6888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E86D72 second address: E86DED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D52CE7Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b jmp 00007F4E0D52CE7Ah 0x00000010 pop esi 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007F4E0D52CE78h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 0000001Ch 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c xor ecx, dword ptr [ebp+122D2429h] 0x00000032 lea eax, dword ptr [ebp+1247CB50h] 0x00000038 push 00000000h 0x0000003a push eax 0x0000003b call 00007F4E0D52CE78h 0x00000040 pop eax 0x00000041 mov dword ptr [esp+04h], eax 0x00000045 add dword ptr [esp+04h], 00000019h 0x0000004d inc eax 0x0000004e push eax 0x0000004f ret 0x00000050 pop eax 0x00000051 ret 0x00000052 mov dx, si 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 push esi 0x00000059 jne 00007F4E0D52CE76h 0x0000005f pop esi 0x00000060 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E87406 second address: E87427 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 add dword ptr [esp], 655C3D00h 0x0000000d mov edi, dword ptr [ebp+122D2B69h] 0x00000013 push B042172Ah 0x00000018 push esi 0x00000019 push eax 0x0000001a push edx 0x0000001b jnp 00007F4E0D1720D6h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E87541 second address: E87559 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D52CE81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8784A second address: E878D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jmp 00007F4E0D1720E5h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 jmp 00007F4E0D1720E5h 0x00000015 nop 0x00000016 push 00000000h 0x00000018 push esi 0x00000019 call 00007F4E0D1720D8h 0x0000001e pop esi 0x0000001f mov dword ptr [esp+04h], esi 0x00000023 add dword ptr [esp+04h], 00000018h 0x0000002b inc esi 0x0000002c push esi 0x0000002d ret 0x0000002e pop esi 0x0000002f ret 0x00000030 sbb ecx, 64171FC5h 0x00000036 push 00000004h 0x00000038 push 00000000h 0x0000003a push edx 0x0000003b call 00007F4E0D1720D8h 0x00000040 pop edx 0x00000041 mov dword ptr [esp+04h], edx 0x00000045 add dword ptr [esp+04h], 00000017h 0x0000004d inc edx 0x0000004e push edx 0x0000004f ret 0x00000050 pop edx 0x00000051 ret 0x00000052 jl 00007F4E0D1720DCh 0x00000058 mov dword ptr [ebp+122D24D3h], eax 0x0000005e push eax 0x0000005f push eax 0x00000060 push esi 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E87E55 second address: E87E6A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D52CE81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E87F4E second address: E87FEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F4E0D1720E5h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e popad 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007F4E0D1720D8h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 0000001Ah 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a mov ecx, 401A83B5h 0x0000002f lea eax, dword ptr [ebp+1247CB94h] 0x00000035 push 00000000h 0x00000037 push esi 0x00000038 call 00007F4E0D1720D8h 0x0000003d pop esi 0x0000003e mov dword ptr [esp+04h], esi 0x00000042 add dword ptr [esp+04h], 0000001Dh 0x0000004a inc esi 0x0000004b push esi 0x0000004c ret 0x0000004d pop esi 0x0000004e ret 0x0000004f jo 00007F4E0D1720EDh 0x00000055 ja 00007F4E0D1720E7h 0x0000005b nop 0x0000005c push eax 0x0000005d push edx 0x0000005e jmp 00007F4E0D1720DFh 0x00000063 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E87FEF second address: E8803B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D52CE7Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jng 00007F4E0D52CE82h 0x00000010 jmp 00007F4E0D52CE7Ch 0x00000015 nop 0x00000016 mov edx, dword ptr [ebp+122D2262h] 0x0000001c lea eax, dword ptr [ebp+1247CB50h] 0x00000022 sub edx, 66DE15BDh 0x00000028 mov ecx, dword ptr [ebp+122D2D89h] 0x0000002e nop 0x0000002f pushad 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F4E0D52CE7Bh 0x00000037 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E8803B second address: E8803F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ED5B38 second address: ED5B45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jns 00007F4E0D52CE76h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ED5B45 second address: ED5B4A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ED5B4A second address: ED5B53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ED5B53 second address: ED5B59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ED5E2E second address: ED5E34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ED5E34 second address: ED5E39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ED5E39 second address: ED5E45 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ED5E45 second address: ED5E79 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D1720E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jne 00007F4E0D1720D6h 0x00000014 jo 00007F4E0D1720D6h 0x0000001a jmp 00007F4E0D1720DBh 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: ED6297 second address: ED62D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F4E0D52CE76h 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d push edi 0x0000000e jc 00007F4E0D52CE76h 0x00000014 jmp 00007F4E0D52CE82h 0x00000019 pop edi 0x0000001a jng 00007F4E0D52CE82h 0x00000020 jnp 00007F4E0D52CE76h 0x00000026 jnc 00007F4E0D52CE76h 0x0000002c pushad 0x0000002d push ebx 0x0000002e pop ebx 0x0000002f push ebx 0x00000030 pop ebx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EDDA7E second address: EDDA82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EDDA82 second address: EDDA88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EDDA88 second address: EDDA96 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 jng 00007F4E0D1720DCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EDC894 second address: EDC898 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EDC898 second address: EDC8BF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F4E0D1720E9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f pop eax 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EDC8BF second address: EDC8DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jl 00007F4E0D52CE76h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jl 00007F4E0D52CE86h 0x00000014 push eax 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 pop eax 0x00000019 pop eax 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EDCD2A second address: EDCD42 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4E0D1720D6h 0x00000008 jp 00007F4E0D1720D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 je 00007F4E0D1720DEh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EDCEB1 second address: EDCED9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 pushad 0x0000000a popad 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f jmp 00007F4E0D52CE87h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EDD060 second address: EDD07A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4E0D1720E4h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EDD07A second address: EDD092 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4E0D52CE7Ah 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EDD092 second address: EDD0AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D1720E5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EDD0AF second address: EDD0B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EDD0B3 second address: EDD0B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EDD0B9 second address: EDD0BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EDD0BF second address: EDD0C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EDD379 second address: EDD37D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EDD37D second address: EDD38F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jno 00007F4E0D1720D6h 0x0000000f push edi 0x00000010 pop edi 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EDD91D second address: EDD925 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EE0F21 second address: EE0F32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F4E0D1720DCh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EE0F32 second address: EE0F46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D52CE7Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EE0AA1 second address: EE0AA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EE0AA5 second address: EE0ABD instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4E0D52CE76h 0x00000008 jmp 00007F4E0D52CE7Ah 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EE0ABD second address: EE0AC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EE0AC1 second address: EE0AC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EE0C73 second address: EE0C77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EE0C77 second address: EE0C7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EE0C7B second address: EE0C81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EE2FCB second address: EE2FCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EE2FCF second address: EE2FD9 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4E0D1720D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EE2FD9 second address: EE3001 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4E0D52CE81h 0x0000000b je 00007F4E0D52CE7Ch 0x00000011 jg 00007F4E0D52CE76h 0x00000017 popad 0x00000018 push edx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E4AC38 second address: E4AC3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E4AC3D second address: E4AC5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4E0D52CE89h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E4AC5C second address: E4AC6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F4E0D1720D6h 0x0000000a popad 0x0000000b js 00007F4E0D1720DCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EE8897 second address: EE88B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F4E0D52CE83h 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EE8A2D second address: EE8A35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EE8A35 second address: EE8A57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D52CE88h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E87A71 second address: E87AB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F4E0D1720D6h 0x0000000a popad 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f mov edx, dword ptr [ebp+122D1DB2h] 0x00000015 mov ebx, dword ptr [ebp+1247CB8Fh] 0x0000001b push 00000000h 0x0000001d push ebp 0x0000001e call 00007F4E0D1720D8h 0x00000023 pop ebp 0x00000024 mov dword ptr [esp+04h], ebp 0x00000028 add dword ptr [esp+04h], 00000014h 0x00000030 inc ebp 0x00000031 push ebp 0x00000032 ret 0x00000033 pop ebp 0x00000034 ret 0x00000035 add eax, ebx 0x00000037 mov ecx, 1488F0C7h 0x0000003c push eax 0x0000003d push ebx 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E87AB5 second address: E87B0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007F4E0D52CE78h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 push esi 0x00000025 sub dword ptr [ebp+122D1D8Fh], edx 0x0000002b pop edx 0x0000002c jmp 00007F4E0D52CE84h 0x00000031 push 00000004h 0x00000033 sub dword ptr [ebp+122D1D8Fh], ebx 0x00000039 push eax 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: E87B0A second address: E87B0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EE9239 second address: EE925B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D52CE7Ah 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jo 00007F4E0D52CE7Eh 0x00000011 jns 00007F4E0D52CE76h 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EE925B second address: EE925F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EED5A7 second address: EED5DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4E0D52CE84h 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F4E0D52CE88h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EED5DE second address: EED5E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EED5E4 second address: EED5F2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EED864 second address: EED86B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EED86B second address: EED871 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EED871 second address: EED877 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EED877 second address: EED87B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EED87B second address: EED88F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4E0D1720D6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007F4E0D1720D6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EEDB94 second address: EEDB98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EEDB98 second address: EEDB9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF102D second address: EF1033 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF0738 second address: EF073E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF0D81 second address: EF0D8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF953E second address: EF9553 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4E0D1720E1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF7636 second address: EF763A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF7912 second address: EF7918 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF7918 second address: EF7927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop esi 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF7927 second address: EF792B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF792B second address: EF7964 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4E0D52CE76h 0x00000008 jl 00007F4E0D52CE76h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007F4E0D52CE85h 0x00000015 push eax 0x00000016 push edx 0x00000017 jns 00007F4E0D52CE76h 0x0000001d jmp 00007F4E0D52CE7Ch 0x00000022 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF7C07 second address: EF7C0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF7C0B second address: EF7C11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF7C11 second address: EF7C1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jc 00007F4E0D1720D6h 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF8175 second address: EF8185 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4E0D52CE76h 0x00000008 jo 00007F4E0D52CE76h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF8185 second address: EF818B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF818B second address: EF8191 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF8191 second address: EF8195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF846C second address: EF8499 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D52CE83h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4E0D52CE82h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF8499 second address: EF849D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF8A40 second address: EF8A4A instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4E0D52CE7Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF8A4A second address: EF8A7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 jmp 00007F4E0D1720E4h 0x0000000a push esi 0x0000000b pop esi 0x0000000c pop esi 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jg 00007F4E0D1720DEh 0x00000017 push eax 0x00000018 push edx 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b push edx 0x0000001c pop edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF8A7E second address: EF8A82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF8A82 second address: EF8A97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4E0D1720DFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF8A97 second address: EF8A9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF8D60 second address: EF8D64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF8D64 second address: EF8D68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF8D68 second address: EF8D6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EF8D6E second address: EF8D7E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop edx 0x00000006 jp 00007F4E0D52CE7Eh 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: EFEC7A second address: EFEC90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F4E0D1720DDh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F020E4 second address: F02113 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F4E0D52CE76h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4E0D52CE7Fh 0x00000015 jmp 00007F4E0D52CE80h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F026B2 second address: F026C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F4E0D1720D6h 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jo 00007F4E0D1720D6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F026C7 second address: F026CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F026CB second address: F026CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F026CF second address: F026E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F4E0D52CE76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d jc 00007F4E0D52CE76h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0B86E second address: F0B874 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F09ACE second address: F09B02 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F4E0D52CE81h 0x00000008 pop ecx 0x00000009 push ecx 0x0000000a jmp 00007F4E0D52CE86h 0x0000000f pop ecx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F09B02 second address: F09B06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0A0A0 second address: F0A0B0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007F4E0D52CE76h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0A0B0 second address: F0A0D7 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4E0D1720D6h 0x00000008 jc 00007F4E0D1720D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007F4E0D1720E4h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0A376 second address: F0A38D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F4E0D52CE76h 0x0000000a pop edx 0x0000000b pushad 0x0000000c pushad 0x0000000d js 00007F4E0D52CE76h 0x00000013 push esi 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0A38D second address: F0A3AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4E0D1720E2h 0x00000009 popad 0x0000000a push ebx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop ebx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0A3AB second address: F0A3B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0A51B second address: F0A526 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0A526 second address: F0A547 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F4E0D52CE76h 0x0000000a jmp 00007F4E0D52CE86h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0A547 second address: F0A57D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F4E0D1720EAh 0x0000000c jmp 00007F4E0D1720E2h 0x00000011 pushad 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 ja 00007F4E0D1720E2h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0A6E9 second address: F0A6ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0A6ED second address: F0A6F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0A6F3 second address: F0A701 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F4E0D52CE76h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0A701 second address: F0A705 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0A705 second address: F0A70B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0A873 second address: F0A879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0A879 second address: F0A87D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0A87D second address: F0A883 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0A883 second address: F0A889 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0AEA1 second address: F0AEA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0AEA6 second address: F0AEC7 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4E0D52CE7Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jg 00007F4E0D52CE86h 0x00000010 jl 00007F4E0D52CE78h 0x00000016 push eax 0x00000017 pop eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F09490 second address: F09494 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0FA36 second address: F0FA47 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F4E0D52CE7Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0FA47 second address: F0FA4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0F87E second address: F0F888 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4E0D52CE76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0F888 second address: F0F88D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F0F88D second address: F0F895 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F1337C second address: F13382 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F13382 second address: F1339E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F4E0D52CE7Eh 0x0000000a je 00007F4E0D52CE91h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F1339E second address: F133A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F134EE second address: F134F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F134F4 second address: F13512 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007F4E0D1720D6h 0x0000000d jmp 00007F4E0D1720E0h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F1FC6A second address: F1FC74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F4E0D52CE76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F1FC74 second address: F1FCA4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D1720E6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4E0D1720E4h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F1FCA4 second address: F1FCA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F1FCA8 second address: F1FCAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F23186 second address: F2318C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F2318C second address: F23192 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F276AB second address: F276AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F2C1A2 second address: F2C1AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 ja 00007F4E0D1720DCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F3667E second address: F36682 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F36682 second address: F36692 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F4E0D1720DEh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F36528 second address: F3652C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F3652C second address: F36530 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F36530 second address: F36538 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F3DAD1 second address: F3DAD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F3C5B6 second address: F3C5BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F3C6E4 second address: F3C705 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4E0D1720D6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4E0D1720E3h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F3C705 second address: F3C70E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F3C866 second address: F3C87B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4E0D1720DFh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F3C87B second address: F3C885 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F3C885 second address: F3C890 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F3C890 second address: F3C894 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F3CCB9 second address: F3CCBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F3CCBD second address: F3CCC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F3CCC7 second address: F3CCCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F3CCCB second address: F3CCD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F4D583 second address: F4D587 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F4D587 second address: F4D59F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4E0D52CE7Bh 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F4D59F second address: F4D5A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F4D5A5 second address: F4D5A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F4D5A9 second address: F4D5B3 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4E0D1720D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F4ED3E second address: F4ED44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F4ED44 second address: F4ED48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F5A9E9 second address: F5A9ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F5A9ED second address: F5A9F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F5A9F1 second address: F5A9FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F5A9FC second address: F5AA02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F5D7EA second address: F5D80B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D52CE87h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F5D80B second address: F5D813 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F5D813 second address: F5D81B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F5D81B second address: F5D831 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F4E0D1720D6h 0x0000000a popad 0x0000000b pushad 0x0000000c jbe 00007F4E0D1720D6h 0x00000012 push edi 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F64F54 second address: F64F8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F4E0D52CE76h 0x00000009 jng 00007F4E0D52CE76h 0x0000000f jmp 00007F4E0D52CE80h 0x00000014 popad 0x00000015 jns 00007F4E0D52CE7Ch 0x0000001b je 00007F4E0D52CE76h 0x00000021 pop edx 0x00000022 pop eax 0x00000023 push ebx 0x00000024 push eax 0x00000025 jl 00007F4E0D52CE76h 0x0000002b pop eax 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F65525 second address: F65539 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D1720DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a pushad 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F65539 second address: F65559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F4E0D52CE89h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F65559 second address: F6555D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F657E4 second address: F657F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007F4E0D52CE76h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F657F3 second address: F657FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F657FB second address: F6580C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4E0D52CE7Bh 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F68970 second address: F68990 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F4E0D1720E7h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F6E009 second address: F6E00D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F6E00D second address: F6E011 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F6F8E6 second address: F6F8EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F6F8EC second address: F6F8F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F6F8F2 second address: F6F8F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F6F8F6 second address: F6F8FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F73203 second address: F73207 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F73207 second address: F73212 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F73212 second address: F73218 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F68C3E second address: F68C51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F4E0D1720D6h 0x0000000d jne 00007F4E0D1720D6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F68C51 second address: F68C5B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRDTSC instruction interceptor: First address: F68C5B second address: F68C72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4E0D1720DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\jPJaszTDNt.exeSpecial instruction interceptor: First address: E7D732 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\jPJaszTDNt.exeSpecial instruction interceptor: First address: F18BCC instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\jPJaszTDNt.exeMemory allocated: 5090000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeMemory allocated: 5200000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeMemory allocated: 7200000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E6B047 rdtsc 0_2_00E6B047
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E6AC8E sidt fword ptr [esp-02h]0_2_00E6AC8E
Source: C:\Users\user\Desktop\jPJaszTDNt.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exe TID: 516Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00EB774C GetSystemInfo,VirtualAlloc,0_2_00EB774C
Source: C:\Users\user\Desktop\jPJaszTDNt.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: jPJaszTDNt.exe, 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: jPJaszTDNt.exe, 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\jPJaszTDNt.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\jPJaszTDNt.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\jPJaszTDNt.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\jPJaszTDNt.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\jPJaszTDNt.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\jPJaszTDNt.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\jPJaszTDNt.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\jPJaszTDNt.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\jPJaszTDNt.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\jPJaszTDNt.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\jPJaszTDNt.exeFile opened: NTICE
Source: C:\Users\user\Desktop\jPJaszTDNt.exeFile opened: SICE
Source: C:\Users\user\Desktop\jPJaszTDNt.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\jPJaszTDNt.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E6B047 rdtsc 0_2_00E6B047
Source: C:\Users\user\Desktop\jPJaszTDNt.exeCode function: 0_2_00E6B047 LdrInitializeThunk,0_2_00E6B047
Source: C:\Users\user\Desktop\jPJaszTDNt.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeMemory allocated: page read and write | page guardJump to behavior
Source: jPJaszTDNt.exe, 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Disable Windows Defender notifications (registry)
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1Jump to behavior
Disable Windows Defender real time protection (registry)
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableIOAVProtection 1Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableRealtimeMonitoring 1Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\NotificationsRegistry value created: DisableNotifications 1Jump to behavior
Disables Windows Defender Tamper protection
Source: C:\Users\user\Desktop\jPJaszTDNt.exeRegistry value created: TamperProtection 0Jump to behavior
Modifies windows update settings
Source: C:\Users\user\Desktop\jPJaszTDNt.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptionsJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdatesJump to behavior
Source: C:\Users\user\Desktop\jPJaszTDNt.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocationsJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping641
Security Software Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		41
Disable or Modify Tools		LSASS Memory2
Process Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
Bypass User Account Control		271
Virtualization/Sandbox Evasion		Security Account Manager271
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Process Injection		NTDS23
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Software Packing		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
Bypass User Account Control		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
jPJaszTDNt.exe56%VirustotalBrowse
jPJaszTDNt.exe55%ReversingLabsWin32.Trojan.Amadey
jPJaszTDNt.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0035.t-0009.t-msedge.net
13.107.246.63
truefalse
    		high

    World Map of Contacted IPs

    No contacted IP infos

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1581577
    Start date and time:2024-12-28 09:28:10 +01:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 4m 45s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:4
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:jPJaszTDNt.exe
    renamed because original name is a hash value
    Original Sample Name:dbbc02969b37bbafb45593c59fe22dc5.exe
    Detection:MAL
    Classification:mal100.evad.winEXE@1/1@0/0
    EGA Information:
    • Successful, ratio: 100%
    HCA Information:Failed
    Cookbook Comments:
    • Found application associated with file extension: .exe

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
    • Excluded IPs from analysis (whitelisted): 13.107.246.63
    • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net
    • Report size getting too big, too many NtProtectVirtualMemory calls found.

    Simulations

    Behavior and APIs

    TimeTypeDescription
    09:29:09Task SchedulerRun new task: {EECCBF9B-12FB-4B0B-BA5E-C0DF5700B4B0} path: .

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    s-part-0035.t-0009.t-msedge.nethttp://track.rbfcu.org/y.z?l=https://google.com/amp/s/t.ly/5SpZS&r=14387614172&d=18473&p=2&t=hGet hashmaliciousHTMLPhisherBrowse
    • 13.107.246.63
    http://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=N_pyUL0QJkeR_KiXHZsVlyTB1Qoy7S9IkE8Ogzl8coFUMFBJSDkxQ0w3VVZMNFJFUlNDRVkyU05CUi4uGet hashmaliciousHTMLPhisherBrowse
    • 13.107.246.63
    eYAXkcBRfQ.exeGet hashmaliciousLummaCBrowse
    • 13.107.246.63
    JpzbUfhXi0.exeGet hashmaliciousLummaCBrowse
    • 13.107.246.63
    738KZNfnzz.exeGet hashmaliciousLummaCBrowse
    • 13.107.246.63
    LPO-0048532025.lnkGet hashmaliciousDarkVision RatBrowse
    • 13.107.246.63
    O53VxanH6A.exeGet hashmaliciousLummaCBrowse
    • 13.107.246.63
    IzDjbVdHha.exeGet hashmaliciousLummaCBrowse
    • 13.107.246.63
    zox1oNM5Xl.exeGet hashmaliciousUnknownBrowse
    • 13.107.246.63
    JA7cOAGHym.exeGet hashmaliciousVidarBrowse
    • 13.107.246.63

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\jPJaszTDNt.exe.log

    Download File
    Process:C:\Users\user\Desktop\jPJaszTDNt.exe
    File Type:CSV text
    Category:dropped
    Size (bytes):226
    Entropy (8bit):5.360398796477698
    Encrypted:false
    SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
    MD5:3A8957C6382192B71471BD14359D0B12
    SHA1:71B96C965B65A051E7E7D10F61BEBD8CCBB88587
    SHA-256:282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
    SHA-512:76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
    Malicious:true
    Reputation:high, very likely benign file
    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

    Static File Info

    General

    File type:PE32 executable (GUI) Intel 80386, for MS Windows
    Entropy (8bit):6.446016711725402
    TrID:
    • Win32 Executable (generic) a (10002005/4) 99.96%
    • Generic Win/DOS Executable (2004/3) 0.02%
    • DOS Executable Generic (2002/1) 0.02%
    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
    File name:jPJaszTDNt.exe
    File size:2'798'080 bytes
    MD5:dbbc02969b37bbafb45593c59fe22dc5
    SHA1:e0e8efc28d8e04ad6aa705b8c5459f3a21078310
    SHA256:aa9f47a724e58b448f2a941fae2659a2923b68e9c754490bca4a5f027fccfa86
    SHA512:f9991bb43013a3fbb2e2df1f66d0152743d8d6727da7d6051499237ed7d8c3a3a4a99e91c5667b02d58fa525c64d507fa2d274be55c8606949dd5f5bd400ee64
    SSDEEP:49152:HFXhUyygDjwKkxf/8zWdtPq5+CKlsHtPv:HFXhUyygDsKkxf/867PU+XiNP
    TLSH:50D55C92B64976CFD48F1774D627CE82A85D83BA472009C3986EB47D7E73CC105B9E28
    File Content Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............+.. ...`....@.. .......................@+.......+...`................................

    File Icon

    Icon Hash:00928e8e8686b000

    Static PE Info

    General

    Entrypoint:0x6b0000
    Entrypoint Section:.taggant
    Digitally signed:false
    Imagebase:0x400000
    Subsystem:windows gui
    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE
    Time Stamp:0x652C2850 [Sun Oct 15 17:58:40 2023 UTC]
    TLS Callbacks:
    CLR (.Net) Version:
    OS Version Major:4
    OS Version Minor:0
    File Version Major:4
    File Version Minor:0
    Subsystem Version Major:4
    Subsystem Version Minor:0
    Import Hash:2eabe9054cad5152567f0699947a2c5b

    Entrypoint Preview

    Instruction
    jmp 00007F4E0CC68D1Ah
    seto byte ptr [edx]
    add byte ptr [eax], al
    add byte ptr [eax], al
    add cl, ch
    add byte ptr [eax], ah
    add byte ptr [eax], al
    add byte ptr [edx], al
    or al, byte ptr [eax]
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], dh
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [edx], al
    or al, byte ptr [eax]
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [ecx], al
    add byte ptr [eax], 00000000h
    add byte ptr [eax], al
    add byte ptr [eax], al
    adc byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al
    or ecx, dword ptr [edx]
    add byte ptr [eax], al
    add byte ptr [eax], al
    add byte ptr [eax], al

    Data Directories

    NameVirtual AddressVirtual Size Is in Section
    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IMPORT0x80550x69.idata
    IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000x544.rsrc
    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
    IMAGE_DIRECTORY_ENTRY_BASERELOC0x81f80x8.idata
    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

    Sections

    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
    0x20000x40000x40006b182ab0f73acac6d30f12eee79fd42eFalse0.33685302734375PGP Secret Sub-key -5.171800323067565IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .rsrc0x60000x5440x60066f1faa8706f0a4070d24696bcded2f0False0.408203125data4.460395930973943IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .idata 0x80000x20000x200ec9cb51e8cb4ea49a56ee3cf434fb69eFalse0.1484375data0.9342685949460681IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    ellqfowu0xa0000x2a40000x2a2400936c022b8c17b70ea85589a5ec1bad73unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    pmacfkxm0x2ae0000x20000x40098873a2f7286c90d3ffa8d56cf0f62f0False0.7685546875data6.124261600840914IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .taggant0x2b00000x40000x2200c0157e81de90d9212a8eb19ab26c00e7False0.06100643382352941DOS executable (COM)0.7604347408670606IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

    Resources

    NameRVASizeTypeLanguageCountryZLIB Complexity
    RT_VERSION0x60a00x30cdata0.42948717948717946
    RT_MANIFEST0x63ac0x198ASCII text, with CRLF line terminators0.5833333333333334

    Imports

    DLLImport
    kernel32.dlllstrcpy

    Network Behavior

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Dec 28, 2024 09:29:13.274907112 CET1.1.1.1192.168.2.60xb54No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
    Dec 28, 2024 09:29:13.274907112 CET1.1.1.1192.168.2.60xb54No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false

    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    High Level Behavior Distribution

    Click to dive into process behavior distribution

    System Behavior

    General

    Target ID:0
    Start time:03:29:18
    Start date:28/12/2024
    Path:C:\Users\user\Desktop\jPJaszTDNt.exe
    Wow64 process (32bit):true
    Commandline:"C:\Users\user\Desktop\jPJaszTDNt.exe"
    Imagebase:0xcd0000
    File size:2'798'080 bytes
    MD5 hash:DBBC02969B37BBAFB45593C59FE22DC5
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:true

    Disassembly

    Reset < >

      Execution Graph

      Execution Coverage:3.8%
      Dynamic/Decrypted Code Coverage:12.7%
      Signature Coverage:19.7%
      Total number of Nodes:71
      Total number of Limit Nodes:9
      execution_graph 5644 50d1308 5645 50d1349 ImpersonateLoggedOnUser 5644->5645 5646 50d1376 5645->5646 5647 50d0d48 5649 50d0d93 OpenSCManagerW 5647->5649 5650 50d0ddc 5649->5650 5699 e55d10 LoadLibraryA 5700 e55d2a 5699->5700 5651 eb774c GetSystemInfo 5652 eb77aa VirtualAlloc 5651->5652 5653 eb776c 5651->5653 5666 eb7a98 5652->5666 5653->5652 5655 eb77f1 5656 eb78c6 5655->5656 5657 eb7a98 VirtualAlloc GetModuleFileNameA 5655->5657 5658 eb78e2 GetModuleFileNameA 5656->5658 5665 eb788a 5656->5665 5659 eb781b 5657->5659 5658->5665 5659->5656 5660 eb7a98 VirtualAlloc GetModuleFileNameA 5659->5660 5661 eb7845 5660->5661 5661->5656 5662 eb7a98 VirtualAlloc GetModuleFileNameA 5661->5662 5663 eb786f 5662->5663 5663->5656 5664 eb7a98 VirtualAlloc GetModuleFileNameA 5663->5664 5663->5665 5664->5656 5668 eb7aa0 5666->5668 5669 eb7acc 5668->5669 5670 eb7ab4 5668->5670 5672 eb7964 GetModuleFileNameA 5669->5672 5676 eb7964 5670->5676 5673 eb7add 5672->5673 5678 eb7aef 5673->5678 5681 eb796c 5676->5681 5679 eb7aeb 5678->5679 5680 eb7b00 VirtualAlloc 5678->5680 5680->5679 5682 eb797f 5681->5682 5683 eb79c2 5682->5683 5685 eb7fb7 5682->5685 5686 eb7fbe 5685->5686 5688 eb7fe5 5686->5688 5689 eb7ec5 5686->5689 5692 eb7eda 5689->5692 5690 eb7f9a 5690->5686 5691 eb7f64 GetModuleFileNameA 5691->5692 5692->5690 5692->5691 5693 cde605 5694 cdf0f3 VirtualAlloc 5693->5694 5695 e5a50f 5696 e5a4b9 CreateFileA 5695->5696 5698 e5a565 5696->5698 5698->5698 5703 ce05d5 5705 ce082d 5703->5705 5704 ce359a 5705->5704 5707 eb78ed 5705->5707 5708 eb78fb 5707->5708 5709 eb791b 5708->5709 5711 eb7bbd 5708->5711 5709->5704 5712 eb7bf0 5711->5712 5713 eb7bcd 5711->5713 5712->5708 5713->5712 5714 eb7fb7 GetModuleFileNameA 5713->5714 5714->5712 5715 cdb7f6 5716 cdb7fb 5715->5716 5717 cdb966 LdrInitializeThunk 5716->5717 5718 50d1510 5719 50d1558 ControlService 5718->5719 5720 50d158f 5719->5720 5721 e63879 5722 e63aed 5721->5722 5723 e63b42 RegOpenKeyA 5722->5723 5724 e63b1b RegOpenKeyA 5722->5724 5726 e63b5f 5723->5726 5724->5723 5725 e63b38 5724->5725 5725->5723 5727 e63ba3 GetNativeSystemInfo 5726->5727 5728 e63bae 5726->5728 5727->5728

      Executed Functions

      Function 00EB774C Relevance: 3.1, APIs: 2, Instructions: 107memoryCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 332 eb774c-eb7766 GetSystemInfo 333 eb77aa-eb77f3 VirtualAlloc call eb7a98 332->333 334 eb776c-eb77a4 332->334 338 eb78d9-eb78de call eb78e2 333->338 339 eb77f9-eb781d call eb7a98 333->339 334->333 346 eb78e0-eb78e1 338->346 339->338 345 eb7823-eb7847 call eb7a98 339->345 345->338 349 eb784d-eb7871 call eb7a98 345->349 349->338 352 eb7877-eb7884 349->352 353 eb78aa-eb78c1 call eb7a98 352->353 354 eb788a-eb78a5 352->354 357 eb78c6-eb78c8 353->357 358 eb78d4 354->358 357->338 359 eb78ce 357->359 358->346 359->358
      APIs
      • GetSystemInfo.KERNELBASE(?,-115F5FEC), ref: 00EB7758
      • VirtualAlloc.KERNELBASE(00000000,00004000,00001000,00000004), ref: 00EB77B9
      Memory Dump Source
      • Source File: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID: AllocInfoSystemVirtual
      • String ID:
      • API String ID: 3440192736-0
      • Opcode ID: 53c4ad25324eeb7516eb4e24510202e25c228865797329b5cf5a8a01965f082a
      • Instruction ID: 53d7a9276695c024dbbc6d0f33e58e0a9e0f7d08b84c968d1b21be3b77dc8ace
      • Opcode Fuzzy Hash: 53c4ad25324eeb7516eb4e24510202e25c228865797329b5cf5a8a01965f082a
      • Instruction Fuzzy Hash: 21412371D04207EAE729DE60C845FD7B7ACFB48745F0040A6B243EA882E77095D4CBE4
      Function 00E6B047 Relevance: .0, Instructions: 23COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 542871aaeefa4385124657698d589002736e7f33ac5748ab4d56bf32d0b86506
      • Instruction ID: 4ffb20921115efb17abea9a3d0f4e9b95146ab050acfac3587b55ee038b35a9e
      • Opcode Fuzzy Hash: 542871aaeefa4385124657698d589002736e7f33ac5748ab4d56bf32d0b86506
      • Instruction Fuzzy Hash: A2E02673888A88DEC3B1AF285612367BF69F70A760F50D429D01AD3901C33800804240
      Function 00E63879 Relevance: 4.6, APIs: 3, Instructions: 62registryCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 0 e63879-e63b19 3 e63b42-e63b5d RegOpenKeyA 0->3 4 e63b1b-e63b36 RegOpenKeyA 0->4 6 e63b75-e63ba1 3->6 7 e63b5f-e63b69 3->7 4->3 5 e63b38 4->5 5->3 10 e63ba3-e63bac GetNativeSystemInfo 6->10 11 e63bae-e63bb8 6->11 7->6 10->11 12 e63bc4-e63bd2 11->12 13 e63bba 11->13 15 e63bd4 12->15 16 e63bde-e63be5 12->16 13->12 15->16 17 e63beb-e63bf2 16->17 18 e63bf8 16->18 17->18 18->18
      APIs
      • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 00E63B2E
      • RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 00E63B55
      • GetNativeSystemInfo.KERNELBASE(?), ref: 00E63BAC
      Memory Dump Source
      • Source File: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID: Open$InfoNativeSystem
      • String ID:
      • API String ID: 1247124224-0
      • Opcode ID: c385d6a221a1aea774de6d09b15fa4971cda1ae4352e6d6dfbd94c16b4d464fc
      • Instruction ID: b084b88dda93328e16bdaac79157578933a98120b0434ffa4e147c976632d455
      • Opcode Fuzzy Hash: c385d6a221a1aea774de6d09b15fa4971cda1ae4352e6d6dfbd94c16b4d464fc
      • Instruction Fuzzy Hash: D921227104020E9EEF11DF20C848BEF3BA5EB55354F001626E98296842DBB64DA4DF19
      Function 00E5A50F Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 247fileCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 19 e5a50f-e5a513 20 e5a515-e5a522 19->20 21 e5a4b9-e5a4f7 19->21 23 e5a523-e5a531 20->23 34 e5a4fd 21->34 35 e5a509-e5a50a 21->35 24 e5a537 23->24 25 e5a53d-e5a543 23->25 24->25 27 e5a54d-e5a55f CreateFileA 25->27 28 e5a549-e5a54c 25->28 31 e5a565-e5a5af 27->31 32 e5a72c-e5a746 call e5a749 27->32 28->27 40 e5a5b5-e5a5d0 call e5a5be 31->40 34->35 38 e5a503-e5a508 34->38 35->23 38->35 43 e5a5d6 40->43 44 e5a5dc-e5a5fc 40->44 43->44 46 e5a604-e5a608 44->46 47 e5a602-e5a603 44->47 46->40 48 e5a60a-e5a63a 46->48 47->46 50 e5a63c-e5a64c 48->50 51 e5a6b8 48->51 54 e5a652 50->54 55 e5a66e-e5a68c 50->55 53 e5a6b9 51->53 56 e5a6ba-e5a6bb 53->56 54->55 57 e5a658 54->57 58 e5a694-e5a6aa 55->58 59 e5a692-e5a693 55->59 60 e5a6c1 56->60 61 e5a6dd-e5a84d 56->61 57->55 58->56 62 e5a6b0-e5a6b3 58->62 59->58 60->61 63 e5a6c7 60->63 65 e5a84f-e5a856 61->65 66 e5a858-e5a86c 61->66 62->53 63->61 65->66 67 e5a86d-e5a9c9 65->67 66->67 75 e5a9cb 67->75 75->75
      APIs
      • CreateFileA.KERNELBASE(?,00E5A48D,00EDDA64), ref: 00E5A55A
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID: CreateFile
      • String ID: #BFP
      • API String ID: 823142352-764755733
      • Opcode ID: 8db8fd64795d1c4f046e6a1e9cd6d0f006a55bbb3e7044746f04a8d4f31acde7
      • Instruction ID: a38aac82728c1781d782d7786288c9b507dfe8f4f29c395206d32011a9acd707
      • Opcode Fuzzy Hash: 8db8fd64795d1c4f046e6a1e9cd6d0f006a55bbb3e7044746f04a8d4f31acde7
      • Instruction Fuzzy Hash: 43617BB654C2556FD3018F685854BFA3BA8EB96332F2C1E7BEC41E7542E2914D0D9332
      Function 00E5A49C Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 242fileCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 76 e5a49c-e5a4f7 83 e5a4fd 76->83 84 e5a509-e5a531 76->84 83->84 85 e5a503-e5a508 83->85 87 e5a537 84->87 88 e5a53d-e5a543 84->88 85->84 87->88 89 e5a54d-e5a55f CreateFileA 88->89 90 e5a549-e5a54c 88->90 91 e5a565-e5a5af 89->91 92 e5a72c-e5a746 call e5a749 89->92 90->89 97 e5a5b5-e5a5d0 call e5a5be 91->97 100 e5a5d6 97->100 101 e5a5dc-e5a5fc 97->101 100->101 103 e5a604-e5a608 101->103 104 e5a602-e5a603 101->104 103->97 105 e5a60a-e5a63a 103->105 104->103 107 e5a63c-e5a64c 105->107 108 e5a6b8 105->108 111 e5a652 107->111 112 e5a66e-e5a68c 107->112 110 e5a6b9 108->110 113 e5a6ba-e5a6bb 110->113 111->112 114 e5a658 111->114 115 e5a694-e5a6aa 112->115 116 e5a692-e5a693 112->116 117 e5a6c1 113->117 118 e5a6dd-e5a84d 113->118 114->112 115->113 119 e5a6b0-e5a6b3 115->119 116->115 117->118 120 e5a6c7 117->120 122 e5a84f-e5a856 118->122 123 e5a858-e5a86c 118->123 119->110 120->118 122->123 124 e5a86d-e5a9c9 122->124 123->124 132 e5a9cb 124->132 132->132
      APIs
      • CreateFileA.KERNELBASE(?,00E5A48D,00EDDA64), ref: 00E5A55A
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID: CreateFile
      • String ID: #BFP
      • API String ID: 823142352-764755733
      • Opcode ID: d5e16789c041be992e1a029be4abfef8a23806a0f8045b9f1a29e57d24ae7bed
      • Instruction ID: 7394aba34c7f894e4d65e7cecaa8def0e23703ec972706609b3e339331c92d84
      • Opcode Fuzzy Hash: d5e16789c041be992e1a029be4abfef8a23806a0f8045b9f1a29e57d24ae7bed
      • Instruction Fuzzy Hash: D66159B614C2556FD301CA586854AFA3BA8EB96332F3D1E7AFC42E7542E2914D0D9333
      Function 00E5A4AF Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 237fileCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 133 e5a4af-e5a4b4 134 e5a4c5-e5a4f7 133->134 135 e5a4b6-e5a4c4 133->135 139 e5a4fd 134->139 140 e5a509-e5a531 134->140 135->134 139->140 141 e5a503-e5a508 139->141 143 e5a537 140->143 144 e5a53d-e5a543 140->144 141->140 143->144 145 e5a54d-e5a55f CreateFileA 144->145 146 e5a549-e5a54c 144->146 147 e5a565-e5a5af 145->147 148 e5a72c-e5a746 call e5a749 145->148 146->145 153 e5a5b5-e5a5d0 call e5a5be 147->153 156 e5a5d6 153->156 157 e5a5dc-e5a5fc 153->157 156->157 159 e5a604-e5a608 157->159 160 e5a602-e5a603 157->160 159->153 161 e5a60a-e5a63a 159->161 160->159 163 e5a63c-e5a64c 161->163 164 e5a6b8 161->164 167 e5a652 163->167 168 e5a66e-e5a68c 163->168 166 e5a6b9 164->166 169 e5a6ba-e5a6bb 166->169 167->168 170 e5a658 167->170 171 e5a694-e5a6aa 168->171 172 e5a692-e5a693 168->172 173 e5a6c1 169->173 174 e5a6dd-e5a84d 169->174 170->168 171->169 175 e5a6b0-e5a6b3 171->175 172->171 173->174 176 e5a6c7 173->176 178 e5a84f-e5a856 174->178 179 e5a858-e5a86c 174->179 175->166 176->174 178->179 180 e5a86d-e5a9c9 178->180 179->180 188 e5a9cb 180->188 188->188
      APIs
      • CreateFileA.KERNELBASE(?,00E5A48D,00EDDA64), ref: 00E5A55A
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID: CreateFile
      • String ID: #BFP
      • API String ID: 823142352-764755733
      • Opcode ID: b1558842cecb75b2b561f457fb592b65e6d888384d03ef0fc719f8ddfcf4d552
      • Instruction ID: 29a9497bb59f95ebf8b91a09c2b317d83412461b7e3341ab01e36fca6ad2f022
      • Opcode Fuzzy Hash: b1558842cecb75b2b561f457fb592b65e6d888384d03ef0fc719f8ddfcf4d552
      • Instruction Fuzzy Hash: FD616CB654C2516FD3028B589854AFA3BA8EB96332F2D1E7BEC42E7542E1914D0D9333
      Function 00E5A578 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 228fileCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 189 e5a578-e5a5af 192 e5a5b5-e5a5d0 call e5a5be 189->192 195 e5a5d6 192->195 196 e5a5dc-e5a5fc 192->196 195->196 198 e5a604-e5a608 196->198 199 e5a602-e5a603 196->199 198->192 200 e5a60a-e5a63a 198->200 199->198 202 e5a63c-e5a64c 200->202 203 e5a6b8 200->203 206 e5a652 202->206 207 e5a66e-e5a68c 202->207 205 e5a6b9 203->205 208 e5a6ba-e5a6bb 205->208 206->207 209 e5a658 206->209 210 e5a694-e5a6aa 207->210 211 e5a692-e5a693 207->211 212 e5a6c1 208->212 213 e5a6dd-e5a84d 208->213 209->207 210->208 214 e5a6b0-e5a6b3 210->214 211->210 212->213 215 e5a6c7 212->215 217 e5a84f-e5a856 213->217 218 e5a858-e5a86c 213->218 214->205 215->213 217->218 219 e5a86d-e5a9c9 217->219 218->219 227 e5a9cb 219->227 227->227
      APIs
      • CreateFileA.KERNELBASE(?,00E5A48D,00EDDA64), ref: 00E5A55A
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID: CreateFile
      • String ID: #BFP
      • API String ID: 823142352-764755733
      • Opcode ID: b9c2983c412280dd92f7adeb2ed22238653b4b626ceffca48477a1d9b14fbaa1
      • Instruction ID: d3a20c70ce0bd86f5f23e096c09ed6691cd999470fe70d6ad5a1d844ab6ffa20
      • Opcode Fuzzy Hash: b9c2983c412280dd92f7adeb2ed22238653b4b626ceffca48477a1d9b14fbaa1
      • Instruction Fuzzy Hash: 2761ADB654C2915FD3028B245850BFA3FB8EB86332F2C1ABBEC41E7443E1904D0D9362
      Function 00E5A4CF Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 226fileCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 228 e5a4cf-e5a4f7 230 e5a4fd 228->230 231 e5a509-e5a531 228->231 230->231 232 e5a503-e5a508 230->232 234 e5a537 231->234 235 e5a53d-e5a543 231->235 232->231 234->235 236 e5a54d-e5a55f CreateFileA 235->236 237 e5a549-e5a54c 235->237 238 e5a565-e5a5af 236->238 239 e5a72c-e5a746 call e5a749 236->239 237->236 244 e5a5b5-e5a5d0 call e5a5be 238->244 247 e5a5d6 244->247 248 e5a5dc-e5a5fc 244->248 247->248 250 e5a604-e5a608 248->250 251 e5a602-e5a603 248->251 250->244 252 e5a60a-e5a63a 250->252 251->250 254 e5a63c-e5a64c 252->254 255 e5a6b8 252->255 258 e5a652 254->258 259 e5a66e-e5a68c 254->259 257 e5a6b9 255->257 260 e5a6ba-e5a6bb 257->260 258->259 261 e5a658 258->261 262 e5a694-e5a6aa 259->262 263 e5a692-e5a693 259->263 264 e5a6c1 260->264 265 e5a6dd-e5a84d 260->265 261->259 262->260 266 e5a6b0-e5a6b3 262->266 263->262 264->265 267 e5a6c7 264->267 269 e5a84f-e5a856 265->269 270 e5a858-e5a86c 265->270 266->257 267->265 269->270 271 e5a86d-e5a9c9 269->271 270->271 279 e5a9cb 271->279 279->279
      APIs
      • CreateFileA.KERNELBASE(?,00E5A48D,00EDDA64), ref: 00E5A55A
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID: CreateFile
      • String ID: #BFP
      • API String ID: 823142352-764755733
      • Opcode ID: 4cf623479db256b4ae8ab0de4067099693c49303f1d9bdcc428aab43d717fcfa
      • Instruction ID: d53f0c66280b56594dc92193540f3e34862c975fdf4e7f7bc19af4b5e02ef1a0
      • Opcode Fuzzy Hash: 4cf623479db256b4ae8ab0de4067099693c49303f1d9bdcc428aab43d717fcfa
      • Instruction Fuzzy Hash: 77516CB654C2516FD3018A685854BFA3BA8EB96332F3C1E7AEC82E7542E1910D0D9333
      Function 00E5A4E4 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 221fileCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 280 e5a4e4-e5a4f7 282 e5a4fd 280->282 283 e5a509-e5a531 280->283 282->283 284 e5a503-e5a508 282->284 286 e5a537 283->286 287 e5a53d-e5a543 283->287 284->283 286->287 288 e5a54d-e5a55f CreateFileA 287->288 289 e5a549-e5a54c 287->289 290 e5a565-e5a5af 288->290 291 e5a72c-e5a746 call e5a749 288->291 289->288 296 e5a5b5-e5a5d0 call e5a5be 290->296 299 e5a5d6 296->299 300 e5a5dc-e5a5fc 296->300 299->300 302 e5a604-e5a608 300->302 303 e5a602-e5a603 300->303 302->296 304 e5a60a-e5a63a 302->304 303->302 306 e5a63c-e5a64c 304->306 307 e5a6b8 304->307 310 e5a652 306->310 311 e5a66e-e5a68c 306->311 309 e5a6b9 307->309 312 e5a6ba-e5a6bb 309->312 310->311 313 e5a658 310->313 314 e5a694-e5a6aa 311->314 315 e5a692-e5a693 311->315 316 e5a6c1 312->316 317 e5a6dd-e5a84d 312->317 313->311 314->312 318 e5a6b0-e5a6b3 314->318 315->314 316->317 319 e5a6c7 316->319 321 e5a84f-e5a856 317->321 322 e5a858-e5a86c 317->322 318->309 319->317 321->322 323 e5a86d-e5a9c9 321->323 322->323 331 e5a9cb 323->331 331->331
      APIs
      • CreateFileA.KERNELBASE(?,00E5A48D,00EDDA64), ref: 00E5A55A
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID: CreateFile
      • String ID: #BFP
      • API String ID: 823142352-764755733
      • Opcode ID: c470b0e5e6973e52225828caac3dfc6356c94bee0bc123cdc95f50e98caa87a0
      • Instruction ID: eda53c85ca0ae67c9050e97869713aef3e51dc7403c198503f807ba83036fba4
      • Opcode Fuzzy Hash: c470b0e5e6973e52225828caac3dfc6356c94bee0bc123cdc95f50e98caa87a0
      • Instruction Fuzzy Hash: 44518DB654C2556FD7018B685854BFA3BA8EB96332F3C1E7AEC42E7542E2910D0D9333
      Function 00E55D10 Relevance: 1.6, APIs: 1, Instructions: 107libraryCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 360 e55d10-e55d16 LoadLibraryA 361 e55d2a-e55d3b 360->361 364 e55d41-e55d48 361->364 365 e55d49-e55e77 361->365 364->365
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID: LibraryLoad
      • String ID:
      • API String ID: 1029625771-0
      • Opcode ID: da1b3d0f0df86345cb7536d774436ee5061cae09a6ac189dfb7f80a1b0db6e0c
      • Instruction ID: 9c8b10772a19c09a5f6e0cf00e43704976339c1e901dc09ed143a4afeb420c36
      • Opcode Fuzzy Hash: da1b3d0f0df86345cb7536d774436ee5061cae09a6ac189dfb7f80a1b0db6e0c
      • Instruction Fuzzy Hash: 893116F250D600EFE309AF19DC857BAFBE9EB88721F128D2DE6C582654E73548408B57
      Function 00E55E7F Relevance: 1.6, APIs: 1, Instructions: 105libraryCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 367 e55e7f-e55e81 LoadLibraryA 368 e55e87 367->368 369 e55e96-e55e97 367->369 368->369 370 e55eb3-e55feb 369->370 371 e55e9d 369->371 377 e55fec 370->377 371->370 377->377
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID: LibraryLoad
      • String ID:
      • API String ID: 1029625771-0
      • Opcode ID: a586f019c54c649bbc5d03d53ad9bc3b9c7f66e59cb00749f267ca683f31588e
      • Instruction ID: 12cbc483b70435a7a9eaa3097477529c1bc9a632e3c7dff659650a2aa17724c0
      • Opcode Fuzzy Hash: a586f019c54c649bbc5d03d53ad9bc3b9c7f66e59cb00749f267ca683f31588e
      • Instruction Fuzzy Hash: 6B316DF250C700EFE3056F59D88267EFBE4FF98321F12482EE6C592210D67595548A53
      Function 00EB7EC5 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 378 eb7ec5-eb7ed4 379 eb7eda 378->379 380 eb7ee0-eb7ef4 378->380 379->380 382 eb7efa-eb7f04 380->382 383 eb7fb2-eb7fb4 380->383 384 eb7f0a-eb7f14 382->384 385 eb7fa1-eb7fad 382->385 384->385 386 eb7f1a-eb7f24 384->386 385->380 386->385 387 eb7f2a-eb7f39 386->387 389 eb7f3f 387->389 390 eb7f44-eb7f49 387->390 389->385 390->385 391 eb7f4f-eb7f5e 390->391 391->385 392 eb7f64-eb7f7b GetModuleFileNameA 391->392 392->385 393 eb7f81-eb7f8f call eb7e21 392->393 396 eb7f9a-eb7f9c 393->396 397 eb7f95 393->397 396->383 397->385
      APIs
      • GetModuleFileNameA.KERNELBASE(?,?,0000028A,?,00000000), ref: 00EB7F72
      Memory Dump Source
      • Source File: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID: FileModuleName
      • String ID:
      • API String ID: 514040917-0
      • Opcode ID: b1c3164eefd40c63ee13b4034e9b966543b0072ef6e06230d29d36790fb020c6
      • Instruction ID: 6d123522e66d7dc0b62cf1ccffb94b9f4879d9adc09b011b28f8989a67aeeab7
      • Opcode Fuzzy Hash: b1c3164eefd40c63ee13b4034e9b966543b0072ef6e06230d29d36790fb020c6
      • Instruction Fuzzy Hash: 5311B171B092299FEB208A148C48BFBB77CEF84758F1560A5E8C5B2541D770DD818AE9
      Function 050D0D41 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 398 50d0d41-50d0d97 400 50d0d9f-50d0da3 398->400 401 50d0d99-50d0d9c 398->401 402 50d0dab-50d0dda OpenSCManagerW 400->402 403 50d0da5-50d0da8 400->403 401->400 404 50d0ddc-50d0de2 402->404 405 50d0de3-50d0df7 402->405 403->402 404->405
      APIs
      • OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 050D0DCD
      Memory Dump Source
      • Source File: 00000000.00000002.2430240732.00000000050D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050D0000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_50d0000_jPJaszTDNt.jbxd
      Similarity
      • API ID: ManagerOpen
      • String ID:
      • API String ID: 1889721586-0
      • Opcode ID: d497b0fb30b4c801abdd06606d090c5710d18405cd14ac2b1ac338c1c382bafb
      • Instruction ID: 61fd3b45370834161e582e00d8f619efafdf353ad3f10c0c036ce74325d9c362
      • Opcode Fuzzy Hash: d497b0fb30b4c801abdd06606d090c5710d18405cd14ac2b1ac338c1c382bafb
      • Instruction Fuzzy Hash: FC2138B6D016099FDB50CF99E888BDEFBF1FF88720F14811AD908AB205D774A545CBA4
      Function 050D0D48 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 407 50d0d48-50d0d97 409 50d0d9f-50d0da3 407->409 410 50d0d99-50d0d9c 407->410 411 50d0dab-50d0dda OpenSCManagerW 409->411 412 50d0da5-50d0da8 409->412 410->409 413 50d0ddc-50d0de2 411->413 414 50d0de3-50d0df7 411->414 412->411 413->414
      APIs
      • OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 050D0DCD
      Memory Dump Source
      • Source File: 00000000.00000002.2430240732.00000000050D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050D0000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_50d0000_jPJaszTDNt.jbxd
      Similarity
      • API ID: ManagerOpen
      • String ID:
      • API String ID: 1889721586-0
      • Opcode ID: eeda12270d684266a1758d3a0bf7dd86d6f1ec87348153cd49d1d3fc82a5be32
      • Instruction ID: 6f3e11d3d80c16bab3ddcf6004bb0519f12ec50482696f0e1693c130cfb2d2c9
      • Opcode Fuzzy Hash: eeda12270d684266a1758d3a0bf7dd86d6f1ec87348153cd49d1d3fc82a5be32
      • Instruction Fuzzy Hash: 092104B6C016199FCB50CF9AE884ADEFBF5FB88720F14811AD909AB205D774A544CBA4
      Function 050D1509 Relevance: 1.6, APIs: 1, Instructions: 56serviceCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 416 50d1509-50d1550 417 50d1558-50d158d ControlService 416->417 418 50d158f-50d1595 417->418 419 50d1596-50d15b7 417->419 418->419
      APIs
      • ControlService.ADVAPI32(?,?,?), ref: 050D1580
      Memory Dump Source
      • Source File: 00000000.00000002.2430240732.00000000050D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050D0000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_50d0000_jPJaszTDNt.jbxd
      Similarity
      • API ID: ControlService
      • String ID:
      • API String ID: 253159669-0
      • Opcode ID: 4f4c1a3e57c19528e4659e545cd42e1d99c7f7d1a319c50b14488fdaf589454d
      • Instruction ID: 42cfc74992802143c3d79f4672c1b50231b27982a1119bc35e9ec85d54a2a288
      • Opcode Fuzzy Hash: 4f4c1a3e57c19528e4659e545cd42e1d99c7f7d1a319c50b14488fdaf589454d
      • Instruction Fuzzy Hash: 2721F2B1904249DFDB10CF9AD584BDEFBF4BB48360F10802AE919A7250D778AA44CFA5
      Function 050D1510 Relevance: 1.6, APIs: 1, Instructions: 54serviceCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 421 50d1510-50d158d ControlService 423 50d158f-50d1595 421->423 424 50d1596-50d15b7 421->424 423->424
      APIs
      • ControlService.ADVAPI32(?,?,?), ref: 050D1580
      Memory Dump Source
      • Source File: 00000000.00000002.2430240732.00000000050D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050D0000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_50d0000_jPJaszTDNt.jbxd
      Similarity
      • API ID: ControlService
      • String ID:
      • API String ID: 253159669-0
      • Opcode ID: f47b6387ec5fd42c4df7ad3b73a5cb0eeab2b411036b356f4f95829f9819633c
      • Instruction ID: ba2e81b86261a831338a3aa72a8069aea5a68abcc05f00e29f1f76e6a978993c
      • Opcode Fuzzy Hash: f47b6387ec5fd42c4df7ad3b73a5cb0eeab2b411036b356f4f95829f9819633c
      • Instruction Fuzzy Hash: 8311D3B1900749DFDB10CF9AD584BDEFBF4BB48324F108029E959A3250D778A644CFA5
      Function 050D1301 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
      Download Yara Rule
      APIs
      • ImpersonateLoggedOnUser.KERNELBASE ref: 050D1367
      Memory Dump Source
      • Source File: 00000000.00000002.2430240732.00000000050D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050D0000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_50d0000_jPJaszTDNt.jbxd
      Similarity
      • API ID: ImpersonateLoggedUser
      • String ID:
      • API String ID: 2216092060-0
      • Opcode ID: 0eaf95323306b406ecbcf874938ec1868eac565cbd6d4da8d680a4f334b7fb49
      • Instruction ID: 9939c92a262199f82fed9252868525f54180fe5998b83b848b5d151aba4d32a5
      • Opcode Fuzzy Hash: 0eaf95323306b406ecbcf874938ec1868eac565cbd6d4da8d680a4f334b7fb49
      • Instruction Fuzzy Hash: D81143B1800349CFDB20DF9AD584BDEFBF4EF48324F20842AD518A3250D778A544CBA0
      Function 050D1308 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
      Download Yara Rule
      APIs
      • ImpersonateLoggedOnUser.KERNELBASE ref: 050D1367
      Memory Dump Source
      • Source File: 00000000.00000002.2430240732.00000000050D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050D0000, based on PE: false
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_50d0000_jPJaszTDNt.jbxd
      Similarity
      • API ID: ImpersonateLoggedUser
      • String ID:
      • API String ID: 2216092060-0
      • Opcode ID: c0266d2e44ff1f49dfa91c01a72132840bf93a3fdd53722ebf36bb59d2c55ea1
      • Instruction ID: bfa143c4b017aa6676f6b5237c4f81c417a8d94b0751d7978a9a68a1866afe57
      • Opcode Fuzzy Hash: c0266d2e44ff1f49dfa91c01a72132840bf93a3fdd53722ebf36bb59d2c55ea1
      • Instruction Fuzzy Hash: D51122B1800349CFDB20CF9AD544BDEFBF8AB48324F20842AD918A3250D778A944CBA5
      Function 00EB7AEF Relevance: 1.3, APIs: 1, Instructions: 37memoryCOMMON
      Download Yara Rule
      APIs
      • VirtualAlloc.KERNELBASE(00000000,00001000,00001000,00000004,?,?,00EB7AEB,?,?,00EB77F1,?,?,00EB77F1,?,?,00EB77F1), ref: 00EB7B0F
      Memory Dump Source
      • Source File: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID: AllocVirtual
      • String ID:
      • API String ID: 4275171209-0
      • Opcode ID: 3867205b9684a38e1d9a6d125843156c62b97a41d008a7ec28de1301ded7c496
      • Instruction ID: bcf4c375f0aab4a01dd94901828c97a95f0f09ec1795f0a86fdb1785f467bc78
      • Opcode Fuzzy Hash: 3867205b9684a38e1d9a6d125843156c62b97a41d008a7ec28de1301ded7c496
      • Instruction Fuzzy Hash: AAF0A4B190820AEFD7248F14CD05B99BBA5FF89765F118065F58ABB591D3B198C0CF50
      Function 00CDE605 Relevance: 1.3, APIs: 1, Instructions: 18memoryCOMMON
      Download Yara Rule
      APIs
      • VirtualAlloc.KERNELBASE(00000000), ref: 00CDF0F8
      Memory Dump Source
      • Source File: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID: AllocVirtual
      • String ID:
      • API String ID: 4275171209-0
      • Opcode ID: 43f305ae42442af69a562bb2fba480976a641c1f36608caf0f3d41b61f1b855b
      • Instruction ID: a5d03cc23b592d8c23a5740e6717f70ef630bb9f17d3367693cfcdad6ee08cea
      • Opcode Fuzzy Hash: 43f305ae42442af69a562bb2fba480976a641c1f36608caf0f3d41b61f1b855b
      • Instruction Fuzzy Hash: 01E0767501C505CFE341BE28C88A7AEBBE0EB28300F120929DAC6C2610E231A860CA56

      Non-executed Functions

      Function 00E6CF82 Relevance: .3, Instructions: 303COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 5d6f52c00a57e98f41cf3085c022cc6b5dd12773a930ec96c48df2adf8be8607
      • Instruction ID: 27979bab0f1336266727e33eb4b574d935589f3522915301e378779160d2067a
      • Opcode Fuzzy Hash: 5d6f52c00a57e98f41cf3085c022cc6b5dd12773a930ec96c48df2adf8be8607
      • Instruction Fuzzy Hash: 5EB100B250D3C08FD3039B3498556AABFF1EF97350F2A89AED1D58B263D2244446C7A3
      Function 00E6D05A Relevance: .2, Instructions: 244COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: ab72b5ece4e67e79f6455294614022b71975de4769b55e2c5f7f8e8104cfae26
      • Instruction ID: 11ebd7087c2a58619184c40c6feeee33492b6743c4324e390db76c83a969bea2
      • Opcode Fuzzy Hash: ab72b5ece4e67e79f6455294614022b71975de4769b55e2c5f7f8e8104cfae26
      • Instruction Fuzzy Hash: BF91D0B250D3809FD3069B349C55AAABFF0EF96310F1A89AED1D58B263D2344446CB63
      Function 00E868E9 Relevance: .2, Instructions: 170COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 214ad3f41ca9701588f1cc66dd48156e9360ec7814e06ce51289ada941ff5036
      • Instruction ID: 7478c90ec856b424f7435dddf141bb4e120964c1802342da658324fde22eab06
      • Opcode Fuzzy Hash: 214ad3f41ca9701588f1cc66dd48156e9360ec7814e06ce51289ada941ff5036
      • Instruction Fuzzy Hash: F45100F240C604DFD305BE29DD406BABBE9EBD8310F25992EE5CEE2344E63549459783
      Function 00E6D164 Relevance: .1, Instructions: 127COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: aded3f2e461925d5408bae3a3376687c79ae351bfd90ebadb1e0b29749960027
      • Instruction ID: ee108439baa98cb48b449003c95d6b362e642a5e8f788c1315bbdc012773016e
      • Opcode Fuzzy Hash: aded3f2e461925d5408bae3a3376687c79ae351bfd90ebadb1e0b29749960027
      • Instruction Fuzzy Hash: 9E412EB250D600AFE305AF29E841ABEFBE9FF95760F26892EE6C5D2210D3714441CB57
      Function 00E6D1BA Relevance: .1, Instructions: 118COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 7853ac775bb9cbe8a6223e677b2fac7085ff07a8dec61bbbdb826567338cbd0b
      • Instruction ID: 9530ab8b70ea9da067a532c10d6b46f438fe9fe3429012db9b6178e28fa5f7ad
      • Opcode Fuzzy Hash: 7853ac775bb9cbe8a6223e677b2fac7085ff07a8dec61bbbdb826567338cbd0b
      • Instruction Fuzzy Hash: 754108B250D600AFD306AF29D88166AFBE5FFA8710F16892EE6C5D3221D3314881CB57
      Function 00E6D17D Relevance: .1, Instructions: 117COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: feaac20e851ff830f53e2efdff2e3c6bbc9dbedf83cca141a6a60285d3d464b9
      • Instruction ID: a8cd476ba2289cdc642fcc99ab1c403f138e9af49fe3dca97eb44e1293e7d59d
      • Opcode Fuzzy Hash: feaac20e851ff830f53e2efdff2e3c6bbc9dbedf83cca141a6a60285d3d464b9
      • Instruction Fuzzy Hash: 7D411AB250D600AFE305AF29E8816AEFBE9FF99720F16892DE6D5D3210D3714841CB57
      Function 00E6D19A Relevance: .1, Instructions: 115COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 1476a83fda443b544b76e831f7d946cdaaaeec02eca4d9af834de759e2b4718c
      • Instruction ID: cf01c669f11d7467439ddc8653f98a78bb90b96bf2f2eb21095dd5e4ae1557f3
      • Opcode Fuzzy Hash: 1476a83fda443b544b76e831f7d946cdaaaeec02eca4d9af834de759e2b4718c
      • Instruction Fuzzy Hash: 644116B250D600EFE305AF29D885AAAFBF5FF99710F16892EE6C593250D3304841CB57
      Function 00E6D4F7 Relevance: .1, Instructions: 110COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 7fc548dc6a2b3577fce42843265e0f0bf9f36a52277a116682f5cc820fc22373
      • Instruction ID: 78c8ad1f09fd86f99d13b60bc4416c02da49f5f98d443a3bb82c97d876574b87
      • Opcode Fuzzy Hash: 7fc548dc6a2b3577fce42843265e0f0bf9f36a52277a116682f5cc820fc22373
      • Instruction Fuzzy Hash: E1312CB250C200AFE305AF29D885BAEFBE5EF98750F16892DE6C5C3650D73598108A57
      Function 00E6AC8E Relevance: .0, Instructions: 21COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.2427887309.0000000000E6A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00CD0000, based on PE: true
      • Associated: 00000000.00000002.2427085472.0000000000CD0000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427100944.0000000000CD2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427362363.0000000000CD6000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427380735.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427503778.0000000000CE6000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427689069.0000000000E42000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427702487.0000000000E45000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427723001.0000000000E53000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427736793.0000000000E54000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427752928.0000000000E55000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427766132.0000000000E56000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E57000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427780407.0000000000E5E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427812060.0000000000E63000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427827172.0000000000E64000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427845468.0000000000E66000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427860053.0000000000E68000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427873384.0000000000E69000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427906370.0000000000E76000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427924040.0000000000E7B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427944551.0000000000E93000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427959907.0000000000E95000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427973471.0000000000E96000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2427992820.0000000000EA5000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428014618.0000000000EB2000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428028582.0000000000EB3000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428046869.0000000000EB5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428061289.0000000000EB6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428078660.0000000000EB8000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428096542.0000000000EBB000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428113224.0000000000EC5000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428126983.0000000000EC6000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428140237.0000000000EC7000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428167425.0000000000ED2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428186824.0000000000ED3000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428203444.0000000000ED7000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428218974.0000000000EDF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428233471.0000000000EE4000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428250600.0000000000EEC000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428264612.0000000000EEE000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428277117.0000000000EEF000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428290438.0000000000EF2000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428305523.0000000000F01000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428319974.0000000000F03000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428338240.0000000000F0C000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428351323.0000000000F0D000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428380072.0000000000F5A000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428392950.0000000000F5B000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F67000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428407063.0000000000F6D000.00000080.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428441018.0000000000F7E000.00000040.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.2428454171.0000000000F80000.00000080.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_cd0000_jPJaszTDNt.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 7419313d3d3f54654cdb96e51a5667f2c5f19a526757df77f0d874ebc43c5fb1
      • Instruction ID: c517c80bb457d6ceb38eb529372b3e3c0122c090eea49103e0928e1bc1b157b4
      • Opcode Fuzzy Hash: 7419313d3d3f54654cdb96e51a5667f2c5f19a526757df77f0d874ebc43c5fb1
      • Instruction Fuzzy Hash: 4FE04F360141419BC7009F54D84599FFBF8FF1A321F249945E444D7722C2754C41CB2A